npm - solidity-argus - Versions diffs - 0.3.7 → 0.5.7 - Mend

solidity-argus 0.3.7 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/AGENTS.md +13 -6
package/README.md +24 -12
package/package.json +7 -3
package/skills/checklists/cyfrin-best-practices-runtime/SKILL.md +1 -0
package/skills/checklists/cyfrin-best-practices-upgrades/SKILL.md +1 -0
package/skills/checklists/cyfrin-defi-core/SKILL.md +1 -0
package/skills/checklists/cyfrin-defi-integrations/SKILL.md +1 -0
package/skills/checklists/cyfrin-gas/SKILL.md +1 -0
package/skills/checklists/general-audit/SKILL.md +1 -0
package/skills/methodology/audit-workflow/SKILL.md +1 -0
package/skills/methodology/report-template/SKILL.md +1 -0
package/skills/methodology/severity-classification/SKILL.md +1 -0
package/skills/protocol-patterns/amm-dex/SKILL.md +1 -0
package/skills/protocol-patterns/bridges-cross-chain/SKILL.md +1 -0
package/skills/protocol-patterns/dao-governance/SKILL.md +1 -0
package/skills/protocol-patterns/lending-borrowing/SKILL.md +1 -0
package/skills/protocol-patterns/staking-vesting/SKILL.md +1 -0
package/skills/vulnerability-patterns/flash-loan-attacks/SKILL.md +0 -50
package/skills/vulnerability-patterns/oracle-manipulation/SKILL.md +0 -63
package/src/agents/argus-prompt.ts +98 -33
package/src/agents/pythia-prompt.ts +24 -2
package/src/agents/scribe-prompt.ts +34 -10
package/src/agents/sentinel-prompt.ts +19 -0
package/src/agents/themis-prompt.ts +110 -0
package/src/cli/commands/doctor.ts +29 -17
package/src/cli/commands/install.ts +74 -33
package/src/config/loader.ts +29 -5
package/src/config/schema.ts +45 -45
package/src/constants/defaults.ts +1 -0
package/src/create-hooks.ts +806 -173
package/src/create-managers.ts +4 -2
package/src/create-tools.ts +5 -1
package/src/features/audit-enforcer/audit-enforcer.ts +1 -11
package/src/features/background-agent/background-manager.ts +32 -5
package/src/features/error-recovery/tool-error-recovery.ts +1 -0
package/src/features/persistent-state/audit-state-manager.ts +272 -29
package/src/features/persistent-state/event-sink.ts +96 -25
package/src/features/persistent-state/findings-materializer.ts +68 -2
package/src/features/persistent-state/global-run-index.ts +86 -8
package/src/features/persistent-state/index.ts +7 -1
package/src/features/persistent-state/run-finalizer.ts +116 -7
package/src/features/persistent-state/run-pruner.ts +93 -0
package/src/hooks/agent-tracker.ts +14 -2
package/src/hooks/compaction-hook.ts +7 -16
package/src/hooks/config-handler.ts +83 -29
package/src/hooks/context-budget.ts +4 -5
package/src/hooks/event-hook.ts +213 -57
package/src/hooks/knowledge-sync-hook.ts +2 -3
package/src/hooks/safe-create-hook.ts +13 -1
package/src/hooks/system-prompt-hook.ts +20 -39
package/src/hooks/tool-tracking-hook.ts +602 -323
package/src/index.ts +15 -1
package/src/knowledge/scvd-client.ts +2 -4
package/src/knowledge/scvd-errors.ts +25 -2
package/src/knowledge/scvd-index.ts +7 -5
package/src/knowledge/scvd-sync.ts +6 -6
package/src/managers/types.ts +20 -2
package/src/shared/agent-names.ts +23 -0
package/src/shared/audit-artifact-resolver.ts +8 -3
package/src/shared/audit-phases.ts +12 -0
package/src/shared/cache-paths.ts +41 -0
package/src/shared/drop-diagnostics.ts +2 -2
package/src/shared/forge-errors.ts +31 -0
package/src/shared/forge-runner.ts +30 -0
package/src/shared/format-error.ts +3 -0
package/src/shared/index.ts +9 -0
package/src/shared/key-tools.ts +39 -0
package/src/shared/logger.ts +7 -7
package/src/shared/path-containment.ts +25 -0
package/src/shared/path-utils.ts +11 -0
package/src/shared/report-path-resolver.ts +4 -2
package/src/shared/safe-emit.ts +24 -0
package/src/shared/token-utils.ts +5 -0
package/src/shared/type-guards.ts +8 -0
package/src/shared/validation-constants.ts +52 -0
package/src/skills/analysis/cluster.ts +1 -114
package/src/skills/analysis/normalize.ts +2 -114
package/src/skills/analysis/stopwords.ts +109 -0
package/src/skills/argus-skill-resolver.ts +6 -3
package/src/solodit-lifecycle.ts +153 -37
package/src/state/adapters.ts +60 -66
package/src/state/finding-aggregation.ts +6 -8
package/src/state/finding-fingerprint.ts +1 -1
package/src/state/finding-store.ts +31 -9
package/src/state/index.ts +1 -1
package/src/state/projectors.ts +27 -19
package/src/state/schemas.ts +8 -32
package/src/state/types.ts +3 -0
package/src/tools/contract-analyzer-tool.ts +4 -6
package/src/tools/forge-coverage-tool.ts +10 -35
package/src/tools/forge-fuzz-tool.ts +21 -51
package/src/tools/forge-test-tool.ts +25 -47
package/src/tools/gas-analysis-tool.ts +12 -41
package/src/tools/pattern-checker-tool.ts +37 -15
package/src/tools/pattern-loader.ts +18 -4
package/src/tools/persist-deduped-tool.ts +94 -0
package/src/tools/proxy-detection-tool.ts +35 -34
package/src/tools/read-findings-tool.ts +390 -0
package/src/tools/record-finding-tool.ts +130 -25
package/src/tools/report-generator-tool.ts +475 -327
package/src/tools/report-preflight.ts +5 -1
package/src/tools/slither-tool.ts +55 -16
package/src/tools/solodit-search-tool.ts +260 -112
package/src/tools/sync-knowledge-tool.ts +2 -3
package/src/utils/solidity-parser.ts +39 -24
package/src/features/migration/index.ts +0 -14
package/src/features/migration/migration-adapter.ts +0 -151
package/src/features/migration/parity-telemetry.ts +0 -133

package/src/utils/solidity-parser.ts CHANGED Viewed

@@ -140,6 +140,36 @@ export function parseExternalCalls(sourceText: string): string[] {
   }
 }
+async function spawnForgeInspect(
+  contractName: string,
+  inspectType: string,
+  cwd: string,
+): Promise<{ success: boolean; stdout: string; stderr: string }> {
+  const proc = Bun.spawn(["forge", "inspect", contractName, inspectType, "--json"], {
+    cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+  })
+  const timeout = 15_000
+  let timerId: ReturnType<typeof setTimeout> | undefined
+  const timer = new Promise<never>((_, reject) => {
+    timerId = setTimeout(() => {
+      proc.kill()
+      reject(new Error(`forge inspect ${inspectType} timed out after ${timeout}ms`))
+    }, timeout)
+  })
+  try {
+    const exitCode = await Promise.race([proc.exited, timer])
+    const stdout = await new Response(proc.stdout).text()
+    const stderr = await new Response(proc.stderr).text()
+    return { success: exitCode === 0, stdout, stderr }
+  } finally {
+    if (timerId !== undefined) clearTimeout(timerId)
+  }
+}
 /**
  * Extract contract information using forge inspect
  * Runs forge inspect <contractName> abi and storage-layout
@@ -162,39 +192,24 @@ export async function extractContractInfo(
   }
   try {
-    // Run forge inspect abi
-    const abiResult = Bun.spawnSync(["forge", "inspect", contractName, "abi", "--json"], {
-      cwd: projectDir,
-      stdout: "pipe",
-      stderr: "pipe",
-      timeout: 15_000,
-    })
+    // Run both forge inspect commands in parallel (async, non-blocking)
+    const [abiResult, storageResult] = await Promise.all([
+      spawnForgeInspect(contractName, "abi", projectDir),
+      spawnForgeInspect(contractName, "storage-layout", projectDir),
+    ])
     if (!abiResult.success) {
-      const errorMsg = abiResult.stderr?.toString() || "Unknown error"
-      result.error = `Failed to inspect ABI: ${errorMsg}`
+      result.error = `Failed to inspect ABI: ${abiResult.stderr}`
       return result
     }
-    // Run forge inspect storage-layout
-    const storageResult = Bun.spawnSync(
-      ["forge", "inspect", contractName, "storage-layout", "--json"],
-      {
-        cwd: projectDir,
-        stdout: "pipe",
-        stderr: "pipe",
-        timeout: 15_000,
-      },
-    )
     if (!storageResult.success) {
-      const errorMsg = storageResult.stderr?.toString() || "Unknown error"
-      result.error = `Failed to inspect storage layout: ${errorMsg}`
+      result.error = `Failed to inspect storage layout: ${storageResult.stderr}`
       return result
     }
     // Parse ABI
-    const abiRaw = abiResult.stdout?.toString() || "[]"
+    const abiRaw = abiResult.stdout || "[]"
     const abiOutput = extractJson(abiRaw, "[")
     let abi: ABIFunction[] = []
     try {
@@ -205,7 +220,7 @@ export async function extractContractInfo(
     }
     // Parse storage layout
-    const storageRaw = storageResult.stdout?.toString() || "{}"
+    const storageRaw = storageResult.stdout || "{}"
     const storageOutput = extractJson(storageRaw, "{")
     let storageLayout: StorageLayout = { storage: [], types: {} }
     try {

package/src/features/migration/index.ts DELETED Viewed

@@ -1,14 +0,0 @@
-export {
-  adaptLegacyFindings,
-  adaptLegacyStateToReportInput,
-  getMigrationMode,
-  type MigrationMode,
-  validateStrictCompatibility,
-} from "./migration-adapter"
-export {
-  computeParityMetrics,
-  formatParityReport,
-  type ParityMetrics,
-  type SeverityDistribution,
-} from "./parity-telemetry"

package/src/features/migration/migration-adapter.ts DELETED Viewed

@@ -1,151 +0,0 @@
-import {
-  createDropDiagnosticsCollector,
-  type DropDiagnosticsCollector,
-} from "../../shared/drop-diagnostics"
-import { normalizeLegacyFindingsArray, normalizeToCanonicalFinding } from "../../state/adapters"
-import type { CanonicalFinding, ReportInput } from "../../state/schemas"
-import { SCHEMA_VERSION } from "../../state/schemas"
-import type { AuditState, Finding } from "../../state/types"
-export type MigrationMode = "legacy" | "dual" | "strict"
-/**
- * Returns the active migration mode from config, defaulting to "legacy".
- */
-export function getMigrationMode(config: { migration?: { mode?: MigrationMode } }): MigrationMode {
-  return config.migration?.mode ?? "legacy"
-}
-/**
- * Adapts a legacy `AuditState` into canonical `CanonicalFinding[]`.
- *
- * In legacy mode: returns the raw findings as-is (backward compatible).
- * In dual mode: normalizes findings to canonical AND returns both.
- * In strict mode: normalizes to canonical, rejects payloads missing required canonical fields.
- */
-export function adaptLegacyFindings(
-  state: AuditState,
-  mode: MigrationMode,
-  runId: string,
-): {
-  legacyFindings: Finding[]
-  canonicalFindings: CanonicalFinding[]
-  diagnostics: ReturnType<DropDiagnosticsCollector["getDiagnostics"]>
-} {
-  const legacyFindings = state.findings
-  if (mode === "legacy") {
-    return {
-      legacyFindings,
-      canonicalFindings: [],
-      diagnostics: [],
-    }
-  }
-  const policy = mode === "strict" ? "strict-fail" : "warn"
-  const diag = createDropDiagnosticsCollector(policy, "migration-adapter")
-  const { findings: canonicalFindings, diagnostics: adapterDiags } = normalizeLegacyFindingsArray(
-    legacyFindings as unknown as unknown[],
-    runId,
-  )
-  for (const d of adapterDiags) {
-    if (d.level === "error") {
-      diag.error(d.code, d.message, d.field)
-    } else {
-      diag.warn(d.code, d.message, d.field)
-    }
-  }
-  // In strict mode, validate that all legacy findings survived normalization
-  if (mode === "strict" && canonicalFindings.length < legacyFindings.length) {
-    const dropped = legacyFindings.length - canonicalFindings.length
-    diag.error(
-      "STRICT_FINDINGS_DROPPED",
-      `${dropped} legacy finding(s) could not be normalized to canonical format`,
-    )
-  }
-  // Throws DropDiagnosticsError in strict mode if errors exist
-  diag.throwIfStrict()
-  return {
-    legacyFindings,
-    canonicalFindings,
-    diagnostics: diag.getDiagnostics(),
-  }
-}
-/**
- * Adapts a legacy `AuditState` into a canonical `ReportInput`.
- *
- * Maps legacy AuditState fields to the canonical ReportInput contract.
- */
-export function adaptLegacyStateToReportInput(
-  state: AuditState,
-  mode: MigrationMode,
-  runId: string,
-): {
-  reportInput: ReportInput
-  diagnostics: ReturnType<DropDiagnosticsCollector["getDiagnostics"]>
-} {
-  const { canonicalFindings, diagnostics } = adaptLegacyFindings(
-    state,
-    mode === "legacy" ? "dual" : mode,
-    runId,
-  )
-  const reportInput: ReportInput = {
-    run_id: runId,
-    seq: 0,
-    session_id: state.sessionId,
-    tool_call_id: "",
-    source: "migration-adapter",
-    schema_version: SCHEMA_VERSION,
-    projectDir: state.projectDir,
-    findings: canonicalFindings,
-    toolsExecuted: state.toolsExecuted.map((t) => ({
-      ...t,
-      run_id: runId,
-      schema_version: SCHEMA_VERSION,
-    })),
-    scope: state.scope,
-    soloditResults: state.soloditResults,
-    fuzzCounterexamples: state.fuzzCounterexamples,
-    coverageReport: state.coverageReport,
-    gasHotspots: state.gasHotspots,
-    proxyContracts: state.proxyContracts,
-  }
-  return { reportInput, diagnostics }
-}
-/**
- * Validates that a legacy AuditState is compatible with strict mode.
- * Returns true if ALL findings can be normalized without errors.
- */
-export function validateStrictCompatibility(
-  state: AuditState,
-  runId: string,
-): { compatible: boolean; errors: string[] } {
-  const errors: string[] = []
-  for (const [index, finding] of state.findings.entries()) {
-    const result = normalizeToCanonicalFinding(
-      finding as unknown as Record<string, unknown>,
-      runId,
-      index + 1,
-    )
-    const hasErrors = result.diagnostics.some((d) => d.level === "error")
-    if (hasErrors) {
-      errors.push(
-        ...result.diagnostics
-          .filter((d) => d.level === "error")
-          .map((d) => `[finding:${index}] ${d.message}`),
-      )
-    }
-  }
-  return { compatible: errors.length === 0, errors }
-}

package/src/features/migration/parity-telemetry.ts DELETED Viewed

@@ -1,133 +0,0 @@
-import { stableHash } from "../../state/projectors"
-import type { CanonicalFinding } from "../../state/schemas"
-import type { Finding, FindingSeverity } from "../../state/types"
-const SEVERITIES: readonly FindingSeverity[] = [
-  "Critical",
-  "High",
-  "Medium",
-  "Low",
-  "Informational",
-] as const
-export interface SeverityDistribution {
-  Critical: number
-  High: number
-  Medium: number
-  Low: number
-  Informational: number
-}
-export interface ParityMetrics {
-  legacyFindingCount: number
-  canonicalFindingCount: number
-  findingCountDiff: number
-  legacySeverityDistribution: SeverityDistribution
-  canonicalSeverityDistribution: SeverityDistribution
-  severityDiffs: Partial<Record<FindingSeverity, number>>
-  legacyContentHash: string
-  canonicalContentHash: string
-  hashMatch: boolean
-  onlyInLegacy: string[]
-  onlyInCanonical: string[]
-  timestamp: number
-}
-function computeSeverityDistribution(
-  findings: Array<{ severity: FindingSeverity }>,
-): SeverityDistribution {
-  const dist: SeverityDistribution = {
-    Critical: 0,
-    High: 0,
-    Medium: 0,
-    Low: 0,
-    Informational: 0,
-  }
-  for (const f of findings) {
-    if (f.severity in dist) {
-      dist[f.severity]++
-    }
-  }
-  return dist
-}
-function findingIds(findings: Array<{ id: string }>): Set<string> {
-  return new Set(findings.map((f) => f.id))
-}
-export function computeParityMetrics(
-  legacyFindings: Finding[],
-  canonicalFindings: CanonicalFinding[],
-): ParityMetrics {
-  const legacySeverity = computeSeverityDistribution(legacyFindings)
-  const canonicalSeverity = computeSeverityDistribution(canonicalFindings)
-  const severityDiffs: Partial<Record<FindingSeverity, number>> = {}
-  for (const sev of SEVERITIES) {
-    const diff = canonicalSeverity[sev] - legacySeverity[sev]
-    if (diff !== 0) {
-      severityDiffs[sev] = diff
-    }
-  }
-  const legacyIds = findingIds(legacyFindings)
-  const canonicalIds = findingIds(canonicalFindings)
-  const onlyInLegacy = [...legacyIds].filter((id) => !canonicalIds.has(id))
-  const onlyInCanonical = [...canonicalIds].filter((id) => !legacyIds.has(id))
-  const legacyContentHash = stableHash(
-    legacyFindings.map((f) => ({ id: f.id, check: f.check, severity: f.severity, file: f.file })),
-  )
-  const canonicalContentHash = stableHash(
-    canonicalFindings.map((f) => ({
-      id: f.id,
-      check: f.check,
-      severity: f.severity,
-      file: f.file,
-    })),
-  )
-  return {
-    legacyFindingCount: legacyFindings.length,
-    canonicalFindingCount: canonicalFindings.length,
-    findingCountDiff: canonicalFindings.length - legacyFindings.length,
-    legacySeverityDistribution: legacySeverity,
-    canonicalSeverityDistribution: canonicalSeverity,
-    severityDiffs,
-    legacyContentHash,
-    canonicalContentHash,
-    hashMatch: legacyContentHash === canonicalContentHash,
-    onlyInLegacy,
-    onlyInCanonical,
-    timestamp: Date.now(),
-  }
-}
-export function formatParityReport(metrics: ParityMetrics): string {
-  const lines: string[] = [
-    "=== Migration Parity Report ===",
-    `Finding count: legacy=${metrics.legacyFindingCount} canonical=${metrics.canonicalFindingCount} diff=${metrics.findingCountDiff}`,
-    `Content hash match: ${metrics.hashMatch}`,
-  ]
-  const sevDiffs = Object.entries(metrics.severityDiffs)
-  if (sevDiffs.length > 0) {
-    lines.push(
-      `Severity diffs: ${sevDiffs.map(([k, v]) => `${k}=${v > 0 ? "+" : ""}${v}`).join(", ")}`,
-    )
-  }
-  if (metrics.onlyInLegacy.length > 0) {
-    lines.push(
-      `Only in legacy (${metrics.onlyInLegacy.length}): ${metrics.onlyInLegacy.join(", ")}`,
-    )
-  }
-  if (metrics.onlyInCanonical.length > 0) {
-    lines.push(
-      `Only in canonical (${metrics.onlyInCanonical.length}): ${metrics.onlyInCanonical.join(", ")}`,
-    )
-  }
-  return lines.join("\n")
-}