white-hat-scanner 1.0.1

package/src/test/smoke.ts

@@ -0,0 +1,457 @@
+import { mkdirSync, writeFileSync, rmSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+import { getRedis, log, closeRedis } from '../redis'
+import { scoreFindings } from '../scorer'
+import { createDisclosureRecord } from '../disclosure'
+import { pruneNoGithubFromQueue, prioritizeExploitTargets, isExploitTarget } from '../discovery'
+import { resolveCloneUrl, contractPriority, installDeps, detectSolcVersion } from '../analyzer'
+import { generateSubmissionDraft, formatImmunefireport } from '../submission'
+import { parseProtocolName, fetchContestProtocols } from '../contest'
+import type { AnalysisResult } from '../analyzer'
+import type { Protocol } from '../discovery'
+
+async function runSmoke(): Promise<void> {
+  console.log('[smoke] Starting smoke tests...')
+
+  // Test 1: Redis connection
+  const redis = getRedis()
+  await redis.ping()
+  console.log('[smoke] ✓ Redis connection OK')
+
+  // Test 2: Logging
+  await log('smoke test log entry')
+  const logEntry = await redis.lindex('whiteh:log', 0)
+  if (!logEntry) throw new Error('Log entry not written')
+  const parsed = JSON.parse(logEntry) as { message: string }
+  if (!parsed.message.includes('smoke test')) throw new Error('Log entry malformed')
+  console.log('[smoke] ✓ Redis logging OK')
+
+  // Test 3: Scorer — with source code (should alert)
+  const mockResultWithCode: AnalysisResult = {
+    protocolId: 'test-protocol',
+    protocolName: 'Test Protocol',
+    chain: 'ethereum',
+    tvl: 100_000_000,
+    slitherFindings: [
+      { check: 'reentrancy', impact: 'High', confidence: 'High', description: 'test', elements: [] },
+    ],
+    slitherStatus: 'success',
+    claudeReview: 'RISK_LEVEL: HIGH\nBOUNTY_ESTIMATE_USD: 50000\nSUMMARY: Test summary',
+    riskLevel: 'HIGH',
+    estimatedBounty: 50000,
+    disclosureSummary: 'Test summary',
+    scannedAt: Date.now(),
+    sourceAvailable: true,
+  }
+  const scored = scoreFindings(mockResultWithCode)
+  if (!scored.needsAlert) throw new Error('HIGH risk with source should trigger alert')
+  if (scored.severity < 7) throw new Error('HIGH risk severity too low')
+  if (!scored.sourceAvailable) throw new Error('sourceAvailable should be true')
+  console.log('[smoke] ✓ Scorer (with source) OK')
+
+  // Test 4: Scorer — no source code (should NOT alert, bounty should be 0)
+  const mockResultNoCode: AnalysisResult = {
+    ...mockResultWithCode,
+    protocolId: 'test-protocol-nocode',
+    sourceAvailable: false,
+    estimatedBounty: 0,
+  }
+  const scoredNoCode = scoreFindings(mockResultNoCode)
+  if (scoredNoCode.needsAlert) throw new Error('HIGH risk without source should NOT trigger alert')
+  if (scoredNoCode.sourceAvailable) throw new Error('sourceAvailable should be false')
+  console.log('[smoke] ✓ Scorer (no source, no alert) OK')
+
+  // Test 5: No-source finding does NOT create a disclosure record
+  const disclosuresBefore = await redis.llen('whiteh:disclosures')
+  // Simulate what index.ts does: only call createDisclosureRecord when sourceAvailable
+  if (scoredNoCode.sourceAvailable) {
+    await createDisclosureRecord(mockResultNoCode, scoredNoCode)
+  }
+  const disclosuresAfter = await redis.llen('whiteh:disclosures')
+  if (disclosuresAfter !== disclosuresBefore) {
+    throw new Error('No-source finding should not create a disclosure record')
+  }
+  console.log('[smoke] ✓ No-source finding skips disclosure record OK')
+
+  // Test 6: pruneNoGithubFromQueue removes low-TVL no-GitHub entries but keeps high-TVL + github ones
+  const testKey = 'whiteh:queue'
+  const noGithubLowTvl: Protocol = { id: 'smoke-no-gh-low', name: 'Smoke No GitHub Low TVL', chain: 'eth', tvl: 50_000_000 }
+  const noGithubHighTvl: Protocol = { id: 'smoke-no-gh-high', name: 'Smoke No GitHub High TVL', chain: 'eth', tvl: 600_000_000 }
+  const withGithub: Protocol = { id: 'smoke-with-gh', name: 'Smoke With GitHub', github: 'https://github.com/test', chain: 'eth', tvl: 50_000_000 }
+  // Ensure clean state
+  await redis.lrem(testKey, 0, JSON.stringify(noGithubLowTvl))
+  await redis.lrem(testKey, 0, JSON.stringify(noGithubHighTvl))
+  await redis.lrem(testKey, 0, JSON.stringify(withGithub))
+  await redis.rpush(testKey, JSON.stringify(noGithubLowTvl))
+  await redis.rpush(testKey, JSON.stringify(noGithubHighTvl))
+  await redis.rpush(testKey, JSON.stringify(withGithub))
+  await pruneNoGithubFromQueue()
+  // noGithubLowTvl should be gone
+  const lowTvlPos = await redis.lpos(testKey, JSON.stringify(noGithubLowTvl))
+  if (lowTvlPos !== null) throw new Error('Low-TVL no-GitHub entry should have been pruned')
+  // high-TVL no-GitHub should remain
+  const highTvlPos = await redis.lpos(testKey, JSON.stringify(noGithubHighTvl))
+  if (highTvlPos === null) throw new Error('High-TVL no-GitHub entry should NOT have been pruned')
+  // with-GitHub should remain
+  const githubPos = await redis.lpos(testKey, JSON.stringify(withGithub))
+  if (githubPos === null) throw new Error('GitHub-available entry should NOT have been pruned')
+  // clean up test entries
+  await redis.lrem(testKey, 0, JSON.stringify(noGithubHighTvl))
+  await redis.lrem(testKey, 0, JSON.stringify(withGithub))
+  console.log('[smoke] ✓ pruneNoGithubFromQueue removes low-TVL no-GitHub entries OK')
+
+  // Test 7: resolveCloneUrl passthrough for already-URL values
+  const fullUrl = 'https://github.com/aave/aave-v3-core'
+  const resolved = await resolveCloneUrl(fullUrl)
+  if (resolved !== fullUrl) throw new Error(`resolveCloneUrl should pass through full URLs unchanged, got: ${resolved}`)
+  console.log('[smoke] ✓ resolveCloneUrl passthrough OK')
+
+  // Test 8: resolveCloneUrl resolves org name to a valid https URL
+  const orgUrl = await resolveCloneUrl('uniswap')
+  if (!orgUrl || !orgUrl.startsWith('https://github.com/uniswap/')) {
+    throw new Error(`resolveCloneUrl should resolve org to https URL, got: ${orgUrl}`)
+  }
+  console.log(`[smoke] ✓ resolveCloneUrl org resolution OK (${orgUrl})`)
+
+  // Test 9: Alert payload uses 'text' field (not 'message') for Telegram compatibility
+  const { sendAlert } = await import('../notifier')
+  // Use a unique name to avoid dedup from prior smoke runs
+  const testFinding = { ...scored, protocolName: `Smoke-Test-${Date.now()}` }
+  // Pre-clear any prior dedup entry for this name just in case
+  const alertsBefore = await redis.llen('cca:notify:money-brain')
+  await sendAlert(testFinding)
+  const alertsAfter = await redis.llen('cca:notify:money-brain')
+  if (alertsAfter <= alertsBefore) throw new Error('Alert should have been pushed to notification channel')
+  const rawAlert = await redis.lindex('cca:notify:money-brain', 0)
+  if (!rawAlert) throw new Error('Alert not found in channel')
+  const alertPayload = JSON.parse(rawAlert) as Record<string, unknown>
+  if (!alertPayload.text) throw new Error(`Alert payload missing 'text' field (got keys: ${Object.keys(alertPayload).join(', ')})`)
+  if (alertPayload.message) throw new Error(`Alert payload should not have 'message' field (Telegram compatibility)`)
+  // clean up test alert
+  await redis.lrem('cca:notify:money-brain', 1, rawAlert)
+  await redis.lrem('whiteh:alerts', 1, JSON.stringify({ ts: Date.now() }))
+  console.log('[smoke] ✓ Alert payload uses text field (Telegram-compatible) OK')
+
+  // Test 10: contractPriority filters out test/mock/interface files
+  // Test files should be filtered out (priority = 0)
+  if (contractPriority('/repo/test/PoolTest.sol') !== 0) throw new Error('test/ dir should be filtered')
+  if (contractPriority('/repo/contracts/MockToken.sol') !== 0) throw new Error('Mock*.sol should be filtered')
+  if (contractPriority('/repo/contracts/IPool.sol') !== 0) throw new Error('ICapitalized.sol should be filtered')
+  if (contractPriority('/repo/contracts/PoolTest.sol') !== 0) throw new Error('*Test.sol should be filtered')
+  if (contractPriority('/repo/contracts/Pool.t.sol') !== 0) throw new Error('*.t.sol should be filtered')
+  // Core contracts should have boosted priority
+  if (contractPriority('/repo/contracts/Pool.sol') <= 0) throw new Error('Pool.sol should have positive priority')
+  if (contractPriority('/repo/contracts/Vault.sol') < contractPriority('/repo/contracts/Library.sol')) {
+    throw new Error('Vault.sol should have higher priority than Library.sol')
+  }
+  // Regular contracts have default priority
+  if (contractPriority('/repo/contracts/MyProtocol.sol') <= 0) throw new Error('MyProtocol.sol should have positive priority')
+  console.log('[smoke] ✓ contractPriority filters test/mock/interface files OK')
+
+  // Test 11: CRITICAL without Slither should NOT alert (Claude-only CRITICAL = noisy)
+  const mockCriticalNoSlither: AnalysisResult = {
+    ...mockResultWithCode,
+    protocolId: 'test-critical-no-slither',
+    protocolName: 'Test Critical No Slither',
+    slitherFindings: [],
+    slitherStatus: 'compilation_error',
+    riskLevel: 'CRITICAL',
+    estimatedBounty: 1000000,
+  }
+  const scoredCriticalNoSlither = scoreFindings(mockCriticalNoSlither)
+  if (scoredCriticalNoSlither.needsAlert) {
+    throw new Error('CRITICAL without Slither should NOT trigger alert (too noisy)')
+  }
+  console.log('[smoke] ✓ CRITICAL without Slither = no alert OK')
+
+  // Test 12: CRITICAL WITH Slither SHOULD alert
+  const mockCriticalWithSlither: AnalysisResult = {
+    ...mockResultWithCode,
+    protocolId: 'test-critical-with-slither',
+    protocolName: 'Test Critical With Slither',
+    slitherFindings: [
+      { check: 'arbitrary-send', impact: 'Critical', confidence: 'High', description: 'test', elements: [] },
+    ],
+    riskLevel: 'CRITICAL',
+    estimatedBounty: 500000,
+  }
+  const scoredCriticalWithSlither = scoreFindings(mockCriticalWithSlither)
+  if (!scoredCriticalWithSlither.needsAlert) {
+    throw new Error('CRITICAL with Slither findings SHOULD trigger alert')
+  }
+  console.log('[smoke] ✓ CRITICAL with Slither findings = alert OK')
+
+  // Test 13: formatImmunefireport generates valid Immunefi-style report
+  const scoredForReport = scoreFindings(mockResultWithCode)
+  const report = formatImmunefireport(mockResultWithCode, scoredForReport)
+  if (!report.includes('# Immunefi Bug Report Draft')) throw new Error('Report missing header')
+  if (!report.includes('Test Protocol')) throw new Error('Report missing protocol name')
+  if (!report.includes('High')) throw new Error('Report missing severity')
+  if (!report.includes('AUTO-GENERATED DRAFT')) throw new Error('Report missing review warning')
+  console.log('[smoke] ✓ formatImmunefireport generates valid report structure OK')
+
+  // Test 14: generateSubmissionDraft creates Redis entry and Telegram notification for qualifying finding
+  const submissionsBefore = await redis.llen('whiteh:submissions')
+  const notifyBefore = await redis.llen('cca:notify:money-brain')
+  await generateSubmissionDraft(mockResultWithCode, scoredForReport)
+  const submissionsAfter = await redis.llen('whiteh:submissions')
+  const notifyAfter = await redis.llen('cca:notify:money-brain')
+  if (submissionsAfter !== submissionsBefore + 1) throw new Error('generateSubmissionDraft should push to whiteh:submissions')
+  if (notifyAfter !== notifyBefore + 1) throw new Error('generateSubmissionDraft should push Telegram notification')
+  // Verify the notification has the right format — rpush appends to the right end (index -1)
+  const rawNotify = await redis.lindex('cca:notify:money-brain', -1)
+  if (!rawNotify) throw new Error('Submission notification not found')
+  const notifyPayload = JSON.parse(rawNotify) as Record<string, unknown>
+  if (!notifyPayload.text || !(notifyPayload.text as string).includes('IMMUNEFI DRAFT READY')) {
+    throw new Error(`Submission notification missing expected text (got: ${JSON.stringify(notifyPayload)})`)
+  }
+  // clean up test entries
+  const rawSub = await redis.lindex('whiteh:submissions', 0)
+  if (rawSub) await redis.lrem('whiteh:submissions', 1, rawSub)
+  await redis.lrem('cca:notify:money-brain', 1, rawNotify)
+  console.log('[smoke] ✓ generateSubmissionDraft creates submission + notification OK')
+
+  // Test 15: generateSubmissionDraft skips low-bounty findings
+  const lowBountyResult: AnalysisResult = { ...mockResultWithCode, estimatedBounty: 5_000 }
+  const scoredLowBounty = scoreFindings(lowBountyResult)
+  const subsBefore = await redis.llen('whiteh:submissions')
+  await generateSubmissionDraft(lowBountyResult, scoredLowBounty)
+  const subsAfter = await redis.llen('whiteh:submissions')
+  if (subsAfter !== subsBefore) throw new Error('generateSubmissionDraft should skip bounty < $10k')
+  console.log('[smoke] ✓ generateSubmissionDraft skips low-bounty findings OK')
+
+  // Test 16: isExploitTarget matches known exploit targets
+  if (!isExploitTarget('Compound Finance')) throw new Error('Compound should be an exploit target')
+  if (!isExploitTarget('Ronin Network')) throw new Error('Ronin should be an exploit target')
+  if (!isExploitTarget('Curve Finance')) throw new Error('Curve should be an exploit target')
+  if (!isExploitTarget('BadgerDAO')) throw new Error('Badger should be an exploit target')
+  if (isExploitTarget('MyRandomProtocol')) throw new Error('Random protocol should NOT be an exploit target')
+  if (isExploitTarget('SafeToken')) throw new Error('SafeToken should NOT be an exploit target')
+  console.log('[smoke] ✓ isExploitTarget matches known exploit history protocols OK')
+
+  // Test 17: prioritizeExploitTargets moves exploit-history entries before normal entries.
+  // Append both to the real queue (normal first, exploit second — reversed from desired order),
+  // then verify that after reorder the exploit entry has a lower index than the normal one.
+  const exploitProto: Protocol = { id: 'smoke-exploit-t17', name: 'Compound Fork Protocol', github: 'https://github.com/test/compound-fork', chain: 'eth', tvl: 50_000_000 }
+  const normalProto: Protocol = { id: 'smoke-normal-t17', name: 'Some Normal Protocol T17', github: 'https://github.com/test/normal', chain: 'eth', tvl: 50_000_000 }
+  // Clean any leftover test entries
+  await redis.lrem('whiteh:queue', 0, JSON.stringify(exploitProto))
+  await redis.lrem('whiteh:queue', 0, JSON.stringify(normalProto))
+  // Insert normal first, then exploit — wrong order intentionally
+  await redis.rpush('whiteh:queue', JSON.stringify(normalProto))
+  await redis.rpush('whiteh:queue', JSON.stringify(exploitProto))
+  // Run reorder
+  await prioritizeExploitTargets()
+  // Check: exploit entry must appear before normal entry
+  const reorderedAll = await redis.lrange('whiteh:queue', 0, -1)
+  const exploitIdx = reorderedAll.findIndex((r) => { try { return (JSON.parse(r) as Protocol).id === 'smoke-exploit-t17' } catch { return false } })
+  const normalIdx = reorderedAll.findIndex((r) => { try { return (JSON.parse(r) as Protocol).id === 'smoke-normal-t17' } catch { return false } })
+  if (exploitIdx === -1 || normalIdx === -1) throw new Error(`Test entries missing after reorder (exploit: ${exploitIdx}, normal: ${normalIdx})`)
+  if (exploitIdx >= normalIdx) throw new Error(`Exploit target (idx ${exploitIdx}) should come before normal (idx ${normalIdx})`)
+  // Clean up
+  await redis.lrem('whiteh:queue', 0, JSON.stringify(exploitProto))
+  await redis.lrem('whiteh:queue', 0, JSON.stringify(normalProto))
+  console.log('[smoke] ✓ prioritizeExploitTargets moves exploit-history targets to queue front OK')
+
+  // Test 18: resolveCloneUrl handles GitHub org URLs (https://github.com/OrgName with no repo)
+  // DeFiLlama sometimes returns org URLs rather than plain org names — these were previously
+  // passed through as-is, causing git clone to fail on a URL that has no repo path.
+  const orgUrlResolved = await resolveCloneUrl('https://github.com/uniswap')
+  if (!orgUrlResolved || !orgUrlResolved.startsWith('https://github.com/uniswap/')) {
+    throw new Error(`resolveCloneUrl should resolve org URL to repo URL, got: ${orgUrlResolved}`)
+  }
+  // Full repo URLs with 2 path segments must still pass through unchanged
+  const fullRepoUrl = 'https://github.com/aave/aave-v3-core'
+  const fullResolved = await resolveCloneUrl(fullRepoUrl)
+  if (fullResolved !== fullRepoUrl) {
+    throw new Error(`resolveCloneUrl should not modify full repo URLs, got: ${fullResolved}`)
+  }
+  console.log(`[smoke] ✓ resolveCloneUrl org URL resolution OK (${orgUrlResolved})`)
+
+  // Test 19: queueNewProtocols uses whiteh:queued set — does NOT re-queue protocols already in set
+  const { queueNewProtocols, dequeueProtocol } = await import('../discovery')
+  const dedupeProto: Protocol = {
+    id: `smoke-dedup-${Date.now()}`,
+    name: 'Smoke Dedup Test Protocol',
+    github: 'https://github.com/test/dedup-proto',
+    chain: 'eth',
+    tvl: 50_000_000,
+  }
+  // Ensure protocol is NOT already scanned
+  await redis.srem('whiteh:scanned', dedupeProto.id)
+  // Simulate it already being in the queue (add to whiteh:queued set, not the list)
+  await redis.sadd('whiteh:queued', dedupeProto.id)
+  const queueLenBefore = await redis.llen('whiteh:queue')
+  await queueNewProtocols([dedupeProto])
+  const queueLenAfter = await redis.llen('whiteh:queue')
+  if (queueLenAfter !== queueLenBefore) {
+    throw new Error(`queueNewProtocols should skip protocols already in whiteh:queued (queue grew by ${queueLenAfter - queueLenBefore})`)
+  }
+  await redis.srem('whiteh:queued', dedupeProto.id)
+  console.log('[smoke] ✓ queueNewProtocols skips protocols in whiteh:queued set OK')
+
+  // Test 20: dequeueProtocol skips already-scanned entries (duplicate cleanup)
+  const skipProto: Protocol = {
+    id: `smoke-skip-${Date.now()}`,
+    name: 'Smoke Skip Already Scanned',
+    github: 'https://github.com/test/skip-proto',
+    chain: 'eth',
+    tvl: 50_000_000,
+  }
+  const keepProto: Protocol = {
+    id: `smoke-keep-${Date.now()}`,
+    name: 'Smoke Keep Unscanned',
+    github: 'https://github.com/test/keep-proto',
+    chain: 'eth',
+    tvl: 50_000_000,
+  }
+  // Mark skipProto as already scanned, keepProto is fresh
+  await redis.sadd('whiteh:scanned', skipProto.id)
+  await redis.srem('whiteh:scanned', keepProto.id)
+  // Push skipProto at front, keepProto behind it (skipProto is the "duplicate")
+  await redis.lpush('whiteh:queue', JSON.stringify(keepProto))
+  await redis.lpush('whiteh:queue', JSON.stringify(skipProto))
+  const dequeued = await dequeueProtocol()
+  if (!dequeued) throw new Error('dequeueProtocol returned null — should have skipped skipProto and returned keepProto')
+  if (dequeued.id !== keepProto.id) {
+    throw new Error(`dequeueProtocol should skip already-scanned entry and return next, got id=${dequeued.id}`)
+  }
+  // Cleanup
+  await redis.lrem('whiteh:queue', 0, JSON.stringify(keepProto))
+  await redis.lrem('whiteh:queue', 0, JSON.stringify(skipProto))
+  await redis.srem('whiteh:scanned', skipProto.id)
+  console.log('[smoke] ✓ dequeueProtocol skips already-scanned entries OK')
+
+  // Test 21: parseProtocolName — Code4rena repo naming convention
+  if (parseProtocolName('code-423n4', '2024-01-myprotocol') !== 'Myprotocol (C4)') {
+    throw new Error(`parseProtocolName C4 basic failed: got "${parseProtocolName('code-423n4', '2024-01-myprotocol')}"`)
+  }
+  if (parseProtocolName('code-423n4', '2024-01-uniswap-v4') !== 'Uniswap V4 (C4)') {
+    throw new Error(`parseProtocolName C4 multi-word failed: got "${parseProtocolName('code-423n4', '2024-01-uniswap-v4')}"`)
+  }
+  console.log('[smoke] ✓ parseProtocolName Code4rena convention OK')
+
+  // Test 22: parseProtocolName — Sherlock repo naming convention
+  if (parseProtocolName('sherlock-audit', '2024-curve-audit') !== 'Curve (Sherlock)') {
+    throw new Error(`parseProtocolName Sherlock basic failed: got "${parseProtocolName('sherlock-audit', '2024-curve-audit')}"`)
+  }
+  if (parseProtocolName('sherlock-audit', '2024-aave-v3-audit') !== 'Aave V3 (Sherlock)') {
+    throw new Error(`parseProtocolName Sherlock multi-word failed: got "${parseProtocolName('sherlock-audit', '2024-aave-v3-audit')}"`)
+  }
+  console.log('[smoke] ✓ parseProtocolName Sherlock convention OK')
+
+  // Test 23: fetchContestProtocols — returns Protocol objects with correct shape
+  // (live network call; only verify shape, not exact count)
+  const contestProtocols = await fetchContestProtocols()
+  if (!Array.isArray(contestProtocols)) throw new Error('fetchContestProtocols should return an array')
+  for (const p of contestProtocols) {
+    if (!p.id.startsWith('contest-')) throw new Error(`Contest protocol id should start with 'contest-': ${p.id}`)
+    if (!p.github || !p.github.startsWith('https://github.com/')) {
+      throw new Error(`Contest protocol github should be a full GitHub URL: ${p.github}`)
+    }
+    if (p.tvl <= 0) throw new Error(`Contest protocol TVL should be positive: ${p.tvl}`)
+    if (!p.name) throw new Error(`Contest protocol name should be non-empty`)
+  }
+  console.log(`[smoke] ✓ fetchContestProtocols returns valid Protocol objects (${contestProtocols.length} found) OK`)
+
+  // Test 24: installDeps — no package manager files → 'no-pkg-manager'
+  const tmpEmpty = join(tmpdir(), `smoke-empty-${Date.now()}`)
+  mkdirSync(tmpEmpty, { recursive: true })
+  try {
+    const status24 = installDeps(tmpEmpty)
+    if (status24 !== 'no-pkg-manager') throw new Error(`Expected 'no-pkg-manager', got '${status24}'`)
+    console.log('[smoke] ✓ installDeps no-pkg-manager OK')
+  } finally {
+    rmSync(tmpEmpty, { recursive: true, force: true })
+  }
+
+  // Test 25: installDeps — foundry.toml + non-empty lib/ → 'foundry-lib-present'
+  // lib/ must have actual content (a subdirectory) to be considered populated.
+  // An empty lib/ means submodules weren't fetched and forge install should run.
+  const tmpFoundry = join(tmpdir(), `smoke-foundry-${Date.now()}`)
+  mkdirSync(join(tmpFoundry, 'lib', 'forge-std'), { recursive: true })
+  writeFileSync(join(tmpFoundry, 'foundry.toml'), '[profile.default]\n')
+  try {
+    const status25 = installDeps(tmpFoundry)
+    if (status25 !== 'foundry-lib-present') throw new Error(`Expected 'foundry-lib-present', got '${status25}'`)
+    console.log('[smoke] ✓ installDeps foundry-lib-present OK')
+  } finally {
+    rmSync(tmpFoundry, { recursive: true, force: true })
+  }
+
+  // Test 26: installDeps — package.json present → should run npm and return 'npm'
+  const tmpNpm = join(tmpdir(), `smoke-npm-${Date.now()}`)
+  mkdirSync(tmpNpm, { recursive: true })
+  writeFileSync(join(tmpNpm, 'package.json'), JSON.stringify({ name: 'test', version: '1.0.0', dependencies: {} }))
+  try {
+    const status26 = installDeps(tmpNpm)
+    if (status26 !== 'npm') throw new Error(`Expected 'npm', got '${status26}'`)
+    console.log('[smoke] ✓ installDeps npm install OK')
+  } finally {
+    rmSync(tmpNpm, { recursive: true, force: true })
+  }
+
+  // Test 27: slitherStatus in Immunefi report — compilation_error shows correct note
+  const compilationErrResult: AnalysisResult = {
+    ...mockResultWithCode,
+    protocolId: 'test-compilation-err',
+    protocolName: 'Test Compilation Error Protocol',
+    slitherFindings: [],
+    slitherStatus: 'compilation_error',
+  }
+  const scoredCompErr = scoreFindings(compilationErrResult)
+  const compilationErrReport = formatImmunefireport(compilationErrResult, scoredCompErr)
+  if (!compilationErrReport.includes('could not compile')) {
+    throw new Error(`Compilation error report should mention compilation failure, got: ${compilationErrReport.slice(0, 300)}`)
+  }
+  console.log('[smoke] ✓ slitherStatus compilation_error report note OK')
+
+  // Test 28: slitherStatus 'success' with 0 findings shows correct "ran but found nothing" note
+  const successZeroResult: AnalysisResult = {
+    ...mockResultWithCode,
+    protocolId: 'test-success-zero',
+    protocolName: 'Test Clean Slither Protocol',
+    slitherFindings: [],
+    slitherStatus: 'success',
+  }
+  const scoredSuccessZero = scoreFindings(successZeroResult)
+  const successZeroReport = formatImmunefireport(successZeroResult, scoredSuccessZero)
+  if (!successZeroReport.includes('ran successfully but found no')) {
+    throw new Error(`Success+0 findings report should mention "ran successfully", got: ${successZeroReport.slice(0, 300)}`)
+  }
+  console.log('[smoke] ✓ slitherStatus success+0 findings report note OK')
+
+  // Test 29: detectSolcVersion — parses pragma from a temp directory
+  const solcTestDir = join(tmpdir(), `smoke-solc-${Date.now()}`)
+  mkdirSync(solcTestDir, { recursive: true })
+  try {
+    writeFileSync(join(solcTestDir, 'Token.sol'), `// SPDX-License-Identifier: MIT\npragma solidity =0.7.6;\ncontract Token {}\n`)
+    writeFileSync(join(solcTestDir, 'Pool.sol'), `// SPDX-License-Identifier: MIT\npragma solidity =0.7.6;\ncontract Pool {}\n`)
+    const detected = detectSolcVersion(solcTestDir)
+    if (detected !== '0.7.6') throw new Error(`detectSolcVersion expected 0.7.6, got ${detected}`)
+    console.log('[smoke] ✓ detectSolcVersion parses pinned pragma OK')
+  } finally {
+    rmSync(solcTestDir, { recursive: true, force: true })
+  }
+
+  // Test 30: detectSolcVersion with caret pragma
+  const solcCaretDir = join(tmpdir(), `smoke-solc-caret-${Date.now()}`)
+  mkdirSync(solcCaretDir, { recursive: true })
+  try {
+    writeFileSync(join(solcCaretDir, 'A.sol'), `pragma solidity ^0.8.17;\ncontract A {}\n`)
+    const detected2 = detectSolcVersion(solcCaretDir)
+    if (detected2 !== '0.8.17') throw new Error(`detectSolcVersion caret expected 0.8.17, got ${detected2}`)
+    console.log('[smoke] ✓ detectSolcVersion parses caret pragma OK')
+  } finally {
+    rmSync(solcCaretDir, { recursive: true, force: true })
+  }
+
+  console.log('[smoke] All smoke tests passed (30/30) ✓')
+  await closeRedis()
+}
+
+runSmoke().catch((err) => {
+  console.error('[smoke] FAILED:', err)
+  process.exit(1)
+})