npm - solidity-argus - Versions diffs - 0.3.7 → 0.5.7 - Mend

solidity-argus 0.3.7 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/AGENTS.md +13 -6
package/README.md +24 -12
package/package.json +7 -3
package/skills/checklists/cyfrin-best-practices-runtime/SKILL.md +1 -0
package/skills/checklists/cyfrin-best-practices-upgrades/SKILL.md +1 -0
package/skills/checklists/cyfrin-defi-core/SKILL.md +1 -0
package/skills/checklists/cyfrin-defi-integrations/SKILL.md +1 -0
package/skills/checklists/cyfrin-gas/SKILL.md +1 -0
package/skills/checklists/general-audit/SKILL.md +1 -0
package/skills/methodology/audit-workflow/SKILL.md +1 -0
package/skills/methodology/report-template/SKILL.md +1 -0
package/skills/methodology/severity-classification/SKILL.md +1 -0
package/skills/protocol-patterns/amm-dex/SKILL.md +1 -0
package/skills/protocol-patterns/bridges-cross-chain/SKILL.md +1 -0
package/skills/protocol-patterns/dao-governance/SKILL.md +1 -0
package/skills/protocol-patterns/lending-borrowing/SKILL.md +1 -0
package/skills/protocol-patterns/staking-vesting/SKILL.md +1 -0
package/skills/vulnerability-patterns/flash-loan-attacks/SKILL.md +0 -50
package/skills/vulnerability-patterns/oracle-manipulation/SKILL.md +0 -63
package/src/agents/argus-prompt.ts +98 -33
package/src/agents/pythia-prompt.ts +24 -2
package/src/agents/scribe-prompt.ts +34 -10
package/src/agents/sentinel-prompt.ts +19 -0
package/src/agents/themis-prompt.ts +110 -0
package/src/cli/commands/doctor.ts +29 -17
package/src/cli/commands/install.ts +74 -33
package/src/config/loader.ts +29 -5
package/src/config/schema.ts +45 -45
package/src/constants/defaults.ts +1 -0
package/src/create-hooks.ts +806 -173
package/src/create-managers.ts +4 -2
package/src/create-tools.ts +5 -1
package/src/features/audit-enforcer/audit-enforcer.ts +1 -11
package/src/features/background-agent/background-manager.ts +32 -5
package/src/features/error-recovery/tool-error-recovery.ts +1 -0
package/src/features/persistent-state/audit-state-manager.ts +272 -29
package/src/features/persistent-state/event-sink.ts +96 -25
package/src/features/persistent-state/findings-materializer.ts +68 -2
package/src/features/persistent-state/global-run-index.ts +86 -8
package/src/features/persistent-state/index.ts +7 -1
package/src/features/persistent-state/run-finalizer.ts +116 -7
package/src/features/persistent-state/run-pruner.ts +93 -0
package/src/hooks/agent-tracker.ts +14 -2
package/src/hooks/compaction-hook.ts +7 -16
package/src/hooks/config-handler.ts +83 -29
package/src/hooks/context-budget.ts +4 -5
package/src/hooks/event-hook.ts +213 -57
package/src/hooks/knowledge-sync-hook.ts +2 -3
package/src/hooks/safe-create-hook.ts +13 -1
package/src/hooks/system-prompt-hook.ts +20 -39
package/src/hooks/tool-tracking-hook.ts +602 -323
package/src/index.ts +15 -1
package/src/knowledge/scvd-client.ts +2 -4
package/src/knowledge/scvd-errors.ts +25 -2
package/src/knowledge/scvd-index.ts +7 -5
package/src/knowledge/scvd-sync.ts +6 -6
package/src/managers/types.ts +20 -2
package/src/shared/agent-names.ts +23 -0
package/src/shared/audit-artifact-resolver.ts +8 -3
package/src/shared/audit-phases.ts +12 -0
package/src/shared/cache-paths.ts +41 -0
package/src/shared/drop-diagnostics.ts +2 -2
package/src/shared/forge-errors.ts +31 -0
package/src/shared/forge-runner.ts +30 -0
package/src/shared/format-error.ts +3 -0
package/src/shared/index.ts +9 -0
package/src/shared/key-tools.ts +39 -0
package/src/shared/logger.ts +7 -7
package/src/shared/path-containment.ts +25 -0
package/src/shared/path-utils.ts +11 -0
package/src/shared/report-path-resolver.ts +4 -2
package/src/shared/safe-emit.ts +24 -0
package/src/shared/token-utils.ts +5 -0
package/src/shared/type-guards.ts +8 -0
package/src/shared/validation-constants.ts +52 -0
package/src/skills/analysis/cluster.ts +1 -114
package/src/skills/analysis/normalize.ts +2 -114
package/src/skills/analysis/stopwords.ts +109 -0
package/src/skills/argus-skill-resolver.ts +6 -3
package/src/solodit-lifecycle.ts +153 -37
package/src/state/adapters.ts +60 -66
package/src/state/finding-aggregation.ts +6 -8
package/src/state/finding-fingerprint.ts +1 -1
package/src/state/finding-store.ts +31 -9
package/src/state/index.ts +1 -1
package/src/state/projectors.ts +27 -19
package/src/state/schemas.ts +8 -32
package/src/state/types.ts +3 -0
package/src/tools/contract-analyzer-tool.ts +4 -6
package/src/tools/forge-coverage-tool.ts +10 -35
package/src/tools/forge-fuzz-tool.ts +21 -51
package/src/tools/forge-test-tool.ts +25 -47
package/src/tools/gas-analysis-tool.ts +12 -41
package/src/tools/pattern-checker-tool.ts +37 -15
package/src/tools/pattern-loader.ts +18 -4
package/src/tools/persist-deduped-tool.ts +94 -0
package/src/tools/proxy-detection-tool.ts +35 -34
package/src/tools/read-findings-tool.ts +390 -0
package/src/tools/record-finding-tool.ts +130 -25
package/src/tools/report-generator-tool.ts +475 -327
package/src/tools/report-preflight.ts +5 -1
package/src/tools/slither-tool.ts +55 -16
package/src/tools/solodit-search-tool.ts +260 -112
package/src/tools/sync-knowledge-tool.ts +2 -3
package/src/utils/solidity-parser.ts +39 -24
package/src/features/migration/index.ts +0 -14
package/src/features/migration/migration-adapter.ts +0 -151
package/src/features/migration/parity-telemetry.ts +0 -133

package/src/skills/analysis/cluster.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { tokenJaccard } from "./similarity"
+import { STOPWORDS } from "./stopwords"
-/** Input finding from the PDF extraction pipeline */
 export interface ClusterFinding {
   title: string
   severity: string
@@ -10,7 +10,6 @@ export interface ClusterFinding {
   source_name?: string
 }
-/** A single cluster of related findings */
 export interface FindingCluster {
   id: number
   category: string
@@ -22,14 +21,12 @@ export interface FindingCluster {
   size: number
 }
-/** Configuration for clustering */
 export interface ClusterConfig {
   linkThreshold: number
   cohesionMinSimilarity: number
   minClusterSize: number
 }
-/** Full clustering result */
 export interface ClusterResult {
   clusters: FindingCluster[]
   singletons: ClusterFinding[]
@@ -49,116 +46,6 @@ export const DEFAULT_CLUSTER_CONFIG: ClusterConfig = {
   minClusterSize: 2,
 }
-const STOPWORDS = new Set([
-  "the",
-  "a",
-  "an",
-  "is",
-  "are",
-  "was",
-  "were",
-  "be",
-  "been",
-  "being",
-  "have",
-  "has",
-  "had",
-  "do",
-  "does",
-  "did",
-  "will",
-  "would",
-  "shall",
-  "should",
-  "may",
-  "might",
-  "can",
-  "could",
-  "of",
-  "in",
-  "to",
-  "for",
-  "with",
-  "on",
-  "at",
-  "by",
-  "from",
-  "as",
-  "into",
-  "through",
-  "during",
-  "before",
-  "after",
-  "above",
-  "below",
-  "between",
-  "out",
-  "off",
-  "over",
-  "under",
-  "again",
-  "further",
-  "then",
-  "once",
-  "here",
-  "there",
-  "where",
-  "when",
-  "how",
-  "all",
-  "each",
-  "every",
-  "both",
-  "few",
-  "more",
-  "most",
-  "other",
-  "some",
-  "such",
-  "no",
-  "nor",
-  "not",
-  "only",
-  "own",
-  "same",
-  "than",
-  "too",
-  "very",
-  "and",
-  "but",
-  "or",
-  "if",
-  "this",
-  "that",
-  "these",
-  "those",
-  "it",
-  "its",
-  "contract",
-  "function",
-  "solidity",
-  "smart",
-  "vulnerability",
-  "attack",
-  "attacker",
-  "token",
-  "address",
-  "value",
-  "state",
-  "require",
-  "modifier",
-  "external",
-  "internal",
-  "public",
-  "private",
-  "mapping",
-  "uint256",
-  "bool",
-  "returns",
-  "event",
-  "emit",
-])
 class UnionFind {
   parent: number[]
   rank: number[]

package/src/skills/analysis/normalize.ts CHANGED Viewed

@@ -1,4 +1,6 @@
+import { isRecord } from "../../shared/type-guards"
 import { parseFrontmatter } from "../skill-schema"
+import { STOPWORDS } from "./stopwords"
 export interface SkillDoc {
   name: string
@@ -11,116 +13,6 @@ export interface SkillDoc {
   ruleTokens: string[]
 }
-const STOPWORDS = new Set([
-  "the",
-  "a",
-  "an",
-  "is",
-  "are",
-  "was",
-  "were",
-  "be",
-  "been",
-  "being",
-  "have",
-  "has",
-  "had",
-  "do",
-  "does",
-  "did",
-  "will",
-  "would",
-  "shall",
-  "should",
-  "may",
-  "might",
-  "can",
-  "could",
-  "of",
-  "in",
-  "to",
-  "for",
-  "with",
-  "on",
-  "at",
-  "by",
-  "from",
-  "as",
-  "into",
-  "through",
-  "during",
-  "before",
-  "after",
-  "above",
-  "below",
-  "between",
-  "out",
-  "off",
-  "over",
-  "under",
-  "again",
-  "further",
-  "then",
-  "once",
-  "here",
-  "there",
-  "where",
-  "when",
-  "how",
-  "all",
-  "each",
-  "every",
-  "both",
-  "few",
-  "more",
-  "most",
-  "other",
-  "some",
-  "such",
-  "no",
-  "nor",
-  "not",
-  "only",
-  "own",
-  "same",
-  "than",
-  "too",
-  "very",
-  "and",
-  "but",
-  "or",
-  "if",
-  "this",
-  "that",
-  "these",
-  "those",
-  "it",
-  "its",
-  "contract",
-  "function",
-  "solidity",
-  "smart",
-  "vulnerability",
-  "attack",
-  "attacker",
-  "token",
-  "address",
-  "value",
-  "state",
-  "require",
-  "modifier",
-  "external",
-  "internal",
-  "public",
-  "private",
-  "mapping",
-  "uint256",
-  "bool",
-  "returns",
-  "event",
-  "emit",
-])
 function stripFrontmatter(content: string): string {
   return content.replace(/^---[ \t]*\r?\n[\s\S]*?\r?\n---[ \t]*\r?\n?/, "")
 }
@@ -147,10 +39,6 @@ function tokenize(text: string): string[] {
     .filter((token) => !STOPWORDS.has(token))
 }
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null
-}
 function extractDetectionRules(frontmatter: Record<string, unknown>): string[] {
   const rawRules = frontmatter.detection_rules
   if (!Array.isArray(rawRules)) return []

package/src/skills/analysis/stopwords.ts ADDED Viewed

@@ -0,0 +1,109 @@
+export const STOPWORDS = new Set([
+  "the",
+  "a",
+  "an",
+  "is",
+  "are",
+  "was",
+  "were",
+  "be",
+  "been",
+  "being",
+  "have",
+  "has",
+  "had",
+  "do",
+  "does",
+  "did",
+  "will",
+  "would",
+  "shall",
+  "should",
+  "may",
+  "might",
+  "can",
+  "could",
+  "of",
+  "in",
+  "to",
+  "for",
+  "with",
+  "on",
+  "at",
+  "by",
+  "from",
+  "as",
+  "into",
+  "through",
+  "during",
+  "before",
+  "after",
+  "above",
+  "below",
+  "between",
+  "out",
+  "off",
+  "over",
+  "under",
+  "again",
+  "further",
+  "then",
+  "once",
+  "here",
+  "there",
+  "where",
+  "when",
+  "how",
+  "all",
+  "each",
+  "every",
+  "both",
+  "few",
+  "more",
+  "most",
+  "other",
+  "some",
+  "such",
+  "no",
+  "nor",
+  "not",
+  "only",
+  "own",
+  "same",
+  "than",
+  "too",
+  "very",
+  "and",
+  "but",
+  "or",
+  "if",
+  "this",
+  "that",
+  "these",
+  "those",
+  "it",
+  "its",
+  "contract",
+  "function",
+  "solidity",
+  "smart",
+  "vulnerability",
+  "attack",
+  "attacker",
+  "token",
+  "address",
+  "value",
+  "state",
+  "require",
+  "modifier",
+  "external",
+  "internal",
+  "public",
+  "private",
+  "mapping",
+  "uint256",
+  "bool",
+  "returns",
+  "event",
+  "emit",
+])

package/src/skills/argus-skill-resolver.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { type Dirent, existsSync, readdirSync, readFileSync } from "node:fs"
 import { homedir } from "node:os"
 import { basename, extname, join, resolve } from "node:path"
 import type { ArgusConfig } from "../config/types"
+import { getTrailOfBitsCacheDir } from "../shared/cache-paths"
 import { createLogger } from "../shared/logger"
 import { parseFrontmatter, validateSkillFrontmatter } from "./skill-schema"
@@ -21,8 +22,6 @@ const OMO_PROJECT_SKILLS_DIR = [".opencode", "skills"]
 const OMO_GLOBAL_SKILLS_DIR = [".config", "opencode", "skills"]
 const CLAUDE_PROJECT_SKILLS_DIR = [".claude", "skills"]
 const CLAUDE_GLOBAL_SKILLS_DIR = [".claude", "skills"]
-const TOB_CACHE_DIR = join(homedir(), ".cache", "solidity-argus", "trailofbits-skills")
 const SKILL_NAME_ALIASES: Record<string, string> = {
   "vulnerability-patterns/reentrancy": "reentrancy",
   "vulnerability-patterns/oracle-manipulation": "oracle-manipulation",
@@ -55,6 +54,9 @@ function parseSkillDescriptionFromFrontmatter(content: string): string {
   return raw.replace(/^"|"$/g, "")
 }
+/** Filenames that are never skills — exclude from resolution and health checks. */
+const NON_SKILL_FILENAMES = new Set(["README.md", "INVENTORY.md", "CHANGELOG.md", "LICENSE.md"])
 function collectMarkdownFiles(root: string, maxDepth = 8): string[] {
   if (!existsSync(root)) return []
@@ -82,6 +84,7 @@ function collectMarkdownFiles(root: string, maxDepth = 8): string[] {
       if (!entry.isFile()) continue
       if (extname(entry.name).toLowerCase() !== ".md") continue
+      if (NON_SKILL_FILENAMES.has(entry.name)) continue
       files.push(fullPath)
     }
   }
@@ -90,7 +93,7 @@ function collectMarkdownFiles(root: string, maxDepth = 8): string[] {
 }
 function getTrailOfBitsRoots(): string[] {
-  const pluginsDir = join(TOB_CACHE_DIR, "plugins")
+  const pluginsDir = join(getTrailOfBitsCacheDir(), "plugins")
   if (!existsSync(pluginsDir)) return []
   let entries: Dirent[]