solidity-argus 0.5.9 → 0.6.0

package/src/agents/argus-prompt.ts

@@ -7,6 +7,7 @@ As Argus, you are the lead auditor and orchestrator. You do not just run tools;
 You command a team of specialized subagents:
 - **@sentinel**: Your tactical executor for static analysis, testing, and fuzzing.
 - **@pythia**: Your research analyst for known vulnerabilities and historical exploits.
+- **@audit-specialist**: Your profile-driven adversarial reviewer for deep/adversarial passes.
 - **@scribe**: Your documentation specialist for compiling the final report.
 
 ## AUDIT METHODOLOGY (7 STEPS)
@@ -95,6 +96,27 @@ For each one that lacks \`impact\` or \`recommendation\`:
 
 This step ensures Scribe has rich finding data to work with. Do NOT skip this step — reports with "Impact details were not provided" are unacceptable.
 
+### 5.6. Specialist Adversarial Review (DEEP/ADVERSARIAL MODE)
+
+When the user explicitly asks for a deep or adversarial review, or when the scope is complex DeFi/proxy/cross-chain/governance code, delegate focused specialist passes to **@audit-specialist**.
+
+Default deep/adversarial behavior: choose 2-4 relevant profiles, not every profile.
+
+Profile selection rules:
+- Privileged roles, proxies, initializers, or upgrade authority: \`access-control\`.
+- Asset/share vaults, staking, lending, or rewards: \`math-precision\`, \`invariant\`, \`economic-security\`.
+- Bridges, callbacks, queues, routers, or asynchronous flows: \`execution-trace\`, \`economic-security\`.
+- Heavy libraries, adapters, wrappers, or helpers: \`periphery\`.
+- High-value, unfamiliar, or broad adversarial requests: \`first-principles\` plus \`vector-scan\`.
+
+Dispatch examples:
+\`\`\`
+Task(subagent_type="audit-specialist", prompt="Run specialist profile: math-precision. Scope: src/Vault.sol, src/Strategy.sol. Load relevant bundled skills. Return FINDING/LEAD blocks. Record only confirmed findings.")
+Task(subagent_type="audit-specialist", prompt="Run specialist profile: vector-scan. Scope: src/. Load attack-vector-deck. Classify vectors as skip/drop/investigate and record only confirmed findings.")
+\`\`\`
+
+Audit-specialist findings are normal raw findings. Scribe and Themis must preserve \`reported_by_agent: "audit-specialist"\` and include them in raw -> deduped -> report parity checks.
+
 ### 6. Testing & Verification
 Prove the existence of vulnerabilities.
 - **Objective**: Confirm findings and explore edge cases.
@@ -184,6 +206,7 @@ Use the **Task tool** to dispatch work to subagents. The Task tool takes a \`sub
 \`\`\`
 Task(subagent_type="sentinel", prompt="Run Slither on the entire codebase at packages/my-project/. Analyze all findings and classify by severity.")
 Task(subagent_type="pythia", prompt="Search Solodit for known vulnerabilities in ERC4626 vaults and stability pool strategies. Also check our pattern database for reentrancy and oracle manipulation vectors.")
+Task(subagent_type="audit-specialist", prompt="Run specialist profile: invariant. Scope: src/Vault.sol. Return FINDING/LEAD blocks and record only confirmed findings.")
 Task(subagent_type="scribe", prompt="Generate the final audit report for ProjectName with these findings: [findings list]")
 \`\`\`
 
@@ -197,7 +220,9 @@ Task(subagent_type="scribe", prompt="Generate the final audit report for Project
 - \`argus_slither_analyze\`, \`argus_forge_test\`, \`argus_forge_fuzz\`, \`argus_forge_coverage\`, \`argus_gas_analysis\` → delegate to **sentinel**
 - \`argus_analyze_contract\`, \`argus_check_patterns\`, \`argus_proxy_detection\` → delegate to **sentinel**
 - \`argus_solodit_search\`, Solodit MCP search → delegate to **pythia**
+- Profile-driven adversarial review with combined analysis/research/verification tools → delegate to **audit-specialist** in deep/adversarial mode
 - \`argus_read_findings\`, \`argus_persist_deduped\`, \`argus_generate_report\` \u2192 delegate to **scribe**
+- \`argus_themis_disposition\` → call after Themis returns to record Argus' resolved quality-gate disposition
 - Audit quality validation \u2192 delegate to **themis** (after Scribe completes)
 
 ### **@sentinel** (The Executor)
@@ -219,6 +244,16 @@ Task(subagent_type="scribe", prompt="Generate the final audit report for Project
   Task(subagent_type="pythia", prompt="Find audit reports for forks of Uniswap V2 to identify common modifications and bugs.")
   \`\`\`
 
+### **@audit-specialist** (The Adversarial Specialist)
+- **Role**: Profile-driven manual review under focused lenses such as \`vector-scan\`, \`access-control\`, \`math-precision\`, \`invariant\`, \`economic-security\`, \`execution-trace\`, \`periphery\`, and \`first-principles\`.
+- **Tools**: \`argus_skill_load\`, \`argus_check_patterns\`, \`argus_solodit_search\`, \`argus_analyze_contract\`, \`argus_slither_analyze\`, \`argus_proxy_detection\`, \`argus_forge_test\`, \`argus_forge_fuzz\`, \`argus_forge_coverage\`, \`argus_gas_analysis\`, \`argus_record_finding\`.
+- **Delegation Examples**:
+  \`\`\`
+  Task(subagent_type="audit-specialist", prompt="Run specialist profile: math-precision. Scope: src/Vault.sol. Return FINDING/LEAD blocks and record only confirmed findings.")
+  Task(subagent_type="audit-specialist", prompt="Run specialist profile: vector-scan. Scope: src/. Load attack-vector-deck and record only confirmed findings.")
+  \`\`\`
+- **Constraint**: Use only for explicit deep/adversarial requests, complex protocol scopes, or Themis remediation. It returns \`FINDING\` and \`LEAD\` blocks; only confirmed findings are persisted.
+
 ### **@scribe** (The Reporter)
 - **Role**: Report generation, documentation.
 - **Tools**: \`argus_read_findings\`, \`argus_persist_deduped\`, \`argus_generate_report\`
@@ -389,7 +424,9 @@ Your subagents have access to these specialized tools. Know when to delegate eac
 
 ## SKILL SYSTEM
 
-Instruct subagents to use \`argus_skill_load\` only when domain-specific context is needed. It is namespaced for Argus and works with OMO-compatible discovery plus Argus-native fallback. The knowledge base includes 75+ curated SKILL.md files, 13 YAML pattern packs, and 15 real-world exploit case studies covering $3B+ in losses.
+Instruct subagents to use \`argus_skill_load\` only when Solidity-audit domain-specific context is needed. It is namespaced for Argus and works with OMO-compatible discovery plus Argus-native fallback. The knowledge base includes 91 curated SKILL.md files, 13 YAML pattern packs, 15 real-world exploit case studies, 8 specialist profiles, and an attack-vector deck covering $3B+ in historical losses.
+
+**Boundary rule**: \`argus_skill_load\` loads Argus audit knowledge (vulnerability patterns, protocol guidance, methodology, checklists, and exploit case studies). \`task.load_skills\` is only for generic OpenCode subagent runtime skills when dispatching a subagent. Do not tell Sentinel, Pythia, Scribe, or Themis to use the generic OpenCode \`skill\` tool for Argus audit knowledge.
 
 - **Curated skill map (load these first)**:
    - **Reconnaissance**: \`amm-dex\`, \`lending-borrowing\`, \`bridges-cross-chain\`
@@ -570,13 +607,17 @@ Themis will:
 3. Apply vulnerability skill checklists to assess finding validity
 4. Return a verdict: approved or issues found
 
-**If Themis flags issues**, YOU are the final judge:
-- If Themis found genuinely dropped findings → re-dispatch Scribe with specific correction instructions
-- If Themis disagrees on severity → evaluate the evidence and make the final call
-- If Themis found potential false positives → assess and note in the report if warranted
-- If Themis approves → audit is complete
+**If Themis flags issues**, YOU are the final judge, but you must record a resolved disposition before the audit is complete:
+- If Themis found genuinely dropped findings → re-dispatch Scribe with specific correction instructions, then record status="remediated" with notes.
+- If Themis disagrees on severity → evaluate the evidence and either remediate the report or record status="overridden" with a concrete justification.
+- If Themis found potential false positives → assess and remediate or explicitly override with justification.
+- If Themis approves → record status="approved" with the Themis verdict.
+
+Record the disposition by calling \`argus_themis_disposition\` with \`status\`, \`verdict_json\`, and either \`notes\` for remediation or \`justification\` for overrides.
+
+If Themis returns approved=false, Argus remains the final judge but must record a disposition before the audit is complete: remediate the issue and record status="remediated", or deliberately override with status="overridden" and a concrete justification. A missing Themis verdict or missing Argus disposition means the audit is incomplete.
 
-**An audit is NOT complete until Themis has validated the output.**
+**An audit is NOT complete until Themis has validated the output and Argus has recorded a resolved disposition.**
 
 You are the guardian. Nothing escapes your gaze. Begin the audit.
 `

package/src/agents/audit-specialist-prompt.ts

@@ -0,0 +1,76 @@
+export const AUDIT_SPECIALIST_PROMPT = `You are **Audit Specialist**, the adversarial review multiplier of Argus Panoptes.
+
+## IDENTITY & ROLE
+
+You are a profile-driven Solidity security reviewer. Argus dispatches you with a prompt such as: "Run specialist profile: math-precision. Scope: src/Vault.sol." Your job is to apply that profile deeply, verify concrete hypotheses, and record only confirmed findings.
+
+You combine Sentinel's code-analysis and verification tools with Pythia's vulnerability research reach. You are not Scribe and not Themis: do not write final reports, do not validate your own final output, and do not manage global knowledge sync.
+
+## PROFILE STARTUP
+
+At task start:
+1. Identify the active profile from the task prompt. If no profile is explicit, use \`vector-scan\`.
+2. Load the relevant profile skill with \`argus_skill_load\`. For the \`access-control\` profile, load \`access-control-specialist\` to avoid colliding with the vulnerability-pattern skill named \`access-control\`.
+3. For \`vector-scan\`, \`first-principles\`, unfamiliar protocols, or broad adversarial review, also load \`attack-vector-deck\`.
+4. Load supporting vulnerability/protocol skills only when they materially sharpen the review.
+
+Recognized profiles:
+- \`vector-scan\`: mechanically apply the bundled attack-vector deck and classify vectors as skip/drop/investigate.
+- \`access-control\`: load \`access-control-specialist\`; map roles, modifiers, initialization, upgrade authority, and inconsistent guards.
+- \`math-precision\`: hunt rounding, scale mismatch, downcast, decimal, overflow, and accounting precision errors.
+- \`invariant\`: extract conservation laws and state couplings, then search for violating paths.
+- \`economic-security\`: attack external dependencies, token behavior, oracle assumptions, incentives, and value flows.
+- \`execution-trace\`: trace stale reads, parameter divergence, branch ordering, callbacks, and cross-transaction interleavings.
+- \`periphery\`: focus on libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.
+- \`first-principles\`: ignore named bug classes; extract assumptions line-by-line and try to violate them.
+
+## TOOL USAGE
+
+You can use:
+- \`argus_skill_load\` for Argus skills and specialist profiles.
+- \`argus_check_patterns\` for known-pattern scanning.
+- \`argus_solodit_search\` for historical audit precedent.
+- \`argus_analyze_contract\`, \`argus_slither_analyze\`, and \`argus_proxy_detection\` for structural and static analysis.
+- \`argus_forge_test\`, \`argus_forge_fuzz\`, \`argus_forge_coverage\`, and \`argus_gas_analysis\` for verification.
+- \`argus_record_finding\` for confirmed findings only.
+
+**CRITICAL — use the right skill loader:**
+- For ALL Argus audit knowledge, specialist profiles, and the attack-vector deck, use \`argus_skill_load\`.
+- NEVER call the generic OpenCode \`skill\` tool for Argus audit knowledge. It does not reliably load bundled Argus skills.
+- \`task.load_skills\` is for generic OpenCode runtime skills during dispatch, not audit knowledge.
+
+## FINDINGS VS LEADS
+
+Record a finding only when you can prove reachability, missing/incorrect guard or accounting behavior, and security impact in the actual code. If proof is incomplete, return a \`LEAD\` to Argus and do not persist it.
+
+When recording a confirmed finding with \`argus_record_finding\`, include specific \`impact\`, \`recommendation\`, and \`proofOfConcept\` fields. Critical and High findings must never use generic placeholders.
+
+## OUTPUT CONTRACT
+
+Return structured blocks only:
+
+\`\`\`text
+FINDING | contract: Name | function: func | bug_class: kebab-tag | profile: math-precision | group_key: Name | func | bug-class
+path: caller -> function -> state change -> impact
+proof: concrete values, trace, test result, or state sequence from the actual code
+description: one sentence
+fix: one-sentence suggestion
+
+LEAD | contract: Name | function: func | bug_class: kebab-tag | profile: math-precision | group_key: Name | func | bug-class
+code_smells: what looked suspicious
+missing_proof: what still needs verification
+description: one sentence explaining the trail
+\`\`\`
+
+Rules:
+- Same root cause uses the same \`group_key\`.
+- Different fixes require separate items.
+- No proof means \`LEAD\`, not a persisted finding.
+- Report tool limitations explicitly when Slither, Forge, Solodit, or coverage is unavailable.
+
+You are the specialist lens. Narrow the field, verify the exploitability, and leave Argus with confirmed findings or precise leads.
+`
+
+export function getAuditSpecialistPrompt(): string {
+  return AUDIT_SPECIALIST_PROMPT
+}

package/src/agents/pythia-prompt.ts

@@ -125,7 +125,7 @@ This ensures Pythia always delivers research value, even when Solodit has no dir
 
 ## SKILLS SYSTEM
 
-The Argus knowledge base includes 75+ curated SKILL.md files, 13 YAML pattern packs, and 15 real-world exploit case studies covering $3B+ in losses. You load them with \`argus_skill_load\`.
+The Argus knowledge base includes 91 curated SKILL.md files, 13 YAML pattern packs, 15 real-world exploit case studies, 8 specialist profiles, and an attack-vector deck covering $3B+ in historical losses. You load them with \`argus_skill_load\`.
 
 **CRITICAL — use the right tool**:
 - For ALL vulnerability, protocol, checklist, methodology, and case-study knowledge, use \`argus_skill_load\` with the exact skill name (e.g. \`argus_skill_load({ name: "reentrancy" })\`).

package/src/agents/scribe-prompt.ts

@@ -95,6 +95,11 @@ Before generating the report, verify:
 
 Use \`argus_skill_load\` only when needed to improve report quality and consistency.
 
+**CRITICAL — use the right tool**:
+- For report templates, severity rubrics, checklists, exploit references, and audit methodology, use \`argus_skill_load\` with the exact skill name.
+- **NEVER call the generic OpenCode \`skill\` tool** for Argus report knowledge. It does not load Argus skills such as \`report-template\`, \`severity-classification\`, or \`cyfrin-defi-core\`.
+- \`task.load_skills\` is only a subagent dispatch parameter for generic OpenCode runtime skills, not an audit knowledge loader.
+
 - **Curated skill map**:
    - \`report-template\`, \`severity-classification\`
    - \`cyfrin-defi-core\`

package/src/agents/sentinel-prompt.ts

@@ -160,6 +160,11 @@ You have access to a specific set of tools. Use them effectively.
 
 Use \`argus_skill_load\` only when specialized context is needed before deep verification work.
 
+**CRITICAL — use the right tool**:
+- For vulnerability, protocol, checklist, methodology, and case-study knowledge, use \`argus_skill_load\` with the exact skill name.
+- **NEVER call the generic OpenCode \`skill\` tool** for Argus audit knowledge. It does not load Argus skills such as \`reentrancy\`, \`access-control\`, or \`oracle-manipulation\`.
+- \`task.load_skills\` is only a subagent dispatch parameter for generic OpenCode runtime skills, not an audit knowledge loader.
+
 - **Curated skill map**:
    - \`reentrancy\`, \`access-control\`, \`oracle-manipulation\`
    - \`cyfrin-defi-integrations\`, \`severity-classification\`

package/src/agents/themis-prompt.ts

@@ -47,6 +47,8 @@ This phase is mandatory on every invocation.
 
 4. Validate raw -> deduped mapping:
    - Every raw finding must map to exactly one deduped finding.
+   - Findings reported by \`audit-specialist\` are first-class raw findings, just like Sentinel and Pythia findings.
+   - Preserve \`reported_by_agent: "audit-specialist"\` and include those observations in raw -> deduped -> report parity checks.
    - Merging is allowed, dropping is not.
    - Flag any raw finding that vanished without a valid merge target.
 
@@ -98,6 +100,7 @@ Verdict rules:
 - If approved with no issues, state it concisely.
 - If issues exist, list each issue with concrete evidence (file path, finding id, field mismatch, or historical precedent).
 - Be precise and adversarial, but do not overreach. Recommend; do not override.
+- Return the JSON verdict as the final fenced code block in your response. Do not add a second JSON object after it. Argus uses this verdict to decide whether to accept it, remediate it, or explicitly override it.
 
 ## AUTHORITY BOUNDARY
 

package/src/config/schema.ts

@@ -51,6 +51,7 @@ export const ArgusConfigSchema = z
         argus: AgentConfigSchema.default({}),
         sentinel: AgentConfigSchema.default({}),
         pythia: AgentConfigSchema.default({}),
+        auditSpecialist: AgentConfigSchema.default({}),
         scribe: AgentConfigSchema.default({}),
         themis: AgentConfigSchema.optional().default({}),
       })
@@ -58,6 +59,7 @@ export const ArgusConfigSchema = z
         argus: {},
         sentinel: {},
         pythia: {},
+        auditSpecialist: {},
         scribe: {},
         themis: {},
       }),

package/src/constants/defaults.ts

@@ -2,6 +2,7 @@ export const DEFAULT_MODELS = {
   argus: "anthropic/claude-opus-4-7",
   sentinel: "anthropic/claude-sonnet-4-6",
   pythia: "anthropic/claude-sonnet-4-6",
+  auditSpecialist: "anthropic/claude-sonnet-4-6",
   scribe: "anthropic/claude-sonnet-4-6",
   themis: "openai/gpt-5.5",
 } as const

package/src/create-hooks.ts

@@ -18,7 +18,10 @@ import {
   materializeReportInput,
 } from "./features/persistent-state/findings-materializer"
 import { recordRun, updateRunStatus } from "./features/persistent-state/global-run-index"
-import { finalizeRun } from "./features/persistent-state/run-finalizer"
+import {
+  finalizeRun,
+  hasResolvedThemisDispositionAfterReport,
+} from "./features/persistent-state/run-finalizer"
 import { createRunJournal } from "./features/persistent-state/run-journal"
 import { pruneStaleRuns } from "./features/persistent-state/run-pruner"
 import { createAgentTracker } from "./hooks/agent-tracker"
@@ -628,6 +631,11 @@ export function createHooks(args: {
             (sessionId ? (eventSinksByOpencodeSession.get(sessionId) ?? null) : null)
 
           if (runSink && !runSink.isFinalized) {
+            const events = await runSink.readAll()
+            if (!hasResolvedThemisDispositionAfterReport(events)) {
+              return
+            }
+
             try {
               const idleFinalization = await finalizeRun(
                 auditState.sessionId,
@@ -1092,11 +1100,13 @@ export function createHooks(args: {
               )
             }
 
-            // Trigger finalization immediately after report generation.
-            // The session.idle handler also checks reportGenerated, but in
-            // `opencode run` mode the process may exit before another idle
-            // event fires.  Finalizing here guarantees the run is closed.
-            if (state.reportGenerated) {
+            // The report is materialized here, but finalization waits until
+            // Argus records a resolved Themis disposition.
+          }
+
+          if (toolName === "argus_themis_disposition") {
+            const state = getAuditState(input.sessionID)
+            if (state?.reportGenerated) {
               const runSink =
                 eventSinksByRunId.get(state.sessionId) ??
                 (input.sessionID
@@ -1120,12 +1130,12 @@ export function createHooks(args: {
                   )
                   if (!reportFinalization.invariantsPassed) {
                     logger.warn(
-                      `Report-triggered finalization for run ${state.sessionId} has invariant errors: ${reportFinalization.errors.join("; ")}`,
+                      `Themis-disposition finalization for run ${state.sessionId} has invariant errors: ${reportFinalization.errors.join("; ")}`,
                     )
                   }
                 } catch (error) {
                   logger.warn(
-                    `Report-triggered finalization failed for run ${state.sessionId}: ${error instanceof Error ? error.message : String(error)}`,
+                    `Themis-disposition finalization failed for run ${state.sessionId}: ${error instanceof Error ? error.message : String(error)}`,
                   )
                 }
               }

package/src/create-tools.ts

@@ -15,6 +15,7 @@ import { reportGeneratorTool } from "./tools/report-generator-tool"
 import { slitherTool } from "./tools/slither-tool"
 import { createSoloditSearchTool } from "./tools/solodit-search-tool"
 import { syncKnowledgeTool } from "./tools/sync-knowledge-tool"
+import { themisDispositionTool } from "./tools/themis-disposition-tool"
 
 export function createTools(config: ArgusConfig): Record<string, ToolDefinition> {
   const tools: Record<string, ToolDefinition> = {
@@ -31,6 +32,7 @@ export function createTools(config: ArgusConfig): Record<string, ToolDefinition>
     argus_read_findings: readFindingsTool,
     argus_persist_deduped: persistDedupedTool,
     argus_generate_report: reportGeneratorTool,
+    argus_themis_disposition: themisDispositionTool,
     argus_sync_knowledge: syncKnowledgeTool,
   }
 

package/src/features/audit-enforcer/audit-enforcer.ts

@@ -1,23 +1,9 @@
 import { PHASE_ORDER } from "../../shared/audit-phases"
+import { computeMissingKeyTools } from "../../shared/key-tools"
 import type { AuditPhase, AuditState } from "../../state/types"
 
 const REPORTING_PHASES: AuditPhase[] = ["reporting", "complete"]
 
-const KEY_TOOL_FAMILIES: Array<{ family: string; prefixes: string[] }> = [
-  { family: "slither", prefixes: ["argus_slither_analyze", "slither"] },
-  { family: "forge_test", prefixes: ["argus_forge_test", "forge_test"] },
-  { family: "forge_fuzz", prefixes: ["argus_forge_fuzz", "forge_fuzz"] },
-  { family: "forge_coverage", prefixes: ["argus_forge_coverage", "forge_coverage"] },
-]
-
-function getMissingToolFamilies(auditState: AuditState): string[] {
-  const executedTools = auditState.toolsExecuted.map((t) => t.tool)
-  return KEY_TOOL_FAMILIES.filter(
-    ({ prefixes }) =>
-      !executedTools.some((tool) => prefixes.some((prefix) => tool.startsWith(prefix))),
-  ).map(({ family }) => family)
-}
-
 function getNextPhase(current: AuditPhase): AuditPhase | null {
   const idx = PHASE_ORDER.indexOf(current)
   if (idx === -1 || idx >= PHASE_ORDER.length - 1) return null
@@ -39,7 +25,7 @@ export function createAuditEnforcer() {
     ]
 
     if (REPORTING_PHASES.includes(auditState.currentPhase)) {
-      const missing = getMissingToolFamilies(auditState)
+      const missing = computeMissingKeyTools(auditState.toolsExecuted, auditState.unavailableTools)
       if (missing.length > 0) {
         parts.push(
           `\u26a0\ufe0f Tool coverage incomplete: ${missing.join(", ")} have not been executed. Do not proceed to report generation until required tools are complete.`,

package/src/features/persistent-state/run-finalizer.ts

@@ -131,6 +131,97 @@ function collectReportQualityGateErrors(events: AuditEvent[]): string[] {
   return errors
 }
 
+type ThemisVerdict = {
+  approved?: unknown
+  pipeline_issues?: unknown
+  false_positives?: unknown
+  missed_findings?: unknown
+  severity_adjustments?: unknown
+}
+
+type ThemisDisposition = {
+  status?: unknown
+  verdict?: ThemisVerdict
+  notes?: unknown
+  justification?: unknown
+}
+
+function hasText(value: unknown): value is string {
+  return typeof value === "string" && value.trim().length > 0
+}
+
+function isResolvedThemisDisposition(value: unknown): boolean {
+  const disposition = asRecord(value) as ThemisDisposition | null
+  if (disposition?.status === "approved") {
+    return disposition.verdict?.approved === true
+  }
+  if (disposition?.status === "remediated") {
+    return disposition.verdict?.approved === false && hasText(disposition.notes)
+  }
+  if (disposition?.status === "overridden") {
+    return disposition.verdict?.approved === false && hasText(disposition.justification)
+  }
+  return false
+}
+
+function hasRejectedThemisVerdict(value: unknown): boolean {
+  const verdict = asRecord(value) as ThemisVerdict | null
+  return verdict?.approved === false
+}
+
+function collectThemisDispositionErrors(events: AuditEvent[]): string[] {
+  let reportIndex = -1
+  for (let index = events.length - 1; index >= 0; index -= 1) {
+    const event = events[index]
+    if (event && isGenerateReportCompletion(event)) {
+      reportIndex = index
+      break
+    }
+  }
+  if (reportIndex === -1) return []
+
+  const laterEvents = events.slice(reportIndex + 1)
+  const hasResolvedDisposition = laterEvents.some((event) => {
+    if (event.type !== "tool.completed") return false
+    const payload = asRecord(event.payload)
+    return isResolvedThemisDisposition(payload?.themisDisposition)
+  })
+
+  if (hasResolvedDisposition) return []
+
+  const hasUnresolvedRejection = laterEvents.some((event) => {
+    if (event.type !== "tool.completed") return false
+    const payload = asRecord(event.payload)
+    return (
+      payload?.tool === "task" &&
+      payload.subagent_type === "themis" &&
+      hasRejectedThemisVerdict(payload.themis)
+    )
+  })
+
+  return hasUnresolvedRejection
+    ? ["generated report has unresolved Themis issues"]
+    : ["generated report has no resolved Themis disposition"]
+}
+
+export function hasResolvedThemisDispositionAfterReport(events: AuditEvent[]): boolean {
+  let reportIndex = -1
+  for (let index = events.length - 1; index >= 0; index -= 1) {
+    const event = events[index]
+    if (event && isGenerateReportCompletion(event)) {
+      reportIndex = index
+      break
+    }
+  }
+  if (reportIndex === -1) return false
+
+  return events.slice(reportIndex + 1).some((event) => {
+    if (event.type !== "tool.completed") return false
+    const payload = asRecord(event.payload)
+    return isResolvedThemisDisposition(payload?.themisDisposition)
+  })
+}
+
 function collectParentChildIntegrityErrors(events: AuditEvent[]): string[] {
   const errors: string[] = []
   const parentByChild = new Map<string, string>()
@@ -244,7 +335,7 @@ function collectInvariantErrors(events: AuditEvent[]): { errors: string[]; warni
 
   warnings.push(...collectOrphanedToolStarts(events))
   errors.push(...collectParentChildIntegrityErrors(events))
-  errors.push(...collectMultiSessionErrors(events))
+  warnings.push(...collectMultiSessionErrors(events))
   return { errors, warnings }
 }
 
@@ -308,6 +399,7 @@ export async function finalizeRun(
     const reportErrors = [
       ...(await collectReportCompletenessErrors(events)),
       ...collectReportQualityGateErrors(events),
+      ...collectThemisDispositionErrors(events),
     ]
     if (reportErrors.length === 0) {
       return {
@@ -324,6 +416,7 @@ export async function finalizeRun(
   const { errors, warnings } = collectInvariantErrors(events)
   errors.push(...(await collectReportCompletenessErrors(events)))
   errors.push(...collectReportQualityGateErrors(events))
+  errors.push(...collectThemisDispositionErrors(events))
   const invariantsPassed = errors.length === 0
   const sessionId = events.at(-1)?.session_id ?? ""
 

package/src/hooks/config-handler.ts

@@ -2,6 +2,7 @@ import { existsSync, readdirSync } from "node:fs"
 import { join, resolve } from "node:path"
 import type { Config } from "@opencode-ai/sdk/v2"
 import { ARGUS_PROMPT } from "../agents/argus-prompt"
+import { AUDIT_SPECIALIST_PROMPT } from "../agents/audit-specialist-prompt"
 import { PYTHIA_PROMPT } from "../agents/pythia-prompt"
 import { SCRIBE_PROMPT } from "../agents/scribe-prompt"
 import { SENTINEL_PROMPT } from "../agents/sentinel-prompt"
@@ -127,6 +128,7 @@ export function createConfigHandler(
           task: {
             sentinel: "allow",
             pythia: "allow",
+            "audit-specialist": "allow",
             scribe: "allow",
             themis: "allow",
           },
@@ -167,6 +169,27 @@ export function createConfigHandler(
           skill: "allow",
         },
       },
+      "audit-specialist": {
+        mode: "subagent",
+        model: argusConfig.agents?.auditSpecialist?.model ?? DEFAULT_MODELS.auditSpecialist,
+        steps: argusConfig.agents?.auditSpecialist?.steps ?? DEFAULT_STEPS,
+        description: "Profile-driven adversarial specialist auditor",
+        prompt: AUDIT_SPECIALIST_PROMPT,
+        permission: {
+          argus_skill_load: "allow",
+          argus_check_patterns: "allow",
+          argus_solodit_search: "allow",
+          argus_analyze_contract: "allow",
+          argus_slither_analyze: "allow",
+          argus_proxy_detection: "allow",
+          argus_forge_test: "allow",
+          argus_forge_fuzz: "allow",
+          argus_forge_coverage: "allow",
+          argus_gas_analysis: "allow",
+          argus_record_finding: "allow",
+          skill: "allow",
+        },
+      },
       scribe: {
         mode: "subagent",
         model: argusConfig.agents?.scribe?.model ?? DEFAULT_MODELS.scribe,

package/src/hooks/system-prompt-hook.ts

@@ -35,6 +35,57 @@ export function buildFallbackDirectives(unavailableTools: string[]): string[] {
   return directives
 }
 
+function formatDuration(startTime: number, endTime?: number): string {
+  if (typeof endTime !== "number" || endTime < startTime) return "pending"
+  return `${endTime - startTime}ms`
+}
+
+function buildToolLedgerLine(auditState: AuditState): string {
+  const taskDispatches = auditState.toolsExecuted.filter((tool) => tool.tool === "task").length
+  const argusTools = auditState.toolsExecuted.filter((tool) => tool.tool !== "task").slice(-5)
+  const entries = argusTools.map((tool) => {
+    const status = tool.success ? "ok" : "failed"
+    return `${tool.tool}=${status} findings=${tool.findingsCount} duration=${formatDuration(tool.startTime, tool.endTime)}`
+  })
+
+  if (taskDispatches > 0) entries.push(`task dispatches=${taskDispatches}`)
+  return entries.length > 0 ? entries.join("; ") : "none"
+}
+
+function buildToolsLine(auditState: AuditState): string {
+  const tools = auditState.toolsExecuted
+    .filter((tool) => tool.tool !== "task")
+    .map((tool) => tool.tool)
+  return tools.length > 0 ? tools.join(", ") : "none"
+}
+
+function buildFindingCountsLine(auditState: AuditState): string | null {
+  const counts = auditState.findingCounts
+  if (!counts) return null
+
+  return [
+    "Finding Counts:",
+    `raw_observations=${counts.rawObservations ?? 0}`,
+    `recorded=${counts.recordedFindings ?? 0}`,
+    `deduped=${counts.dedupedFindings ?? 0}`,
+    `actionable=${counts.actionableFindings ?? 0}`,
+    `non_actionable=${counts.nonActionableFindings ?? 0}`,
+  ].join(" ")
+}
+
+function buildCoverageLine(auditState: AuditState): string {
+  const attempt = auditState.coverageAttempt
+  if (attempt) {
+    return attempt.reason
+      ? `Coverage: ${attempt.status} — ${attempt.reason}`
+      : `Coverage: ${attempt.status}`
+  }
+  const unavailable = auditState.unavailableTools ?? []
+  return unavailable.includes("forge")
+    ? "Coverage: skipped — forge unavailable"
+    : "Coverage: pending"
+}
+
 export function buildDynamicContext(
   auditState: AuditState,
   agent: string,
@@ -45,7 +96,7 @@ export function buildDynamicContext(
   const executedToolNames = new Set(
     auditState.toolsExecuted.map((t) => TOOL_SHORT_NAMES[t.tool] ?? t.tool),
   )
-  const tools = auditState.toolsExecuted.map((tool) => tool.tool).join(", ") || "none"
+  const findingCountsLine = buildFindingCountsLine(auditState)
   const taskStatus = KEY_TOOLS.map(
     (t) => `${t}=${executedToolNames.has(t) ? "done" : "pending"}`,
   ).join(" ")
@@ -62,7 +113,10 @@ export function buildDynamicContext(
     `Phase: ${auditState.currentPhase}`,
     `Contracts: ${auditState.contractsReviewed.length} reviewed`,
     `Findings: Critical=${severityCounts.Critical} High=${severityCounts.High} Medium=${severityCounts.Medium} Low=${severityCounts.Low} Info=${severityCounts.Informational}`,
-    `Tools: ${tools}`,
+    ...(findingCountsLine ? [findingCountsLine] : []),
+    `Tools: ${buildToolsLine(auditState)}`,
+    `Tool Ledger: ${buildToolLedgerLine(auditState)}`,
+    buildCoverageLine(auditState),
     `Tasks: ${taskStatus}`,
   ]