solidity-argus 0.3.7 → 0.5.7

package/src/hooks/agent-tracker.ts

@@ -1,17 +1,17 @@
 import type { Hooks as PluginHooks } from "@opencode-ai/plugin"
+import { ARGUS_FAMILY } from "../shared/agent-names"
 
 type ChatParamsInput = Parameters<NonNullable<PluginHooks["chat.params"]>>[0] & {
   agent?: string
 }
 type ChatMessageInput = Parameters<NonNullable<PluginHooks["chat.message"]>>[0]
 
-const ARGUS_FAMILY = new Set(["argus", "sentinel", "pythia", "scribe"])
-
 export type AgentTracker = ReturnType<typeof createAgentTracker>
 
 export function createAgentTracker() {
   const sessions = new Map<string, string>()
   const childSessions = new Map<string, Set<string>>()
+  const parentByChild = new Map<string, string>()
 
   const trackSession = (sessionID: string, agent?: string): void => {
     if (!agent) {
@@ -45,6 +45,13 @@ export function createAgentTracker() {
 
     clearSession: (sessionID: string): void => {
       sessions.delete(sessionID)
+      const children = childSessions.get(sessionID)
+      if (children) {
+        for (const child of children) {
+          parentByChild.delete(child)
+        }
+      }
+      childSessions.delete(sessionID)
     },
 
     getTrackedSessions: (): Map<string, string> => {
@@ -58,11 +65,16 @@ export function createAgentTracker() {
         childSessions.set(parentSessionId, children)
       }
       children.add(childSessionId)
+      parentByChild.set(childSessionId, parentSessionId)
     },
 
     getChildSessions: (parentSessionId: string): string[] => {
       const children = childSessions.get(parentSessionId)
       return children ? Array.from(children) : []
     },
+
+    getParentSession: (childSessionId: string): string | undefined => {
+      return parentByChild.get(childSessionId)
+    },
   }
 }

package/src/hooks/compaction-hook.ts

@@ -1,28 +1,19 @@
-import type { AuditState, FindingSeverity } from "../state/types"
+import { countBySeverity } from "../shared/validation-constants"
+import type { AuditState } from "../state/types"
 import type { ReconContext } from "./recon-context-builder"
 import { buildReconContextBlock } from "./recon-context-builder"
 
 export function createCompactionHook(
-  getAuditState: () => AuditState | null,
+  getAuditState: (sessionId?: string) => AuditState | null,
   getReconContext?: () => ReconContext | null,
-): (input: { summary: string }) => Promise<string | null> {
-  return async (_input: { summary: string }): Promise<string | null> => {
-    const state = getAuditState()
+): (input: { summary: string; sessionId?: string }) => Promise<string | null> {
+  return async (input: { summary: string; sessionId?: string }): Promise<string | null> => {
+    const state = getAuditState(input.sessionId)
 
     const parts: string[] = []
 
     if (state) {
-      const severityCounts: Record<FindingSeverity, number> = {
-        Critical: 0,
-        High: 0,
-        Medium: 0,
-        Low: 0,
-        Informational: 0,
-      }
-
-      for (const finding of state.findings) {
-        severityCounts[finding.severity]++
-      }
+      const severityCounts = countBySeverity(state.findings)
 
       const toolNames = state.toolsExecuted.map((t) => t.tool).join(", ")
       const contracts = state.contractsReviewed.join(", ")

package/src/hooks/config-handler.ts

@@ -1,20 +1,22 @@
 import { existsSync, readdirSync } from "node:fs"
-import { homedir } from "node:os"
 import { join, resolve } from "node:path"
 import type { Config } from "@opencode-ai/sdk/v2"
 import { ARGUS_PROMPT } from "../agents/argus-prompt"
 import { PYTHIA_PROMPT } from "../agents/pythia-prompt"
 import { SCRIBE_PROMPT } from "../agents/scribe-prompt"
 import { SENTINEL_PROMPT } from "../agents/sentinel-prompt"
+import { THEMIS_PROMPT } from "../agents/themis-prompt"
 import type { ArgusConfig } from "../config/types"
 import { DEFAULT_MODELS, DEFAULT_STEPS } from "../constants/defaults"
+import { getTrailOfBitsCacheDir } from "../shared/cache-paths"
 import { createLogger } from "../shared/logger"
 import { createKnowledgeSyncHook } from "./knowledge-sync-hook"
 
-const TOB_CACHE_DIR = join(homedir(), ".cache", "solidity-argus", "trailofbits-skills")
 const TOB_REPO_URL = "https://github.com/trailofbits/skills.git"
 const TOB_BRANCH = "main"
 let tobCloneInFlight = false
+let tobCloneStartedAt: number | null = null
+const TOB_CLONE_STUCK_TIMEOUT_MS = 120_000
 
 function getTrailOfBitsSkillsPaths(rootDir: string): string[] {
   const pluginsDir = join(rootDir, "plugins")
@@ -35,30 +37,67 @@ function getTrailOfBitsSkillsPaths(rootDir: string): string[] {
 }
 
 function ensureTrailOfBitsSkills(): string[] {
-  if (existsSync(TOB_CACHE_DIR)) {
-    return getTrailOfBitsSkillsPaths(TOB_CACHE_DIR)
+  const cacheDir = getTrailOfBitsCacheDir()
+
+  if (existsSync(cacheDir)) {
+    return getTrailOfBitsSkillsPaths(cacheDir)
+  }
+
+  // Reset stuck flag if clone has been in-flight for more than 120 seconds
+  if (
+    tobCloneInFlight &&
+    tobCloneStartedAt !== null &&
+    Date.now() - tobCloneStartedAt > TOB_CLONE_STUCK_TIMEOUT_MS
+  ) {
+    const logger = createLogger()
+    logger.warn(
+      `Trail of Bits skills clone flag stuck for >${TOB_CLONE_STUCK_TIMEOUT_MS / 1000}s — resetting (URL: ${TOB_REPO_URL}, dir: ${cacheDir})`,
+    )
+    tobCloneInFlight = false
+    tobCloneStartedAt = null
   }
 
   if (!tobCloneInFlight) {
     tobCloneInFlight = true
-    const cloneProcess = Bun.spawn(
-      ["git", "clone", "--depth", "1", "--branch", TOB_BRANCH, TOB_REPO_URL, TOB_CACHE_DIR],
-      {
-        stdin: "ignore",
-        stdout: "ignore",
-        stderr: "ignore",
-        signal: AbortSignal.timeout(60_000),
-      },
-    )
+    tobCloneStartedAt = Date.now()
+    let cloneProcess: ReturnType<typeof Bun.spawn>
+    try {
+      cloneProcess = Bun.spawn(
+        ["git", "clone", "--depth", "1", "--branch", TOB_BRANCH, TOB_REPO_URL, cacheDir],
+        {
+          stdin: "ignore",
+          stdout: "ignore",
+          stderr: "ignore",
+          signal: AbortSignal.timeout(60_000),
+        },
+      )
+    } catch (spawnErr) {
+      const logger = createLogger()
+      logger.error(
+        `Trail of Bits skills clone spawn failed (URL: ${TOB_REPO_URL}, dir: ${cacheDir}): ${spawnErr instanceof Error ? spawnErr.message : String(spawnErr)}`,
+      )
+      tobCloneInFlight = false
+      tobCloneStartedAt = null
+      return []
+    }
     cloneProcess.exited
       .then((code) => {
         if (code !== 0) {
           const logger = createLogger()
-          logger.warn(`Trail of Bits skills clone failed with exit code ${code}`)
+          logger.warn(
+            `Trail of Bits skills clone failed with exit code ${code} (URL: ${TOB_REPO_URL}, dir: ${cacheDir})`,
+          )
         }
       })
+      .catch((err) => {
+        const logger = createLogger()
+        logger.error(
+          `Trail of Bits skills clone process error (URL: ${TOB_REPO_URL}, dir: ${cacheDir}): ${err instanceof Error ? err.message : String(err)}`,
+        )
+      })
       .finally(() => {
         tobCloneInFlight = false
+        tobCloneStartedAt = null
       })
   }
 
@@ -72,8 +111,8 @@ export function createConfigHandler(
   const triggerKnowledgeSync = createKnowledgeSyncHook(argusConfig)
 
   return async (config: Config): Promise<void> => {
-    config.agent = {
-      ...config.agent,
+    config.agent ??= {}
+    Object.assign(config.agent, {
       argus: {
         mode: "primary",
         model: argusConfig.agents?.argus?.model ?? DEFAULT_MODELS.argus,
@@ -89,6 +128,7 @@ export function createConfigHandler(
             sentinel: "allow",
             pythia: "allow",
             scribe: "allow",
+            themis: "allow",
           },
           skill: "allow",
         },
@@ -108,6 +148,7 @@ export function createConfigHandler(
           argus_check_patterns: "allow",
           argus_proxy_detection: "allow",
           argus_forge_coverage: "allow",
+          argus_record_finding: "allow",
           argus_skill_load: "allow",
           skill: "allow",
         },
@@ -121,6 +162,7 @@ export function createConfigHandler(
         permission: {
           argus_solodit_search: "allow",
           argus_check_patterns: "allow",
+          argus_record_finding: "allow",
           argus_skill_load: "allow",
           skill: "allow",
         },
@@ -132,22 +174,36 @@ export function createConfigHandler(
         description: "Audit report writer",
         prompt: SCRIBE_PROMPT,
         permission: {
+          argus_read_findings: "allow",
           argus_generate_report: "allow",
+          argus_persist_deduped: "allow",
           argus_skill_load: "allow",
           skill: "allow",
         },
       },
-    }
+      themis: {
+        mode: "subagent",
+        model: argusConfig.agents?.themis?.model ?? DEFAULT_MODELS.themis,
+        steps: argusConfig.agents?.themis?.steps ?? DEFAULT_STEPS,
+        description: "Audit quality gate — independent cross-validation (GPT-5.4)",
+        prompt: THEMIS_PROMPT,
+        permission: {
+          argus_read_findings: "allow",
+          argus_solodit_search: "allow",
+          argus_check_patterns: "allow",
+          argus_skill_load: "allow",
+          skill: "allow",
+        },
+      },
+    })
 
     if (argusConfig.solodit?.enabled !== false) {
-      const port = argusConfig.solodit?.port ?? 3000
-      config.mcp = {
-        ...(config.mcp ?? {}),
-        "solodit-mcp": {
-          type: "remote",
-          url: `http://localhost:${port}/mcp`,
-          enabled: true,
-        },
+      const port = argusConfig.solodit?.port ?? 54173
+      config.mcp ??= {}
+      config.mcp["solodit-mcp"] = {
+        type: "remote",
+        url: `http://localhost:${port}/mcp`,
+        enabled: true,
       }
     }
 
@@ -167,10 +223,8 @@ export function createConfigHandler(
     const tobSkillDirs = ensureTrailOfBitsSkills()
     if (tobSkillDirs.length > 0) skillsPaths.push(...tobSkillDirs)
 
-    config.skills = {
-      ...(config.skills ?? {}),
-      paths: skillsPaths,
-    }
+    config.skills ??= {}
+    config.skills.paths = skillsPaths
 
     if (argusConfig.knowledge?.autoSync !== false) {
       triggerKnowledgeSync()

package/src/hooks/context-budget.ts

@@ -8,14 +8,13 @@
  * Decoupled from system-prompt-hook.ts — consumed by the hook when available.
  */
 
+import { ARGUS_ORCHESTRATOR, ARGUS_SUBAGENTS } from "../shared/agent-names"
+
 const ARGUS_BUDGET = 2000
 const SUBAGENT_BUDGET = 1000
 const PRESSURE_THRESHOLD = 0.7
 const PRESSURE_REDUCTION = 0.5
 
-const ARGUS_AGENTS = new Set(["argus"])
-const SUBAGENTS = new Set(["sentinel", "pythia", "scribe"])
-
 /**
  * Returns the token budget for a given agent, adjusted for context pressure.
  *
@@ -26,9 +25,9 @@ const SUBAGENTS = new Set(["sentinel", "pythia", "scribe"])
 export function getTokenBudgetForAgent(agent: string, contextPressure: number = 0): number {
   let budget: number
 
-  if (ARGUS_AGENTS.has(agent)) {
+  if (ARGUS_ORCHESTRATOR.has(agent)) {
     budget = ARGUS_BUDGET
-  } else if (SUBAGENTS.has(agent)) {
+  } else if (ARGUS_SUBAGENTS.has(agent)) {
     budget = SUBAGENT_BUDGET
   } else {
     return 0