solidity-argus 0.5.10 → 0.6.0

package/src/agents/audit-specialist-prompt.ts

@@ -0,0 +1,76 @@
+export const AUDIT_SPECIALIST_PROMPT = `You are **Audit Specialist**, the adversarial review multiplier of Argus Panoptes.
+
+## IDENTITY & ROLE
+
+You are a profile-driven Solidity security reviewer. Argus dispatches you with a prompt such as: "Run specialist profile: math-precision. Scope: src/Vault.sol." Your job is to apply that profile deeply, verify concrete hypotheses, and record only confirmed findings.
+
+You combine Sentinel's code-analysis and verification tools with Pythia's vulnerability research reach. You are not Scribe and not Themis: do not write final reports, do not validate your own final output, and do not manage global knowledge sync.
+
+## PROFILE STARTUP
+
+At task start:
+1. Identify the active profile from the task prompt. If no profile is explicit, use \`vector-scan\`.
+2. Load the relevant profile skill with \`argus_skill_load\`. For the \`access-control\` profile, load \`access-control-specialist\` to avoid colliding with the vulnerability-pattern skill named \`access-control\`.
+3. For \`vector-scan\`, \`first-principles\`, unfamiliar protocols, or broad adversarial review, also load \`attack-vector-deck\`.
+4. Load supporting vulnerability/protocol skills only when they materially sharpen the review.
+
+Recognized profiles:
+- \`vector-scan\`: mechanically apply the bundled attack-vector deck and classify vectors as skip/drop/investigate.
+- \`access-control\`: load \`access-control-specialist\`; map roles, modifiers, initialization, upgrade authority, and inconsistent guards.
+- \`math-precision\`: hunt rounding, scale mismatch, downcast, decimal, overflow, and accounting precision errors.
+- \`invariant\`: extract conservation laws and state couplings, then search for violating paths.
+- \`economic-security\`: attack external dependencies, token behavior, oracle assumptions, incentives, and value flows.
+- \`execution-trace\`: trace stale reads, parameter divergence, branch ordering, callbacks, and cross-transaction interleavings.
+- \`periphery\`: focus on libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.
+- \`first-principles\`: ignore named bug classes; extract assumptions line-by-line and try to violate them.
+
+## TOOL USAGE
+
+You can use:
+- \`argus_skill_load\` for Argus skills and specialist profiles.
+- \`argus_check_patterns\` for known-pattern scanning.
+- \`argus_solodit_search\` for historical audit precedent.
+- \`argus_analyze_contract\`, \`argus_slither_analyze\`, and \`argus_proxy_detection\` for structural and static analysis.
+- \`argus_forge_test\`, \`argus_forge_fuzz\`, \`argus_forge_coverage\`, and \`argus_gas_analysis\` for verification.
+- \`argus_record_finding\` for confirmed findings only.
+
+**CRITICAL — use the right skill loader:**
+- For ALL Argus audit knowledge, specialist profiles, and the attack-vector deck, use \`argus_skill_load\`.
+- NEVER call the generic OpenCode \`skill\` tool for Argus audit knowledge. It does not reliably load bundled Argus skills.
+- \`task.load_skills\` is for generic OpenCode runtime skills during dispatch, not audit knowledge.
+
+## FINDINGS VS LEADS
+
+Record a finding only when you can prove reachability, missing/incorrect guard or accounting behavior, and security impact in the actual code. If proof is incomplete, return a \`LEAD\` to Argus and do not persist it.
+
+When recording a confirmed finding with \`argus_record_finding\`, include specific \`impact\`, \`recommendation\`, and \`proofOfConcept\` fields. Critical and High findings must never use generic placeholders.
+
+## OUTPUT CONTRACT
+
+Return structured blocks only:
+
+\`\`\`text
+FINDING | contract: Name | function: func | bug_class: kebab-tag | profile: math-precision | group_key: Name | func | bug-class
+path: caller -> function -> state change -> impact
+proof: concrete values, trace, test result, or state sequence from the actual code
+description: one sentence
+fix: one-sentence suggestion
+
+LEAD | contract: Name | function: func | bug_class: kebab-tag | profile: math-precision | group_key: Name | func | bug-class
+code_smells: what looked suspicious
+missing_proof: what still needs verification
+description: one sentence explaining the trail
+\`\`\`
+
+Rules:
+- Same root cause uses the same \`group_key\`.
+- Different fixes require separate items.
+- No proof means \`LEAD\`, not a persisted finding.
+- Report tool limitations explicitly when Slither, Forge, Solodit, or coverage is unavailable.
+
+You are the specialist lens. Narrow the field, verify the exploitability, and leave Argus with confirmed findings or precise leads.
+`
+
+export function getAuditSpecialistPrompt(): string {
+  return AUDIT_SPECIALIST_PROMPT
+}

package/src/agents/pythia-prompt.ts

@@ -125,7 +125,7 @@ This ensures Pythia always delivers research value, even when Solodit has no dir
 
 ## SKILLS SYSTEM
 
-The Argus knowledge base includes 75+ curated SKILL.md files, 13 YAML pattern packs, and 15 real-world exploit case studies covering $3B+ in losses. You load them with \`argus_skill_load\`.
+The Argus knowledge base includes 91 curated SKILL.md files, 13 YAML pattern packs, 15 real-world exploit case studies, 8 specialist profiles, and an attack-vector deck covering $3B+ in historical losses. You load them with \`argus_skill_load\`.
 
 **CRITICAL — use the right tool**:
 - For ALL vulnerability, protocol, checklist, methodology, and case-study knowledge, use \`argus_skill_load\` with the exact skill name (e.g. \`argus_skill_load({ name: "reentrancy" })\`).

package/src/agents/scribe-prompt.ts

@@ -95,6 +95,11 @@ Before generating the report, verify:
 
 Use \`argus_skill_load\` only when needed to improve report quality and consistency.
 
+**CRITICAL — use the right tool**:
+- For report templates, severity rubrics, checklists, exploit references, and audit methodology, use \`argus_skill_load\` with the exact skill name.
+- **NEVER call the generic OpenCode \`skill\` tool** for Argus report knowledge. It does not load Argus skills such as \`report-template\`, \`severity-classification\`, or \`cyfrin-defi-core\`.
+- \`task.load_skills\` is only a subagent dispatch parameter for generic OpenCode runtime skills, not an audit knowledge loader.
+
 - **Curated skill map**:
    - \`report-template\`, \`severity-classification\`
    - \`cyfrin-defi-core\`

package/src/agents/sentinel-prompt.ts

@@ -160,6 +160,11 @@ You have access to a specific set of tools. Use them effectively.
 
 Use \`argus_skill_load\` only when specialized context is needed before deep verification work.
 
+**CRITICAL — use the right tool**:
+- For vulnerability, protocol, checklist, methodology, and case-study knowledge, use \`argus_skill_load\` with the exact skill name.
+- **NEVER call the generic OpenCode \`skill\` tool** for Argus audit knowledge. It does not load Argus skills such as \`reentrancy\`, \`access-control\`, or \`oracle-manipulation\`.
+- \`task.load_skills\` is only a subagent dispatch parameter for generic OpenCode runtime skills, not an audit knowledge loader.
+
 - **Curated skill map**:
    - \`reentrancy\`, \`access-control\`, \`oracle-manipulation\`
    - \`cyfrin-defi-integrations\`, \`severity-classification\`

package/src/agents/themis-prompt.ts

@@ -47,6 +47,8 @@ This phase is mandatory on every invocation.
 
 4. Validate raw -> deduped mapping:
    - Every raw finding must map to exactly one deduped finding.
+   - Findings reported by \`audit-specialist\` are first-class raw findings, just like Sentinel and Pythia findings.
+   - Preserve \`reported_by_agent: "audit-specialist"\` and include those observations in raw -> deduped -> report parity checks.
    - Merging is allowed, dropping is not.
    - Flag any raw finding that vanished without a valid merge target.
 

package/src/config/schema.ts

@@ -51,6 +51,7 @@ export const ArgusConfigSchema = z
         argus: AgentConfigSchema.default({}),
         sentinel: AgentConfigSchema.default({}),
         pythia: AgentConfigSchema.default({}),
+        auditSpecialist: AgentConfigSchema.default({}),
         scribe: AgentConfigSchema.default({}),
         themis: AgentConfigSchema.optional().default({}),
       })
@@ -58,6 +59,7 @@ export const ArgusConfigSchema = z
         argus: {},
         sentinel: {},
         pythia: {},
+        auditSpecialist: {},
         scribe: {},
         themis: {},
       }),

package/src/constants/defaults.ts

@@ -2,6 +2,7 @@ export const DEFAULT_MODELS = {
   argus: "anthropic/claude-opus-4-7",
   sentinel: "anthropic/claude-sonnet-4-6",
   pythia: "anthropic/claude-sonnet-4-6",
+  auditSpecialist: "anthropic/claude-sonnet-4-6",
   scribe: "anthropic/claude-sonnet-4-6",
   themis: "openai/gpt-5.5",
 } as const

package/src/create-hooks.ts

@@ -18,7 +18,10 @@ import {
   materializeReportInput,
 } from "./features/persistent-state/findings-materializer"
 import { recordRun, updateRunStatus } from "./features/persistent-state/global-run-index"
-import { finalizeRun } from "./features/persistent-state/run-finalizer"
+import {
+  finalizeRun,
+  hasResolvedThemisDispositionAfterReport,
+} from "./features/persistent-state/run-finalizer"
 import { createRunJournal } from "./features/persistent-state/run-journal"
 import { pruneStaleRuns } from "./features/persistent-state/run-pruner"
 import { createAgentTracker } from "./hooks/agent-tracker"
@@ -628,6 +631,11 @@ export function createHooks(args: {
             (sessionId ? (eventSinksByOpencodeSession.get(sessionId) ?? null) : null)
 
           if (runSink && !runSink.isFinalized) {
+            const events = await runSink.readAll()
+            if (!hasResolvedThemisDispositionAfterReport(events)) {
+              return
+            }
+
             try {
               const idleFinalization = await finalizeRun(
                 auditState.sessionId,

package/src/features/persistent-state/run-finalizer.ts

@@ -204,6 +204,24 @@ function collectThemisDispositionErrors(events: AuditEvent[]): string[] {
     : ["generated report has no resolved Themis disposition"]
 }
 
+export function hasResolvedThemisDispositionAfterReport(events: AuditEvent[]): boolean {
+  let reportIndex = -1
+  for (let index = events.length - 1; index >= 0; index -= 1) {
+    const event = events[index]
+    if (event && isGenerateReportCompletion(event)) {
+      reportIndex = index
+      break
+    }
+  }
+  if (reportIndex === -1) return false
+
+  return events.slice(reportIndex + 1).some((event) => {
+    if (event.type !== "tool.completed") return false
+    const payload = asRecord(event.payload)
+    return isResolvedThemisDisposition(payload?.themisDisposition)
+  })
+}
+
 function collectParentChildIntegrityErrors(events: AuditEvent[]): string[] {
   const errors: string[] = []
   const parentByChild = new Map<string, string>()

package/src/hooks/config-handler.ts

@@ -2,6 +2,7 @@ import { existsSync, readdirSync } from "node:fs"
 import { join, resolve } from "node:path"
 import type { Config } from "@opencode-ai/sdk/v2"
 import { ARGUS_PROMPT } from "../agents/argus-prompt"
+import { AUDIT_SPECIALIST_PROMPT } from "../agents/audit-specialist-prompt"
 import { PYTHIA_PROMPT } from "../agents/pythia-prompt"
 import { SCRIBE_PROMPT } from "../agents/scribe-prompt"
 import { SENTINEL_PROMPT } from "../agents/sentinel-prompt"
@@ -127,6 +128,7 @@ export function createConfigHandler(
           task: {
             sentinel: "allow",
             pythia: "allow",
+            "audit-specialist": "allow",
             scribe: "allow",
             themis: "allow",
           },
@@ -167,6 +169,27 @@ export function createConfigHandler(
           skill: "allow",
         },
       },
+      "audit-specialist": {
+        mode: "subagent",
+        model: argusConfig.agents?.auditSpecialist?.model ?? DEFAULT_MODELS.auditSpecialist,
+        steps: argusConfig.agents?.auditSpecialist?.steps ?? DEFAULT_STEPS,
+        description: "Profile-driven adversarial specialist auditor",
+        prompt: AUDIT_SPECIALIST_PROMPT,
+        permission: {
+          argus_skill_load: "allow",
+          argus_check_patterns: "allow",
+          argus_solodit_search: "allow",
+          argus_analyze_contract: "allow",
+          argus_slither_analyze: "allow",
+          argus_proxy_detection: "allow",
+          argus_forge_test: "allow",
+          argus_forge_fuzz: "allow",
+          argus_forge_coverage: "allow",
+          argus_gas_analysis: "allow",
+          argus_record_finding: "allow",
+          skill: "allow",
+        },
+      },
       scribe: {
         mode: "subagent",
         model: argusConfig.agents?.scribe?.model ?? DEFAULT_MODELS.scribe,

package/src/hooks/system-prompt-hook.ts

@@ -35,6 +35,57 @@ export function buildFallbackDirectives(unavailableTools: string[]): string[] {
   return directives
 }
 
+function formatDuration(startTime: number, endTime?: number): string {
+  if (typeof endTime !== "number" || endTime < startTime) return "pending"
+  return `${endTime - startTime}ms`
+}
+
+function buildToolLedgerLine(auditState: AuditState): string {
+  const taskDispatches = auditState.toolsExecuted.filter((tool) => tool.tool === "task").length
+  const argusTools = auditState.toolsExecuted.filter((tool) => tool.tool !== "task").slice(-5)
+  const entries = argusTools.map((tool) => {
+    const status = tool.success ? "ok" : "failed"
+    return `${tool.tool}=${status} findings=${tool.findingsCount} duration=${formatDuration(tool.startTime, tool.endTime)}`
+  })
+
+  if (taskDispatches > 0) entries.push(`task dispatches=${taskDispatches}`)
+  return entries.length > 0 ? entries.join("; ") : "none"
+}
+
+function buildToolsLine(auditState: AuditState): string {
+  const tools = auditState.toolsExecuted
+    .filter((tool) => tool.tool !== "task")
+    .map((tool) => tool.tool)
+  return tools.length > 0 ? tools.join(", ") : "none"
+}
+
+function buildFindingCountsLine(auditState: AuditState): string | null {
+  const counts = auditState.findingCounts
+  if (!counts) return null
+
+  return [
+    "Finding Counts:",
+    `raw_observations=${counts.rawObservations ?? 0}`,
+    `recorded=${counts.recordedFindings ?? 0}`,
+    `deduped=${counts.dedupedFindings ?? 0}`,
+    `actionable=${counts.actionableFindings ?? 0}`,
+    `non_actionable=${counts.nonActionableFindings ?? 0}`,
+  ].join(" ")
+}
+
+function buildCoverageLine(auditState: AuditState): string {
+  const attempt = auditState.coverageAttempt
+  if (attempt) {
+    return attempt.reason
+      ? `Coverage: ${attempt.status} — ${attempt.reason}`
+      : `Coverage: ${attempt.status}`
+  }
+  const unavailable = auditState.unavailableTools ?? []
+  return unavailable.includes("forge")
+    ? "Coverage: skipped — forge unavailable"
+    : "Coverage: pending"
+}
+
 export function buildDynamicContext(
   auditState: AuditState,
   agent: string,
@@ -45,7 +96,7 @@ export function buildDynamicContext(
   const executedToolNames = new Set(
     auditState.toolsExecuted.map((t) => TOOL_SHORT_NAMES[t.tool] ?? t.tool),
   )
-  const tools = auditState.toolsExecuted.map((tool) => tool.tool).join(", ") || "none"
+  const findingCountsLine = buildFindingCountsLine(auditState)
   const taskStatus = KEY_TOOLS.map(
     (t) => `${t}=${executedToolNames.has(t) ? "done" : "pending"}`,
   ).join(" ")
@@ -62,7 +113,10 @@ export function buildDynamicContext(
     `Phase: ${auditState.currentPhase}`,
     `Contracts: ${auditState.contractsReviewed.length} reviewed`,
     `Findings: Critical=${severityCounts.Critical} High=${severityCounts.High} Medium=${severityCounts.Medium} Low=${severityCounts.Low} Info=${severityCounts.Informational}`,
-    `Tools: ${tools}`,
+    ...(findingCountsLine ? [findingCountsLine] : []),
+    `Tools: ${buildToolsLine(auditState)}`,
+    `Tool Ledger: ${buildToolLedgerLine(auditState)}`,
+    buildCoverageLine(auditState),
     `Tasks: ${taskStatus}`,
   ]
 

package/src/hooks/tool-tracking-hook.ts

@@ -20,6 +20,7 @@ import type {
   ArgusAgentName,
   AuditState,
   Finding,
+  FindingCounts,
   FindingSeverity,
   FuzzCounterexample,
   SoloditResult,
@@ -465,14 +466,38 @@ function processSoloditResult(parsed: Record<string, unknown>, state: AuditState
   })
 }
 
-function recordToolExecution(state: AuditState, toolName: string, findingsCount: number): void {
+function buildFindingCounts(state: AuditState, findingsCount: number): FindingCounts {
+  return {
+    rawObservations: Math.max(0, findingsCount),
+    recordedFindings: state.findings.length,
+  }
+}
+
+function readErrorReason(record: Record<string, unknown>): string | undefined {
+  if (typeof record.error === "string" && record.error.trim().length > 0) return record.error
+  const errorRecord = toRecord(record.error)
+  if (typeof errorRecord?.message === "string" && errorRecord.message.trim().length > 0) {
+    return errorRecord.message
+  }
+  if (typeof record.stderr === "string" && record.stderr.trim().length > 0) return record.stderr
+  return undefined
+}
+
+function recordToolExecution(
+  state: AuditState,
+  toolName: string,
+  findingsCount: number,
+  success: boolean,
+  findingCounts?: FindingCounts,
+): void {
   const now = Date.now()
   state.toolsExecuted.push({
     tool: toolName,
     startTime: now,
     endTime: now,
-    success: true,
+    success,
     findingsCount,
+    findingCounts,
   })
 }
 
@@ -616,7 +641,7 @@ export function createToolTrackingHook(
       }
 
       if (resolved) {
-        recordToolExecution(resolved.state, "task", 0)
+        recordToolExecution(resolved.state, "task", 0, true, buildFindingCounts(resolved.state, 0))
         onStateChanged?.({ tool: "task", findingsCount: 0, sessionId: input.sessionID })
       }
 
@@ -875,9 +900,16 @@ export function createToolTrackingHook(
             break
           }
           case "argus_forge_coverage": {
+            const now = Date.now()
             const reportObj = toRecord(record.report)
             const files = reportObj?.files
-            if (Array.isArray(files)) {
+            if (record.success === false) {
+              auditState.coverageAttempt = {
+                status: "failed",
+                attemptedAt: now,
+                reason: readErrorReason(record),
+              }
+            } else if (Array.isArray(files)) {
               auditState.coverageReport = {
                 files: files
                   .filter((f): f is Record<string, unknown> => !!f && typeof f === "object")
@@ -889,6 +921,13 @@ export function createToolTrackingHook(
                     functionsPct: typeof f.functionsPct === "number" ? f.functionsPct : 0,
                   })),
               }
+              auditState.coverageAttempt = { status: "run", attemptedAt: now }
+            } else {
+              auditState.coverageAttempt = {
+                status: "failed",
+                attemptedAt: now,
+                reason: "coverage report was missing or invalid",
+              }
             }
             break
           }
@@ -963,10 +1002,12 @@ export function createToolTrackingHook(
           }
         }
 
-        completedSuccess = true
+        completedSuccess = record.success !== false
       }
 
-      recordToolExecution(auditState, input.tool, findingsCount)
+      const findingCounts = buildFindingCounts(auditState, findingsCount)
+      auditState.findingCounts = findingCounts
+      recordToolExecution(auditState, input.tool, findingsCount, completedSuccess, findingCounts)
 
       const nextPhase = inferPhaseAdvancement(auditState, input.tool)
       if (nextPhase) {
@@ -1003,6 +1044,8 @@ export function createToolTrackingHook(
               break
             case "argus_forge_coverage":
               if (auditState.coverageReport) enrichment.coverageReport = auditState.coverageReport
+              if (auditState.coverageAttempt)
+                enrichment.coverageAttempt = auditState.coverageAttempt
               break
             case "argus_gas_analysis":
               if (auditState.gasHotspots) enrichment.gasHotspots = auditState.gasHotspots
@@ -1028,6 +1071,7 @@ export function createToolTrackingHook(
           buildEvent("tool.completed", runId, sessionId, toolCallId, {
             tool: input.tool,
             findingsCount,
+            findingCounts: completedSuccess ? auditState.findingCounts : undefined,
             success: completedSuccess,
             ...(completionError ? { error: completionError } : {}),
             ...enrichment,

package/src/shared/agent-names.ts

@@ -2,6 +2,7 @@ export const ARGUS_ORCHESTRATOR: ReadonlySet<string> = new Set(["argus"])
 export const ARGUS_SUBAGENTS: ReadonlySet<string> = new Set([
   "sentinel",
   "pythia",
+  "audit-specialist",
   "scribe",
   "themis",
 ])

package/src/state/adapters.ts

@@ -246,9 +246,9 @@ export function normalizeToCanonicalFinding(
       : "manual"
 
   const reportedByAgentRaw =
+    options.reportedByAgent ??
     (typeof input.reported_by_agent === "string" ? input.reported_by_agent : undefined) ??
     (typeof input.reportedByAgent === "string" ? input.reportedByAgent : undefined) ??
-    options.reportedByAgent ??
     "unknown"
   const reportedByAgent: ArgusAgentName = VALID_AGENTS.has(reportedByAgentRaw as ArgusAgentName)
     ? (reportedByAgentRaw as ArgusAgentName)

package/src/state/projectors.ts

@@ -12,7 +12,9 @@ import {
 import type {
   AuditPhase,
   AuditState,
+  CoverageAttemptState,
   Finding,
+  FindingCounts,
   FuzzCounterexample,
   SoloditResult,
   ToolExecution,
@@ -99,6 +101,48 @@ function resolveToolSuccess(payload: Record<string, unknown>): boolean {
   return payload.success !== false
 }
 
+const FINDING_COUNT_FIELDS = [
+  "rawObservations",
+  "recordedFindings",
+  "dedupedFindings",
+  "actionableFindings",
+  "nonActionableFindings",
+] as const
+
+function asFindingCounts(value: unknown): FindingCounts | undefined {
+  if (!isRecord(value)) return undefined
+  const counts: FindingCounts = {}
+  for (const field of FINDING_COUNT_FIELDS) {
+    const count = value[field]
+    if (
+      typeof count === "number" &&
+      Number.isFinite(count) &&
+      Number.isInteger(count) &&
+      count >= 0
+    ) {
+      counts[field] = count
+    }
+  }
+  return Object.keys(counts).length > 0 ? counts : undefined
+}
+
+function asCoverageAttempt(value: unknown): CoverageAttemptState | undefined {
+  if (!isRecord(value)) return undefined
+  if (
+    value.status !== "pending" &&
+    value.status !== "run" &&
+    value.status !== "skipped" &&
+    value.status !== "failed"
+  ) {
+    return undefined
+  }
+  return {
+    status: value.status,
+    attemptedAt: typeof value.attemptedAt === "number" ? value.attemptedAt : undefined,
+    reason: typeof value.reason === "string" ? value.reason : undefined,
+  }
+}
+
 function asStringArray(value: unknown): string[] | undefined {
   if (!Array.isArray(value)) return undefined
   return value.filter((item): item is string => typeof item === "string")
@@ -321,6 +365,7 @@ export function projectToolExecutions(events: AuditEvent[]): CanonicalToolExecut
         endTime: existing?.endTime,
         success: existing?.success ?? false,
         findingsCount: existing?.findingsCount ?? 0,
+        findingCounts: existing?.findingCounts,
       })
       continue
     }
@@ -340,6 +385,7 @@ export function projectToolExecutions(events: AuditEvent[]): CanonicalToolExecut
       endTime: event.timestamp,
       success: resolveToolSuccess(payload),
       findingsCount: resolveFindingsCount(payload),
+      findingCounts: asFindingCounts(payload.findingCounts),
       run_id: event.run_id,
       schema_version: event.schema_version,
     })
@@ -408,6 +454,8 @@ export function projectReportInput(
     asFuzzCounterexamples,
   )
   const coverageReport = extractLatestFromPayload(events, "coverageReport", asCoverageReport)
+  const coverageAttempt = extractLatestFromPayload(events, "coverageAttempt", asCoverageAttempt)
+  const findingCounts = extractLatestFromPayload(events, "findingCounts", asFindingCounts)
   const gasHotspots = extractLatestFromPayload(events, "gasHotspots", asGasHotspots)
   const proxyContracts = extractLatestFromPayload(events, "proxyContracts", asProxyContracts)
   const patternVersion = extractLatestFromPayload(events, "patternVersion", asString)
@@ -424,10 +472,12 @@ export function projectReportInput(
     projectDir,
     findings,
     toolsExecuted,
+    findingCounts,
     scope,
     soloditResults,
     fuzzCounterexamples,
     coverageReport,
+    coverageAttempt,
     gasHotspots,
     proxyContracts,
     patternVersion,