solidity-argus 0.5.9 → 0.6.0

package/src/hooks/tool-tracking-hook.ts

@@ -20,6 +20,7 @@ import type {
   ArgusAgentName,
   AuditState,
   Finding,
+  FindingCounts,
   FindingSeverity,
   FuzzCounterexample,
   SoloditResult,
@@ -426,6 +427,21 @@ function processFuzzResult(parsed: Record<string, unknown>, state: AuditState):
   }
 }
 
+function countReadFindingsResult(parsed: Record<string, unknown>): number {
+  const summary = toRecord(parsed.summary)
+  if (
+    summary &&
+    typeof summary.findingsCount === "number" &&
+    Number.isFinite(summary.findingsCount)
+  ) {
+    return Math.max(0, summary.findingsCount)
+  }
+
+  const reportInput = toRecord(parsed.reportInput)
+  const findings = reportInput?.findings
+  return Array.isArray(findings) ? findings.length : 0
+}
+
 function processSoloditResult(parsed: Record<string, unknown>, state: AuditState): void {
   const query = typeof parsed.query === "string" ? parsed.query : ""
   const results = Array.isArray(parsed.results) ? parsed.results : []
@@ -450,14 +466,38 @@ function processSoloditResult(parsed: Record<string, unknown>, state: AuditState
   })
 }
 
-function recordToolExecution(state: AuditState, toolName: string, findingsCount: number): void {
+function buildFindingCounts(state: AuditState, findingsCount: number): FindingCounts {
+  return {
+    rawObservations: Math.max(0, findingsCount),
+    recordedFindings: state.findings.length,
+  }
+}
+
+function readErrorReason(record: Record<string, unknown>): string | undefined {
+  if (typeof record.error === "string" && record.error.trim().length > 0) return record.error
+  const errorRecord = toRecord(record.error)
+  if (typeof errorRecord?.message === "string" && errorRecord.message.trim().length > 0) {
+    return errorRecord.message
+  }
+  if (typeof record.stderr === "string" && record.stderr.trim().length > 0) return record.stderr
+  return undefined
+}
+
+function recordToolExecution(
+  state: AuditState,
+  toolName: string,
+  findingsCount: number,
+  success: boolean,
+  findingCounts?: FindingCounts,
+): void {
   const now = Date.now()
   state.toolsExecuted.push({
     tool: toolName,
     startTime: now,
     endTime: now,
-    success: true,
+    success,
     findingsCount,
+    findingCounts,
   })
 }
 
@@ -601,7 +641,7 @@ export function createToolTrackingHook(
       }
 
       if (resolved) {
-        recordToolExecution(resolved.state, "task", 0)
+        recordToolExecution(resolved.state, "task", 0, true, buildFindingCounts(resolved.state, 0))
         onStateChanged?.({ tool: "task", findingsCount: 0, sessionId: input.sessionID })
       }
 
@@ -709,6 +749,7 @@ export function createToolTrackingHook(
     let findingsCount = 0
     let completedSuccess = false
     let completionError: string | undefined
+    let completedRecord: Record<string, unknown> | null = null
 
     try {
       if (input.tool === "argus_skill_load") {
@@ -763,6 +804,7 @@ export function createToolTrackingHook(
           }
           return
         }
+        completedRecord = record
 
         switch (input.tool) {
           case "argus_slither_analyze": {
@@ -812,6 +854,9 @@ export function createToolTrackingHook(
               projectDir,
             )
             break
+          case "argus_read_findings":
+            findingsCount = countReadFindingsResult(record)
+            break
           case "argus_analyze_contract": {
             processContractAnalyzerResult(record, auditState)
             const filePath = (input.args as Record<string, unknown>)?.file_path as string
@@ -855,9 +900,16 @@ export function createToolTrackingHook(
             break
           }
           case "argus_forge_coverage": {
+            const now = Date.now()
             const reportObj = toRecord(record.report)
             const files = reportObj?.files
-            if (Array.isArray(files)) {
+            if (record.success === false) {
+              auditState.coverageAttempt = {
+                status: "failed",
+                attemptedAt: now,
+                reason: readErrorReason(record),
+              }
+            } else if (Array.isArray(files)) {
               auditState.coverageReport = {
                 files: files
                   .filter((f): f is Record<string, unknown> => !!f && typeof f === "object")
@@ -869,6 +921,13 @@ export function createToolTrackingHook(
                     functionsPct: typeof f.functionsPct === "number" ? f.functionsPct : 0,
                   })),
               }
+              auditState.coverageAttempt = { status: "run", attemptedAt: now }
+            } else {
+              auditState.coverageAttempt = {
+                status: "failed",
+                attemptedAt: now,
+                reason: "coverage report was missing or invalid",
+              }
             }
             break
           }
@@ -943,10 +1002,12 @@ export function createToolTrackingHook(
           }
         }
 
-        completedSuccess = true
+        completedSuccess = record.success !== false
       }
 
-      recordToolExecution(auditState, input.tool, findingsCount)
+      const findingCounts = buildFindingCounts(auditState, findingsCount)
+      auditState.findingCounts = findingCounts
+      recordToolExecution(auditState, input.tool, findingsCount, completedSuccess, findingCounts)
 
       const nextPhase = inferPhaseAdvancement(auditState, input.tool)
       if (nextPhase) {
@@ -983,6 +1044,8 @@ export function createToolTrackingHook(
               break
             case "argus_forge_coverage":
               if (auditState.coverageReport) enrichment.coverageReport = auditState.coverageReport
+              if (auditState.coverageAttempt)
+                enrichment.coverageAttempt = auditState.coverageAttempt
               break
             case "argus_gas_analysis":
               if (auditState.gasHotspots) enrichment.gasHotspots = auditState.gasHotspots
@@ -996,6 +1059,11 @@ export function createToolTrackingHook(
             case "argus_check_patterns":
               if (auditState.patternVersion) enrichment.patternVersion = auditState.patternVersion
               break
+            case "argus_themis_disposition":
+              if (completedRecord?.themisDisposition) {
+                enrichment.themisDisposition = completedRecord.themisDisposition
+              }
+              break
           }
         }
         await emitToSink(
@@ -1003,6 +1071,7 @@ export function createToolTrackingHook(
           buildEvent("tool.completed", runId, sessionId, toolCallId, {
             tool: input.tool,
             findingsCount,
+            findingCounts: completedSuccess ? auditState.findingCounts : undefined,
             success: completedSuccess,
             ...(completionError ? { error: completionError } : {}),
             ...enrichment,

package/src/shared/agent-names.ts

@@ -2,6 +2,7 @@ export const ARGUS_ORCHESTRATOR: ReadonlySet<string> = new Set(["argus"])
 export const ARGUS_SUBAGENTS: ReadonlySet<string> = new Set([
   "sentinel",
   "pythia",
+  "audit-specialist",
   "scribe",
   "themis",
 ])

package/src/shared/key-tools.ts

@@ -23,15 +23,22 @@ export const UNAVAILABLE_TO_KEY_TOOL: Record<string, string> = {
   solodit: "solodit",
 }
 
+type ToolCoverageRecord = {
+  tool: string
+  success?: boolean
+}
+
 /**
  * Compute which key tools have not yet been executed, excusing any that are
  * declared unavailable.
  */
 export function computeMissingKeyTools(
-  toolsExecuted: Array<{ tool: string }>,
+  toolsExecuted: ToolCoverageRecord[],
   unavailableTools?: string[],
 ): string[] {
-  const executedShortNames = new Set(toolsExecuted.map((t) => TOOL_SHORT_NAMES[t.tool] ?? t.tool))
+  const executedShortNames = new Set(
+    toolsExecuted.filter((t) => t.success === true).map((t) => TOOL_SHORT_NAMES[t.tool] ?? t.tool),
+  )
   const excused = new Set(
     (unavailableTools ?? []).map((t) => UNAVAILABLE_TO_KEY_TOOL[t]).filter(Boolean),
   )

package/src/state/adapters.ts

@@ -246,9 +246,9 @@ export function normalizeToCanonicalFinding(
       : "manual"
 
   const reportedByAgentRaw =
+    options.reportedByAgent ??
     (typeof input.reported_by_agent === "string" ? input.reported_by_agent : undefined) ??
     (typeof input.reportedByAgent === "string" ? input.reportedByAgent : undefined) ??
-    options.reportedByAgent ??
     "unknown"
   const reportedByAgent: ArgusAgentName = VALID_AGENTS.has(reportedByAgentRaw as ArgusAgentName)
     ? (reportedByAgentRaw as ArgusAgentName)

package/src/state/projectors.ts

@@ -12,7 +12,9 @@ import {
 import type {
   AuditPhase,
   AuditState,
+  CoverageAttemptState,
   Finding,
+  FindingCounts,
   FuzzCounterexample,
   SoloditResult,
   ToolExecution,
@@ -99,6 +101,48 @@ function resolveToolSuccess(payload: Record<string, unknown>): boolean {
   return payload.success !== false
 }
 
+const FINDING_COUNT_FIELDS = [
+  "rawObservations",
+  "recordedFindings",
+  "dedupedFindings",
+  "actionableFindings",
+  "nonActionableFindings",
+] as const
+
+function asFindingCounts(value: unknown): FindingCounts | undefined {
+  if (!isRecord(value)) return undefined
+  const counts: FindingCounts = {}
+  for (const field of FINDING_COUNT_FIELDS) {
+    const count = value[field]
+    if (
+      typeof count === "number" &&
+      Number.isFinite(count) &&
+      Number.isInteger(count) &&
+      count >= 0
+    ) {
+      counts[field] = count
+    }
+  }
+  return Object.keys(counts).length > 0 ? counts : undefined
+}
+
+function asCoverageAttempt(value: unknown): CoverageAttemptState | undefined {
+  if (!isRecord(value)) return undefined
+  if (
+    value.status !== "pending" &&
+    value.status !== "run" &&
+    value.status !== "skipped" &&
+    value.status !== "failed"
+  ) {
+    return undefined
+  }
+  return {
+    status: value.status,
+    attemptedAt: typeof value.attemptedAt === "number" ? value.attemptedAt : undefined,
+    reason: typeof value.reason === "string" ? value.reason : undefined,
+  }
+}
+
 function asStringArray(value: unknown): string[] | undefined {
   if (!Array.isArray(value)) return undefined
   return value.filter((item): item is string => typeof item === "string")
@@ -321,6 +365,7 @@ export function projectToolExecutions(events: AuditEvent[]): CanonicalToolExecut
         endTime: existing?.endTime,
         success: existing?.success ?? false,
         findingsCount: existing?.findingsCount ?? 0,
+        findingCounts: existing?.findingCounts,
       })
       continue
     }
@@ -340,6 +385,7 @@ export function projectToolExecutions(events: AuditEvent[]): CanonicalToolExecut
       endTime: event.timestamp,
       success: resolveToolSuccess(payload),
       findingsCount: resolveFindingsCount(payload),
+      findingCounts: asFindingCounts(payload.findingCounts),
       run_id: event.run_id,
       schema_version: event.schema_version,
     })
@@ -408,6 +454,8 @@ export function projectReportInput(
     asFuzzCounterexamples,
   )
   const coverageReport = extractLatestFromPayload(events, "coverageReport", asCoverageReport)
+  const coverageAttempt = extractLatestFromPayload(events, "coverageAttempt", asCoverageAttempt)
+  const findingCounts = extractLatestFromPayload(events, "findingCounts", asFindingCounts)
   const gasHotspots = extractLatestFromPayload(events, "gasHotspots", asGasHotspots)
   const proxyContracts = extractLatestFromPayload(events, "proxyContracts", asProxyContracts)
   const patternVersion = extractLatestFromPayload(events, "patternVersion", asString)
@@ -424,10 +472,12 @@ export function projectReportInput(
     projectDir,
     findings,
     toolsExecuted,
+    findingCounts,
     scope,
     soloditResults,
     fuzzCounterexamples,
     coverageReport,
+    coverageAttempt,
     gasHotspots,
     proxyContracts,
     patternVersion,

package/src/state/schemas.ts

@@ -8,7 +8,9 @@ import {
 import type {
   ArgusAgentName,
   AuditPhase,
+  CoverageAttemptState,
   Finding,
+  FindingCounts,
   FindingSeverity,
   FuzzCounterexample,
   SoloditResult,
@@ -111,6 +113,7 @@ export interface ReportInput {
   projectDir: string
   findings: CanonicalFinding[]
   toolsExecuted: CanonicalToolExecution[]
+  findingCounts?: FindingCounts
   scope: string[]
   soloditResults?: SoloditResult[]
   fuzzCounterexamples?: FuzzCounterexample[]
@@ -120,6 +123,82 @@ export interface ReportInput {
   patternVersion?: string
   skillsLoaded?: string[]
   unavailableTools?: string[]
+  coverageAttempt?: CoverageAttemptState
+}
+
+const FINDING_COUNT_FIELDS = [
+  "rawObservations",
+  "recordedFindings",
+  "dedupedFindings",
+  "actionableFindings",
+  "nonActionableFindings",
+] as const
+
+const COVERAGE_ATTEMPT_STATUSES = new Set(["pending", "run", "skipped", "failed"])
+
+function pushFindingCountsErrors(errors: ValidationError[], raw: unknown, prefix: string): void {
+  if (raw == null) return
+  if (!isRecord(raw)) {
+    errors.push({
+      field: prefix,
+      code: "invalid",
+      message: `${prefix} must be an object when provided`,
+    })
+    return
+  }
+
+  for (const field of FINDING_COUNT_FIELDS) {
+    const value = raw[field]
+    if (value == null) continue
+    if (typeof value !== "number" || !Number.isInteger(value) || value < 0) {
+      errors.push({
+        field: `${prefix}.${field}`,
+        code: "invalid",
+        message: `${prefix}.${field} must be a non-negative integer when provided`,
+      })
+    }
+  }
+}
+
+function pushCoverageAttemptErrors(errors: ValidationError[], raw: unknown): void {
+  if (raw == null) return
+  if (!isRecord(raw)) {
+    errors.push({
+      field: "coverageAttempt",
+      code: "invalid",
+      message: "coverageAttempt must be an object when provided",
+    })
+    return
+  }
+
+  if (typeof raw.status !== "string" || !COVERAGE_ATTEMPT_STATUSES.has(raw.status)) {
+    errors.push({
+      field: "coverageAttempt.status",
+      code: "enum",
+      message: "coverageAttempt.status must be one of: pending, run, skipped, failed",
+    })
+  }
+
+  if (
+    raw.attemptedAt != null &&
+    (typeof raw.attemptedAt !== "number" ||
+      !Number.isInteger(raw.attemptedAt) ||
+      raw.attemptedAt <= 0)
+  ) {
+    errors.push({
+      field: "coverageAttempt.attemptedAt",
+      code: "invalid",
+      message: "coverageAttempt.attemptedAt must be a positive integer when provided",
+    })
+  }
+
+  if (raw.reason != null && (typeof raw.reason !== "string" || raw.reason.trim().length === 0)) {
+    errors.push({
+      field: "coverageAttempt.reason",
+      code: "invalid",
+      message: "coverageAttempt.reason must be a non-empty string when provided",
+    })
+  }
 }
 
 function pushRequiredRootStringError(
@@ -253,7 +332,8 @@ export function validateCanonicalFinding(raw: unknown): ValidationResult<Canonic
     errors.push({
       field: "reported_by_agent",
       code: "enum",
-      message: "reported_by_agent must be one of: argus, sentinel, pythia, scribe, unknown",
+      message:
+        "reported_by_agent must be one of: argus, sentinel, pythia, audit-specialist, scribe, unknown",
     })
   }
 
@@ -346,6 +426,8 @@ export function validateCanonicalToolExecution(
     })
   }
 
+  pushFindingCountsErrors(errors, raw.findingCounts, "findingCounts")
+
   if (typeof raw.run_id !== "string" || raw.run_id.trim().length === 0) {
     errors.push({
       field: "run_id",
@@ -400,6 +482,9 @@ export function validateReportInput(raw: unknown): ValidationResult<ReportInput>
     })
   }
 
+  pushFindingCountsErrors(errors, raw.findingCounts, "findingCounts")
+  pushCoverageAttemptErrors(errors, raw.coverageAttempt)
+
   if (!Array.isArray(raw.scope) || !raw.scope.every((item) => typeof item === "string")) {
     errors.push({
       field: "scope",

package/src/state/types.ts

@@ -1,5 +1,11 @@
 export type FindingSeverity = "Critical" | "High" | "Medium" | "Low" | "Informational"
-export type ArgusAgentName = "argus" | "sentinel" | "pythia" | "scribe" | "unknown"
+export type ArgusAgentName =
+  | "argus"
+  | "sentinel"
+  | "pythia"
+  | "audit-specialist"
+  | "scribe"
+  | "unknown"
 export type AuditPhase =
   | "reconnaissance"
   | "scanning"
@@ -88,6 +94,21 @@ export interface ToolExecution {
   endTime?: number
   success: boolean
   findingsCount: number
+  findingCounts?: FindingCounts
+}
+
+export interface FindingCounts {
+  rawObservations?: number
+  recordedFindings?: number
+  dedupedFindings?: number
+  actionableFindings?: number
+  nonActionableFindings?: number
+}
+
+export interface CoverageAttemptState {
+  status: "pending" | "run" | "skipped" | "failed"
+  attemptedAt?: number
+  reason?: string
 }
 
 export interface AuditState {
@@ -105,7 +126,9 @@ export interface AuditState {
   skillsLoaded?: string[]
   unavailableTools?: string[]
   reportGenerated?: boolean
+  findingCounts?: FindingCounts
   knowledgeSynced?: { success: boolean; timestamp: number }
+  coverageAttempt?: CoverageAttemptState
   coverageReport?: {
     files: Array<{
       path: string

package/src/tools/forge-coverage-tool.ts

@@ -5,10 +5,14 @@ import { resolveProjectDir } from "../shared/project-utils"
 
 type ForgeCoverageArgs = {
   target?: string
+  match_path?: string
+  ir_minimum?: boolean
 }
 
 type NormalizedForgeCoverageArgs = {
   target: string
+  match_path?: string
+  ir_minimum: boolean
 }
 
 type ForgeCoverageFile = {
@@ -53,9 +57,22 @@ const EMPTY_SUMMARY: ForgeCoverageSummary = {
 function normalizeArgs(args: ForgeCoverageArgs, context: ToolContext): NormalizedForgeCoverageArgs {
   return {
     target: args.target ?? resolveProjectDir(context),
+    match_path: args.match_path,
+    ir_minimum: args.ir_minimum ?? false,
   }
 }
 
+function buildCoverageCommand(args: NormalizedForgeCoverageArgs, forceIrMinimum = false): string[] {
+  const command = ["forge", "coverage", "--report", "summary"]
+  if (args.match_path) command.push("--match-path", args.match_path)
+  if (args.ir_minimum || forceIrMinimum) command.push("--ir-minimum")
+  return command
+}
+
+function isStackTooDeep(stderr: string): boolean {
+  return /stack too deep/i.test(stderr)
+}
+
 function parsePercent(input: string): number {
   const match = input.match(/(\d+(?:\.\d+)?)%/)
   if (!match?.[1]) {
@@ -156,11 +173,22 @@ export async function executeForgeCoverage(
   })
 
   try {
-    const runResult = await runCommand(["forge", "coverage"], {
+    let runResult = await runCommand(buildCoverageCommand(normalizedArgs), {
       signal: context.abort,
       cwd: normalizedArgs.target,
     })
 
+    if (
+      runResult.exitCode !== 0 &&
+      !normalizedArgs.ir_minimum &&
+      isStackTooDeep(runResult.stderr)
+    ) {
+      runResult = await runCommand(buildCoverageCommand(normalizedArgs, true), {
+        signal: context.abort,
+        cwd: normalizedArgs.target,
+      })
+    }
+
     if (runResult.exitCode !== 0) {
       return fail(
         runResult.stderr.trim() || `forge coverage exited with code ${runResult.exitCode}`,
@@ -193,6 +221,8 @@ export const forgeCoverageTool = tool({
     "Run forge coverage analysis and return structured per-file coverage metrics (lines, statements, branches, functions).",
   args: {
     target: tool.schema.string().optional(),
+    match_path: tool.schema.string().optional(),
+    ir_minimum: tool.schema.boolean().optional(),
   },
   async execute(args, context) {
     const result = await executeForgeCoverage(args, context)

package/src/tools/record-finding-tool.ts

@@ -63,7 +63,13 @@ function parseFindingObject(raw: string, label: "finding" | "findings"): ParseRe
 }
 
 function normalizeAgent(value: string): ArgusAgentName {
-  if (value === "argus" || value === "sentinel" || value === "pythia" || value === "scribe") {
+  if (
+    value === "argus" ||
+    value === "sentinel" ||
+    value === "pythia" ||
+    value === "audit-specialist" ||
+    value === "scribe"
+  ) {
     return value
   }
 

package/src/tools/report-generator-tool.ts

@@ -309,6 +309,7 @@ const VALID_AGENT_VALUES = new Set<ArgusAgentName>([
   "argus",
   "sentinel",
   "pythia",
+  "audit-specialist",
   "scribe",
   "unknown",
 ])
@@ -746,6 +747,22 @@ function formatLocation(finding: Finding): string {
   return `${finding.file}:${finding.lines[0]}-${finding.lines[1]}`
 }
 
+function sourceExcerpt(projectDir: string, finding: Finding): string | null {
+  if (!finding.file || !Array.isArray(finding.lines) || finding.lines.length < 2) return null
+  const start = finding.lines[0]
+  const end = finding.lines[1]
+  if (!Number.isInteger(start) || !Number.isInteger(end) || start <= 0 || end < start) {
+    return null
+  }
+  const absolutePath = path.isAbsolute(finding.file)
+    ? finding.file
+    : path.join(projectDir, finding.file)
+  if (!existsSync(absolutePath) || !statSync(absolutePath).isFile()) return null
+  const contents = readFileSync(absolutePath, "utf-8").split(/\r?\n/)
+  const excerpt = contents.slice(start - 1, end).join("\n")
+  return excerpt.trim().length > 0 ? excerpt : null
+}
+
 function shouldIncludeFinding(finding: Finding, threshold: SeverityThreshold): boolean {
   return FINDING_WEIGHT[finding.severity] >= THRESHOLD_WEIGHT[threshold]
 }
@@ -1005,7 +1022,7 @@ function buildRecommendations(counts: FindingsCount): string[] {
   return items
 }
 
-function buildFindingsSection(findings: Finding[]): string {
+function buildFindingsSection(findings: Finding[], projectDir: string): string {
   if (findings.length === 0) {
     return "## Findings\nNo findings meet the configured severity threshold."
   }
@@ -1031,6 +1048,15 @@ function buildFindingsSection(findings: Finding[]): string {
       lines.push(`**Severity**: ${finding.severity}`)
       lines.push(`**Confidence**: ${finding.confidence}`)
       lines.push(`**Location**: ${formatLocation(finding)}`)
+      const excerpt = sourceExcerpt(projectDir, finding)
+      if (excerpt) {
+        lines.push("")
+        lines.push("**Source Excerpt**:")
+        lines.push("")
+        lines.push("```solidity")
+        lines.push(excerpt)
+        lines.push("```")
+      }
       lines.push("")
       lines.push(`**Description**: ${finding.description}`)
       lines.push("")
@@ -1387,7 +1413,7 @@ export async function executeReportGeneration(
     "Approach: Findings are normalized, deterministically ordered by severity/file/line, and validated against report quality gates before emission.",
   )
 
-  sections.push(buildFindingsSection(findings))
+  sections.push(buildFindingsSection(findings, reportInput.projectDir))
 
   sections.push("## Recommendations")
   for (const item of buildRecommendations(counts)) {

package/src/tools/slither-tool.ts

@@ -470,26 +470,6 @@ export async function executeSlitherAnalyze(
     }
   }
 
-  if (args.via_ir) {
-    const fallbackResult = await flattenFallback(args, context, {
-      ...getDefaultFlattenDeps(),
-      runCommand,
-      cwd: projectDir,
-    })
-    if (fallbackResult) return fallbackResult
-    return {
-      success: false,
-      findingsCount: 0,
-      findings: [],
-      executionTime: Date.now() - startedAt,
-      errors: [
-        "via_ir enabled — flatten fallback failed. Ensure forge and solc-select are installed.",
-      ],
-      error:
-        "Project uses via_ir which is incompatible with Slither direct analysis. Flatten fallback also failed.",
-    }
-  }
-
   const command = buildCommand(args)
 
   try {
@@ -508,7 +488,7 @@ export async function executeSlitherAnalyze(
       payload = JSON.parse(runResult.stdout) as SlitherPayload
     } catch (error) {
       const message = error instanceof Error ? error.message : "Unknown parse error"
-      if (shouldTryFlattenFallback(errors, runResult.stderr)) {
+      if (args.via_ir || shouldTryFlattenFallback(errors, runResult.stderr)) {
         const fallbackResult = await flattenFallback(args, context, {
           ...getDefaultFlattenDeps(),
           runCommand,
@@ -533,7 +513,11 @@ export async function executeSlitherAnalyze(
     const findings = parseFindings(payload)
     const success = findings.length > 0 || (runResult.exitCode === 0 && payload.success !== false)
 
-    if (!success && findings.length === 0 && shouldTryFlattenFallback(errors, runResult.stderr)) {
+    if (
+      !success &&
+      findings.length === 0 &&
+      (args.via_ir || shouldTryFlattenFallback(errors, runResult.stderr))
+    ) {
       const fallbackResult = await flattenFallback(args, context, {
         ...getDefaultFlattenDeps(),
         runCommand,