solidity-argus 0.3.7 → 0.5.7

package/src/tools/pattern-checker-tool.ts

@@ -1,6 +1,5 @@
 import { readdirSync, readFileSync, statSync } from "node:fs"
-import os from "node:os"
-import { dirname, extname, join, resolve } from "node:path"
+import { dirname, extname, isAbsolute, join, resolve } from "node:path"
 import { type ToolContext, tool } from "@opencode-ai/plugin"
 import {
   loadIndex,
@@ -8,7 +7,10 @@ import {
   type ScvdIndexEntry,
   searchIndex,
 } from "../knowledge/scvd-index"
+import { getScvdIndexPath } from "../shared/cache-paths"
 import { createLogger } from "../shared/logger"
+import { normalizeFilePath } from "../shared/path-utils"
+import { resolveProjectDir } from "../shared/project-utils"
 import { extractDetectionRulesFromSkills } from "./pattern-loader"
 import type { PatternDefinition } from "./pattern-schema"
 
@@ -153,7 +155,7 @@ async function collectScvdMatches(
     return []
   }
 
-  const indexPath = join(os.homedir(), ".cache", "solidity-argus", "scvd-index.json")
+  const indexPath = getScvdIndexPath()
   const index = await dependencies.loadIndexFn(indexPath)
 
   if (!index) {
@@ -241,20 +243,24 @@ function lineWindow(content: string, index: number): [number, number] {
   return [start, end]
 }
 
-export function findMatches(file: string, patterns: LoadedPattern[]): Match[] {
+export function findMatches(file: string, patterns: LoadedPattern[], projectDir?: string): Match[] {
   const content = readFileSync(file, "utf8")
+  const normalizedFile = projectDir ? normalizeFilePath(file, projectDir) : file
   const matches: Match[] = []
 
   // Strip comments and string literals to reduce false positives.
-  // Use a space-preserving approach so line numbers remain valid.
-  // Order: multi-line comments first (can contain //), then single-line, then strings.
-  const stripped = content
-    .replace(/\/\*[\s\S]*?\*\//g, (m) => m.replace(/[^\n]/g, " "))
-    .replace(/\/\/[^\n]*/g, (m) => " ".repeat(m.length))
-    .replace(/"(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*'/g, (m) => {
+  // Single-pass approach: match whichever construct appears first so that
+  // a "//" inside a string (e.g. URLs) is NOT treated as a comment.
+  const stripped = content.replace(
+    /\/\*[\s\S]*?\*\/|\/\/[^\n]*|"(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*'/g,
+    (m) => {
+      if (m.startsWith("/*")) return m.replace(/[^\n]/g, " ")
+      if (m.startsWith("//")) return " ".repeat(m.length)
+      // String literal — preserve quotes, blank interior
       const quote = m[0]
       return `${quote}${" ".repeat(Math.max(0, m.length - 2))}${quote}`
-    })
+    },
+  )
 
   for (const pattern of patterns) {
     const regex = new RegExp(
@@ -266,7 +272,7 @@ export function findMatches(file: string, patterns: LoadedPattern[]): Match[] {
       matches.push({
         pattern: pattern.name,
         severity: pattern.severity,
-        file,
+        file: normalizedFile,
         lines: lineWindow(content, index),
         description: pattern.description,
         exploitReference: pattern.exploitReference,
@@ -306,14 +312,24 @@ export async function executePatternCheck(
   context.metadata({ title: `Pattern check: ${args.target}` })
 
   const skillsDir = join(dirname(dirname(__dirname)), "skills")
-  const skillDetectionRules = extractDetectionRulesFromSkills(skillsDir)
+  const { patterns: skillDetectionRules, errors: loaderErrors } =
+    extractDetectionRulesFromSkills(skillsDir)
+  if (loaderErrors.length > 0) {
+    for (const err of loaderErrors) {
+      logger.warn(`Pattern loader: ${err}`)
+    }
+  }
 
   const allPatterns: LoadedPattern[] = [
     ...normalizePatternDefinitions(skillDetectionRules, "skill"),
   ]
 
   const selectedPatterns = selectPatterns(allPatterns, args.patterns)
-  const solidityFiles = collectSolidityFiles(args.target)
+  const baseProjectDir = resolveProjectDir(context)
+  const resolvedTarget = isAbsolute(args.target)
+    ? args.target
+    : resolve(baseProjectDir, args.target)
+  const solidityFiles = collectSolidityFiles(resolvedTarget)
   if (solidityFiles.length === 0) {
     return {
       success: false,
@@ -328,12 +344,18 @@ export async function executePatternCheck(
     }
   }
 
+  const absoluteTarget = resolvedTarget
+  let targetStat: ReturnType<typeof statSync> | undefined
+  try {
+    targetStat = statSync(absoluteTarget)
+  } catch {}
+  const normalizedProjectDir = targetStat?.isFile() ? dirname(absoluteTarget) : absoluteTarget
   const sourceMatches: Match[] = []
   for (const solidityFile of solidityFiles) {
     if (context.abort.aborted) {
       throw new Error("pattern check aborted")
     }
-    sourceMatches.push(...findMatches(solidityFile, selectedPatterns))
+    sourceMatches.push(...findMatches(solidityFile, selectedPatterns, normalizedProjectDir))
   }
 
   const sources: MatchSource[] = [

package/src/tools/pattern-loader.ts

@@ -36,9 +36,15 @@ function listSkillMarkdownFiles(skillsDir: string): string[] {
   return files
 }
 
-export function extractDetectionRulesFromSkills(skillsDir: string): PatternDefinition[] {
+export interface PatternLoaderResult {
+  patterns: PatternDefinition[]
+  errors: string[]
+}
+
+export function extractDetectionRulesFromSkills(skillsDir: string): PatternLoaderResult {
   const skillFiles = listSkillMarkdownFiles(skillsDir)
   const extracted: PatternDefinition[] = []
+  const errors: string[] = []
 
   for (const filePath of skillFiles) {
     try {
@@ -47,7 +53,13 @@ export function extractDetectionRulesFromSkills(skillsDir: string): PatternDefin
       if (!frontmatter) continue
 
       const parsed = SkillFrontmatterSchema.safeParse(frontmatter)
-      if (!parsed.success) continue
+      if (!parsed.success) {
+        const reason = parsed.error.issues.map((i) => i.message).join("; ")
+        const msg = `Failed to parse ${filePath}: ${reason}`
+        logger.warn(msg)
+        errors.push(msg)
+        continue
+      }
 
       const skillName = parsed.data.name
       const category = parsed.data.pattern_category
@@ -69,9 +81,11 @@ export function extractDetectionRulesFromSkills(skillsDir: string): PatternDefin
         })
       }
     } catch (err) {
-      logger.warn(`Skipping ${filePath}: ${err instanceof Error ? err.message : "parse error"}`)
+      const msg = `Failed to parse ${filePath}: ${err instanceof Error ? err.message : "parse error"}`
+      logger.warn(msg)
+      errors.push(msg)
     }
   }
 
-  return extracted
+  return { patterns: extracted, errors }
 }

package/src/tools/persist-deduped-tool.ts

@@ -0,0 +1,94 @@
+import { mkdir, writeFile } from "node:fs/promises"
+import { dirname } from "node:path"
+import { type ToolContext, tool } from "@opencode-ai/plugin"
+import { createAuditArtifactResolver } from "../shared/audit-artifact-resolver"
+import { createLogger } from "../shared/logger"
+import { resolveProjectDir } from "../shared/project-utils"
+import { isNonEmptyString } from "../shared/type-guards"
+import type { CanonicalFinding } from "../state/schemas"
+import { SCHEMA_VERSION } from "../state/schemas"
+
+type PersistDedupedArgs = {
+  run_id: string
+  deduped_findings: string
+}
+
+export interface DedupedFindingsArtifact {
+  run_id: string
+  schema_version: string
+  deduped_at: number
+  deduped_by: string
+  findings_count: number
+  findings: CanonicalFinding[]
+}
+
+export async function executePersistDeduped(
+  args: PersistDedupedArgs,
+  context: ToolContext,
+): Promise<string> {
+  const logger = createLogger()
+
+  if (!isNonEmptyString(args.run_id)) {
+    return JSON.stringify({ success: false, error: "run_id is required" })
+  }
+  if (!isNonEmptyString(args.deduped_findings)) {
+    return JSON.stringify({ success: false, error: "deduped_findings is required" })
+  }
+
+  let findings: CanonicalFinding[]
+  try {
+    const parsed = JSON.parse(args.deduped_findings)
+    findings = Array.isArray(parsed) ? parsed : parsed.findings
+    if (!Array.isArray(findings)) {
+      return JSON.stringify({
+        success: false,
+        error: "deduped_findings must be a JSON array or an object with a findings array",
+      })
+    }
+  } catch (err) {
+    return JSON.stringify({
+      success: false,
+      error: `Invalid JSON: ${err instanceof Error ? err.message : String(err)}`,
+    })
+  }
+
+  const projectDir = resolveProjectDir(context)
+  const resolver = createAuditArtifactResolver(args.run_id, projectDir)
+  const dedupedPath = resolver.paths().dedupedFindingsFile
+
+  const artifact: DedupedFindingsArtifact = {
+    run_id: args.run_id,
+    schema_version: SCHEMA_VERSION,
+    deduped_at: Date.now(),
+    deduped_by: context.agent ?? "scribe",
+    findings_count: findings.length,
+    findings,
+  }
+
+  await mkdir(dirname(dedupedPath), { recursive: true })
+  await writeFile(dedupedPath, JSON.stringify(artifact, null, 2))
+  logger.debug(`Persisted ${findings.length} deduped findings to ${dedupedPath}`)
+
+  return JSON.stringify({
+    success: true,
+    path: dedupedPath,
+    findings_count: findings.length,
+    schema_version: SCHEMA_VERSION,
+  })
+}
+
+export const persistDedupedTool = tool({
+  description:
+    "Persist deduplicated and enriched findings to disk as the source-of-truth JSON artifact. Call this BEFORE argus_generate_report so the report tool can read from disk instead of requiring inline data.",
+  args: {
+    run_id: tool.schema.string().describe("The canonical run ID from <argus-context>."),
+    deduped_findings: tool.schema
+      .string()
+      .describe(
+        "Serialized JSON array of deduplicated and enriched findings. Each finding should have: check, severity, confidence, description, file, lines, source, impact, recommendation.",
+      ),
+  },
+  async execute(args, context) {
+    return executePersistDeduped(args, context)
+  },
+})

package/src/tools/proxy-detection-tool.ts

@@ -115,49 +115,50 @@ function collectIndicators(source: string): Set<string> {
   return indicators
 }
 
-function hasAny(indicators: Set<string>, candidates: string[]): boolean {
-  return candidates.some((candidate) => indicators.has(candidate))
-}
-
-function classifyProxyType(indicators: Set<string>): ProxyType | null {
-  if (
-    hasAny(indicators, ["diamond-cut", "diamond-cut-interface", "facet-address", "diamond-loupe"])
-  ) {
-    return "diamond"
-  }
-
-  if (
-    hasAny(indicators, ["uups-authorize-upgrade", "uups-upgrade-to-and-call", "uups-upgradeable"])
-  ) {
-    return "uups"
-  }
-
-  if (hasAny(indicators, ["beacon-interface", "beacon-proxy", "upgradeable-beacon"])) {
-    return "beacon"
-  }
-
-  if (
-    hasAny(indicators, [
+// Scored classification: each proxy type gets a score based on how many
+// of its specific indicators are present. The type with the highest score
+// wins. This avoids implicit order-dependency when multiple proxy types
+// have matching indicators.
+const PROXY_TYPE_INDICATORS: Array<{ type: ProxyType; indicators: string[] }> = [
+  {
+    type: "diamond",
+    indicators: ["diamond-cut", "diamond-cut-interface", "facet-address", "diamond-loupe"],
+  },
+  {
+    type: "uups",
+    indicators: ["uups-authorize-upgrade", "uups-upgrade-to-and-call", "uups-upgradeable"],
+  },
+  { type: "beacon", indicators: ["beacon-interface", "beacon-proxy", "upgradeable-beacon"] },
+  {
+    type: "transparent",
+    indicators: [
       "transparent-implementation-getter",
       "transparent-admin-getter",
       "transparent-set-implementation",
-    ])
-  ) {
-    return "transparent"
-  }
-
-  if (
-    hasAny(indicators, [
+    ],
+  },
+  {
+    type: "erc1967",
+    indicators: [
       "erc1967-implementation-slot",
       "erc1967-admin-slot",
       "erc1967-beacon-slot",
       "delegatecall",
-    ])
-  ) {
-    return "erc1967"
+    ],
+  },
+]
+
+function classifyProxyType(indicators: Set<string>): ProxyType | null {
+  let best: { type: ProxyType; score: number } | null = null
+
+  for (const entry of PROXY_TYPE_INDICATORS) {
+    const score = entry.indicators.filter((ind) => indicators.has(ind)).length
+    if (score > 0 && (!best || score > best.score)) {
+      best = { type: entry.type, score }
+    }
   }
 
-  return null
+  return best?.type ?? null
 }
 
 export async function executeProxyDetection(