目前项目的内容只是为了展示架构的使用所以比较简单一共 5 个 nodeenv_setup根据开发框架下载依赖库完成编译project_parsing根据编译内容以及合约代码对项目的函数调用与业务流程进行解析与总结business_flow_analysis分析合约项目在业务流程层面的安全问题fund_flow_analysis分析合约在资金层面的安全问题summary_output问题去重确认输出漏洞报告其中 3 和 4 是并行执行的。每个节点首先都需要在workflow.dag.yaml文件中进行登记(max_parallel_nodes 为最大并行数量)version: 1 name: solidity_audit runtime: max_parallel_nodes: 2 nodes: - id: env_setup module: nodes/env_setup - id: project_parsing module: nodes/project_parsing - id: fund_flow_analysis module: nodes/fund_flow_analysis - id: business_flow_analysis module: nodes/business_flow_analysis - id: summary_output module: nodes/summary_output为了避免 context 占用过高每个 node 都采用 sub-agent 的形式进行调用调用结果通过输出文件进行返回。所以每个节点之间的关系在 DAG 中对应 edge 的概念根据是节点间的输入输出文档进行关联比如Node1 的输出文档为node1-output.mdNode2 的输入文档也是node1-output.md那么就认为存在一条 Node1 -- Node2 的边。每个节点的输入输出文档定义在节点目录下的node.yaml文件中实现比如上游节点project_parsing的输出内容定义为outputs: - name: project_overview path: project_overview.md format: markdown description: High-level project summary, contract roles, and business flow - name: call_graph path: call_graph.yaml format: yaml description: Compressed call graph per ast_compress_template.yaml - name: business_flows path: business_flows.yaml format: yaml description: Structured function call chains for each business flow而它的下游节点business_flow_analysis的输入定义刚好为上游节点的输出。artifacts: output_dir: ./acai-dag-auditor/artifacts/business_flow_analysis/ inputs: - name: project_overview source: upstream:project_parsing path: project_overview.md required: true description: Project architecture, contract roles, and business flow - name: business_flows source: upstream:project_parsing path: business_flows.yaml required: true description: Structured function call chains for each business flow - name: call_graph source: upstream:project_parsing path: call_graph.yaml required: true description: Compressed call graph with function call edges and risk annotations当上游节点执行完毕且目录中所输出的文件满足了下游节点的输入文件要求时Agent 将会启动 sub-agent 执行下游节点的任务。