code analysis tools

Author: ci-bot

libs/remix-ai-core/src/remix-mcp-server/RemixMCPServer.ts

@@ -29,6 +29,7 @@ import { createCompilationTools } from './handlers/CompilationHandler';
 import { createFileManagementTools } from './handlers/FileManagementHandler';
 import { createDeploymentTools } from './handlers/DeploymentHandler';
 import { createDebuggingTools } from './handlers/DebuggingHandler';
+import { createCodeAnalysisTools } from './handlers/CodeAnalysisHandler';
 
 // Import resource providers
 import { ProjectResourceProvider } from './providers/ProjectResourceProvider';
@@ -468,6 +469,11 @@ export class RemixMCPServer extends EventEmitter implements IRemixMCPServer {
       this._tools.registerBatch(debuggingTools);
       console.log(`Registered ${debuggingTools.length} debugging tools`, 'info');
 
+      // Register debugging tools
+      const codeAnalysisTools = createCodeAnalysisTools();
+      this._tools.registerBatch(codeAnalysisTools);
+      console.log(`Registered ${codeAnalysisTools.length} code analysis tools`, 'info');
+
       const totalTools = this._tools.list().length;
       console.log(`Total tools registered: ${totalTools}`, 'info');
 

libs/remix-ai-core/src/remix-mcp-server/handlers/CodeAnalysisHandler.ts

@@ -0,0 +1,126 @@
+/**
+ * Code Analysis Tool Handlers for Remix MCP Server
+ */
+
+import { IMCPToolResult } from '../../types/mcp';
+import { BaseToolHandler } from '../registry/RemixToolRegistry';
+import {
+  ToolCategory,
+  RemixToolDefinition
+} from '../types/mcpTools';
+import { Plugin } from '@remixproject/engine';
+import { performSolidityScan } from '@remix-project/core-plugin';
+
+/**
+ * Solidity Scan Tool Handler
+ * Analyzes Solidity code for security vulnerabilities and code quality issues
+ */
+export class SolidityScanHandler extends BaseToolHandler {
+  name = 'solidity_scan';
+  description = 'Scan Solidity smart contracts for security vulnerabilities and code quality issues using SolidityScan API';
+  inputSchema = {
+    type: 'object',
+    properties: {
+      filePath: {
+        type: 'string',
+        description: 'Path to the Solidity file to scan (relative to workspace root)'
+      }
+    },
+    required: ['filePath']
+  };
+
+  getPermissions(): string[] {
+    return ['analysis:scan', 'file:read'];
+  }
+
+  validate(args: { filePath: string }): boolean | string {
+    const required = this.validateRequired(args, ['filePath']);
+    if (required !== true) return required;
+
+    const types = this.validateTypes(args, {
+      filePath: 'string'
+    });
+    if (types !== true) return types;
+
+    if (!args.filePath.endsWith('.sol')) {
+      return 'File must be a Solidity file (.sol)';
+    }
+
+    return true;
+  }
+
+  async execute(args: { filePath: string }, plugin: Plugin): Promise<IMCPToolResult> {
+    try {
+      // Check if file exists
+      const workspace = await plugin.call('filePanel', 'getCurrentWorkspace');
+      const fileName = `${workspace.name}/${args.filePath}`;
+      const filePath = `.workspaces/${fileName}`;
+
+      const exists = await plugin.call('fileManager', 'exists', filePath);
+      if (!exists) {
+        return this.createErrorResult(`File not found: ${args.filePath}`);
+      }
+
+      // Use the core scanning function from remix-core-plugin
+      const scanReport = await performSolidityScan(plugin, args.filePath);
+
+      // Process scan results into structured format
+      const findings = [];
+
+      for (const template of scanReport.multi_file_scan_details || []) {
+        if (template.metric_wise_aggregated_findings?.length) {
+          for (const details of template.metric_wise_aggregated_findings) {
+            for (const finding of details.findings) {
+              findings.push({
+                metric: details.metric_name,
+                severity: details.severity || 'unknown',
+                title: finding.title || details.metric_name,
+                description: finding.description || details.description,
+                lineStart: finding.line_nos_start?.[0],
+                lineEnd: finding.line_nos_end?.[0],
+                file: template.file_name,
+                recommendation: finding.recommendation
+              });
+            }
+          }
+        }
+      }
+
+      const result = {
+        success: true,
+        fileName,
+        scanCompletedAt: new Date().toISOString(),
+        totalFindings: findings.length,
+        findings,
+        summary: {
+          critical: findings.filter(f => f.severity === 'critical').length,
+          high: findings.filter(f => f.severity === 'high').length,
+          medium: findings.filter(f => f.severity === 'medium').length,
+          low: findings.filter(f => f.severity === 'low').length,
+          informational: findings.filter(f => f.severity === 'informational').length
+        }
+      };
+
+      return this.createSuccessResult(result);
+
+    } catch (error) {
+      return this.createErrorResult(`Scan failed: ${error.message}`);
+    }
+  }
+}
+
+/**
+ * Create code analysis tool definitions
+ */
+export function createCodeAnalysisTools(): RemixToolDefinition[] {
+  return [
+    {
+      name: 'solidity_scan',
+      description: 'Scan Solidity smart contracts for security vulnerabilities and code quality issues using SolidityScan API',
+      inputSchema: new SolidityScanHandler().inputSchema,
+      category: ToolCategory.ANALYSIS,
+      permissions: ['analysis:scan', 'file:read'],
+      handler: new SolidityScanHandler()
+    }
+  ];
+}

libs/remix-ai-core/src/remix-mcp-server/index.ts

@@ -16,6 +16,7 @@ export { createFileManagementTools } from './handlers/FileManagementHandler';
 export { createCompilationTools } from './handlers/CompilationHandler';
 export { createDeploymentTools } from './handlers/DeploymentHandler';
 export { createDebuggingTools } from './handlers/DebuggingHandler';
+export { createCodeAnalysisTools } from './handlers/CodeAnalysisHandler';
 
 // Resource Providers
 export { ProjectResourceProvider } from './providers/ProjectResourceProvider';

libs/remix-core-plugin/src/index.ts

@@ -9,3 +9,4 @@ export { LinkLibraries, DeployLibraries } from './lib/link-libraries'
 export { OpenZeppelinProxy } from './lib/openzeppelin-proxy'
 export { fetchContractFromEtherscan } from './lib/helpers/fetch-etherscan'
 export { fetchContractFromBlockscout } from './lib/helpers/fetch-blockscout'
+export { performSolidityScan, handleSolidityScan, type ScanReportRenderer } from './lib/solidity-scan'

libs/remix-core-plugin/src/lib/solidity-scan.ts

@@ -0,0 +1,136 @@
+import axios from 'axios'
+import { endpointUrls } from '@remix-endpoints-helper'
+import { ScanReport } from '@remix-ui/helper'
+
+const _paq = (window._paq = window._paq || [])
+
+/**
+ * Core function to perform Solidity scan and return the scan report
+ * @param api - Remix API instance
+ * @param compiledFileName - Name of the file to scan
+ * @returns Promise with the scan report or throws error
+ */
+export const performSolidityScan = async (api: any, compiledFileName: string): Promise<ScanReport> => {
+  const workspace = await api.call('filePanel', 'getCurrentWorkspace')
+  const fileName = `${workspace.name}/${compiledFileName}`
+  const filePath = `.workspaces/${fileName}`
+  const file = await api.call('fileManager', 'readFile', filePath)
+
+  const urlResponse = await axios.post(`${endpointUrls.solidityScan}/uploadFile`, { file, fileName })
+
+  if (urlResponse.data.status !== 'success') {
+    throw new Error(urlResponse.data.error || 'Failed to upload file to SolidityScan')
+  }
+
+  return new Promise((resolve, reject) => {
+    const ws = new WebSocket(`${endpointUrls.solidityScanWebSocket}/solidityscan`)
+
+    const timeout = setTimeout(() => {
+      ws.close()
+      reject(new Error('Scan timeout'))
+    }, 300000) // 5 minute timeout
+
+    ws.addEventListener('error', (error) => {
+      clearTimeout(timeout)
+      reject(new Error('WebSocket connection failed'))
+    })
+
+    ws.addEventListener('message', async (event) => {
+      try {
+        const data = JSON.parse(event.data)
+
+        if (data.type === "auth_token_register" && data.payload.message === "Auth token registered.") {
+          ws.send(JSON.stringify({
+            action: "message",
+            payload: {
+              type: "private_project_scan_initiate",
+              body: {
+                file_urls: [urlResponse.data.result.url],
+                project_name: "RemixProject",
+                project_type: "new"
+              }
+            }
+          }))
+        } else if (data.type === "scan_status" && data.payload.scan_status === "download_failed") {
+          clearTimeout(timeout)
+          ws.close()
+          reject(new Error(data.payload.scan_status_err_message || 'Scan failed'))
+        } else if (data.type === "scan_status" && data.payload.scan_status === "scan_done") {
+          clearTimeout(timeout)
+          const { data: scanData } = await axios.post(`${endpointUrls.solidityScan}/downloadResult`, { url: data.payload.scan_details.link })
+          const scanReport: ScanReport = scanData.scan_report
+
+          if (scanReport?.multi_file_scan_details?.length) {
+            // Process positions for each template
+            for (const template of scanReport.multi_file_scan_details) {
+              if (template.metric_wise_aggregated_findings?.length) {
+                const positions = []
+                for (const details of template.metric_wise_aggregated_findings) {
+                  for (const f of details.findings)
+                    positions.push(`${f.line_nos_start[0]}:${f.line_nos_end[0]}`)
+                }
+                template.positions = JSON.stringify(positions)
+              }
+            }
+            ws.close()
+            resolve(scanReport)
+          } else {
+            ws.close()
+            reject(new Error('No scan results found'))
+          }
+        }
+      } catch (error) {
+        clearTimeout(timeout)
+        ws.close()
+        reject(error)
+      }
+    })
+  })
+}
+
+/**
+ * Callback type for rendering scan results
+ * @param scanReport - The scan report to render
+ * @param fileName - The name of the scanned file
+ * @returns JSX element or any renderable content for the terminal
+ */
+export type ScanReportRenderer = (scanReport: ScanReport, fileName: string) => any
+
+/**
+ * Handler for Solidity scan with notifications and terminal output
+ * @param api - Remix API instance
+ * @param compiledFileName - Name of the file to scan
+ * @param modalMessage - Error modal title message
+ * @param renderResults - Callback function to render the scan results (e.g., as JSX)
+ */
+export const handleSolidityScan = async (
+  api: any,
+  compiledFileName: string,
+  modalMessage: string,
+  renderResults: ScanReportRenderer
+) => {
+  await api.call('notification', 'toast', 'Processing data to scan...')
+  _paq.push(['trackEvent', 'solidityCompiler', 'solidityScan', 'initiateScan'])
+
+  try {
+    const workspace = await api.call('filePanel', 'getCurrentWorkspace')
+    const fileName = `${workspace.name}/${compiledFileName}`
+
+    await api.call('notification', 'toast', 'Loading scan result in Remix terminal...')
+
+    const scanReport = await performSolidityScan(api, compiledFileName)
+
+    _paq.push(['trackEvent', 'solidityCompiler', 'solidityScan', 'scanSuccess'])
+    const renderedResults = renderResults(scanReport, fileName)
+    await api.call('terminal', 'logHtml', renderedResults)
+  } catch (error) {
+    _paq.push(['trackEvent', 'solidityCompiler', 'solidityScan', 'scanFailed'])
+    await api.call('notification', 'modal', {
+      id: 'SolidityScanError',
+      title: modalMessage,
+      message: error.message || 'Some error occurred! Please try again',
+      okLabel: 'Close'
+    })
+    console.error(error)
+  }
+}

libs/remix-ui/helper/src/index.ts

@@ -6,6 +6,5 @@ export * from './lib/components/custom-dropdown'
 export * from './lib/components/custom-tooltip'
 export * from './lib/components/feedback'
 export * from './lib/components/solScanTable'
-export * from './lib/solidity-scan'
 export type { CompilerReport } from './types/compilerTypes'
 export * from './types/solidity-scan'