### Self-Hosted SolidityGuard Web Application Setup Source: https://github.com/alt-research/solidityguard/blob/main/README.md Instructions for setting up both the backend and frontend of the SolidityGuard web application for self-hosting. This includes installing Python dependencies for the backend and Node.js dependencies for the frontend. ```bash # Backend cd apps/web/backend && pip install -e . uvicorn solidityguard_api.main:app --reload # Frontend (separate terminal) cd apps/web/frontend && npm install && npm run dev # Open http://localhost:5173 ``` -------------------------------- ### Building SolidityGuard Desktop App from Source Source: https://github.com/alt-research/solidityguard/blob/main/README.md Steps to build the SolidityGuard desktop application from its source code. This involves navigating to the desktop app directory, installing dependencies, and starting the development server. ```bash cd apps/desktop && npm install && npm run tauri dev ``` -------------------------------- ### Install SolidityGuard CLI Source: https://context7.com/alt-research/solidityguard/llms.txt Instructions for installing the SolidityGuard CLI tool from source and verifying the installation. ```bash cd apps/cli && pip install -e . solidityguard version ``` -------------------------------- ### CLI Installation Source: https://context7.com/alt-research/solidityguard/llms.txt Instructions to install the SolidityGuard CLI tool from source and verify the installation. ```APIDOC ## CLI Installation Install the CLI tool for local contract scanning. ```bash # Install CLI from source cd apps/cli && pip install -e . # Verify installation solidityguard version # Output: # Version: 1.3.2 # Patterns: 104 (ETH-001 to ETH-104) # Detectors: 50+ # Benchmarks: DeFiVulnLabs 56/56 | Paradigm CTF 24/24 ``` ``` -------------------------------- ### Docker Setup and Usage for SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/README.md Instructions for setting up and running SolidityGuard using Docker. This method allows scanning local contract directories without needing a local Python installation. It also covers launching the web UI. ```bash docker build -t solidityguard . docker run -v ./contracts:/audit solidityguard audit /audit docker compose up ``` -------------------------------- ### Install and Run SolidityGuard API Backend Source: https://github.com/alt-research/solidityguard/blob/main/apps/web/backend/README.md Instructions to install the SolidityGuard backend using pip and run the FastAPI application with uvicorn. The server will be accessible at http://localhost:8000. ```bash pip install -e . uvicorn solidityguard_api.main:app --reload ``` -------------------------------- ### Install SolidityGuard CLI Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Instructions for installing the SolidityGuard command-line tool using pip. This involves navigating to the CLI application directory and executing the installation command. ```bash cd apps/cli pip install -e . ``` -------------------------------- ### REST API - Start Audit with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Initiate a new security audit using the SolidityGuard web API. Supports starting audits via multipart form data with file uploads or a local path, and JSON body for path-based scans. Includes example requests and expected response structure. ```bash # Start audit with file uploads curl -X POST http://localhost:8000/api/audit \ -H "Authorization: Bearer $TOKEN" \ -F "files=@contracts/Token.sol" \ -F "files=@contracts/Vault.sol" \ -F "mode=standard" \ -F "tools=pattern,slither,aderyn" # Start audit with local path (JSON body) curl -X POST http://localhost:8000/api/audit/json \ -H "Content-Type: application/json" \ -d '{ "path": "/path/to/contracts", "mode": "standard", "tools": ["pattern", "slither", "aderyn"] }' # Response: # { # "id": "audit_abc123", # "status": "running", # "phase": 1, # "total_phases": 7, # "phase_name": "Automated Scan", # "percent": 0, # "findings_count": { # "critical": 0, # "high": 0, # "medium": 0, # "low": 0, # "informational": 0, # "total": 0 # } # } ``` -------------------------------- ### Development Setup for SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/CONTRIBUTING.md Commands to clone the repository, set up the development environment for frontend, backend, and desktop applications, and run tests and benchmarks. ```bash git clone https://github.com/alt-research/SolidityGuard.git cd SolidityGuard # Run scanner tests python3 -m pytest .claude/skills/solidity-guard/scripts/test_scanners.py -v # Run CTF benchmarks python3 .claude/skills/solidity-guard/scripts/ctf_benchmark.py --all # Frontend cd apps/web/frontend && npm install && npm run dev # Backend cd apps/web/backend && pip install -e . && uvicorn solidityguard_api.main:app --reload # Desktop cd apps/desktop && npm install && npm run tauri dev ``` -------------------------------- ### CI/CD Integration for SolidityGuard in GitHub Actions Source: https://github.com/alt-research/solidityguard/blob/main/README.md Example of how to integrate SolidityGuard into a GitHub Actions workflow for automated security scanning. This snippet installs the necessary tools and runs a scan, failing the build if critical vulnerabilities are found. ```yaml - name: Run SolidityGuard run: | pip install slither-analyzer python3 scripts/solidity_guard.py scan --path ./contracts --json # Fail on critical findings CRITICAL=$(python3 -c "import json; d=json.load(open('results.json')); print(d.get('summary',{}).get('critical',0))") if [ "$CRITICAL" -gt 0 ]; then exit 1; fi ``` -------------------------------- ### Install Linux System Dependencies Source: https://github.com/alt-research/solidityguard/blob/main/apps/desktop/README.md Installs the necessary system-level libraries required for Tauri development on Linux environments. This includes WebKitGTK and GTK development headers. ```bash sudo apt install libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev ``` -------------------------------- ### SolidityGuard CLI Terminal UI Example Source: https://github.com/alt-research/solidityguard/blob/main/apps/DESIGN.md An example of the terminal user interface for the SolidityGuard CLI application, showcasing audit progress, findings summary, and top critical findings. This UI is built using the Rich library for enhanced terminal output. ```text ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ SolidityGuard v1.0 — Smart Contract Security ┃ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Target: ./contracts (5 files, 1,234 lines) Tools: Slither ✓ Aderyn ✓ Mythril ✗ Pattern Scanner ✓ ━━━ Audit Progress ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Phase 1/7 Automated Scan ████████████████████ 100% Phase 2/7 Finding Verification ████████████░░░░░░░░ 60% Phase 3/7 Pattern Analysis ░░░░░░░░░░░░░░░░░░░░ 0% ━━━ Findings ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CRITICAL 2 ││████████████████████ HIGH 5 ││██████████████████████████████████████████████████ MEDIUM 3 ││████████████████████████████ LOW 4 ││████████████████████████████████████████ INFO 2 ││████████████████████ ━━━ Top Findings ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CRITICAL ETH-001 Single-function Reentrancy contracts/Vault.sol:45 │ Confidence: 95% State update after external call CRITICAL ETH-019 Delegatecall to Untrusted Callee contracts/Proxy.sol:23 │ Confidence: 90% delegatecall with user-supplied target HIGH ETH-024 Oracle Manipulation contracts/Lending.sol:89 │ Confidence: 85% getReserves() used for rate calculation ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Score: 35/100 │ 16 findings │ Report: ./audit-report.md ``` -------------------------------- ### Check Available Security Tools Source: https://context7.com/alt-research/solidityguard/llms.txt Command to verify which external security analysis tools are installed and available for use within the SolidityGuard workflow. ```bash solidityguard tools ``` -------------------------------- ### Build and Run Commands (Shell) Source: https://github.com/alt-research/solidityguard/blob/main/apps/DESIGN.md Shell commands for building and running different components of the SolidityGuard project. This includes setting up the Python environment for the CLI and web backend, and installing dependencies and running development servers for the web frontend and desktop application. ```bash # CLI cd apps/cli && pip install -e . && solidityguard audit ./contracts # Web (development) cd apps/web/backend && pip install -e . && uvicorn solidityguard_api.main:app --reload cd apps/web/frontend && npm install && npm run dev # Desktop (development) cd apps/desktop && npm install && npm run tauri dev # Desktop (build for distribution) cd apps/desktop && npm run tauri build ``` -------------------------------- ### Solidity Finding Format Example Source: https://github.com/alt-research/solidityguard/blob/main/apps/openclaw-skill/SKILL.md This snippet demonstrates the standard format for reporting a smart contract vulnerability. It includes severity, vulnerability ID, location, confidence score, category, a detailed description, evidence of the vulnerability in code, an attack scenario, and a recommendation for fixing the issue. ```markdown ## [SEVERITY] ETH-XXX: Vulnerability Name **Location**: `contracts/File.sol:123` (functionName) **Confidence**: 0.XX **Category**: Category Name ### Description What the vulnerability is and why it matters. ### Evidence ```solidity // Vulnerable code from contracts/File.sol:123 ``` ### Attack Scenario 1. Attacker calls functionA() 2. During callback, attacker re-enters functionB() 3. State is inconsistent, allowing double withdrawal ### Recommendation ```solidity // Fixed code ``` ``` -------------------------------- ### Tool Integration for Smart Contract Analysis Source: https://github.com/alt-research/solidityguard/blob/main/apps/openclaw-skill/SKILL.md This table lists essential tools for smart contract security analysis, including their installation commands and primary purpose. These tools aid in identifying vulnerabilities and ensuring code integrity. ```bash # Slither: Primary static analyzer pip install slither-analyzer # Aderyn: Fast Rust-based analyzer curl -L https://raw.githubusercontent.com/Cyfrin/aderyn/dev/cyfrinup/install | bash && cyfrinup # Mythril: Symbolic execution pip install mythril # Foundry: Testing + fuzzing curl -L https://foundry.paradigm.xyz | bash && foundryup ``` -------------------------------- ### Check Available Tools Source: https://context7.com/alt-research/solidityguard/llms.txt Verify which security analysis tools are installed and available for use with SolidityGuard. ```APIDOC ## Check Available Tools Verify which security analysis tools are installed and available. ```bash solidityguard tools # Example output: # ┌─────────────────┬───────────┬─────────────────────────────────────────┐ # │ Tool │ Available │ Version │ # ├─────────────────┼───────────┼─────────────────────────────────────────┤ # │ Slither │ ✓ │ 0.10.0 │ # │ Aderyn │ ✓ │ 0.4.0 │ # │ Mythril │ ✗ │ pip install mythril │ # │ Foundry │ ✓ │ forge 0.2.0 │ # │ Echidna │ ✓ │ 2.2.0 │ # │ Medusa │ ✗ │ Install from Trail of Bits │ ``` ``` -------------------------------- ### Get Information with SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Commands to retrieve information about SolidityGuard, including listing all available patterns (with optional category filtering), checking tool availability, and displaying the current version. ```bash solidityguard patterns solidityguard patterns --category defi solidityguard tools solidityguard version ``` -------------------------------- ### Configure ESLint for React and React DOM Linting Source: https://github.com/alt-research/solidityguard/blob/main/apps/web/frontend/README.md This configuration integrates `eslint-plugin-react-x` and `eslint-plugin-react-dom` to enable React and React DOM specific lint rules. It requires installing these plugins and configuring them within your ESLint setup, along with project TypeScript configurations. ```javascript // eslint.config.js import reactX from 'eslint-plugin-react-x' import reactDom from 'eslint-plugin-react-dom' export default defineConfig([ globalIgnores(['dist']), { files: ['**/*.{ts,tsx}'] extends: [ // Other configs... // Enable lint rules for React reactX.configs['recommended-typescript'], // Enable lint rules for React DOM reactDom.configs.recommended, ], languageOptions: { parserOptions: { project: ['./tsconfig.node.json', './tsconfig.app.json'], tsconfigRootDir: import.meta.dirname, }, // other options... }, }, ]) ``` -------------------------------- ### REST API - Start Audit Source: https://context7.com/alt-research/solidityguard/llms.txt Start a new security audit via the web API. The POST endpoint accepts multipart form data with uploaded files or a local path for scanning. ```APIDOC ## REST API - Start Audit Start a new security audit via the web API. The POST endpoint accepts multipart form data with uploaded files or a local path for scanning. ```bash # Start audit with file uploads curl -X POST http://localhost:8000/api/audit \ -H "Authorization: Bearer $TOKEN" \ -F "files=@contracts/Token.sol" \ -F "files=@contracts/Vault.sol" \ -F "mode=standard" \ -F "tools=pattern,slither,aderyn" # Start audit with local path (JSON body) curl -X POST http://localhost:8000/api/audit/json \ -H "Content-Type: application/json" \ -d '{ "path": "/path/to/contracts", "mode": "standard", "tools": ["pattern", "slither", "aderyn"] }' # Response: { "id": "audit_abc123", "status": "running", "phase": 1, "total_phases": 7, "phase_name": "Automated Scan", "percent": 0, "findings_count": { "critical": 0, "high": 0, "medium": 0, "low": 0, "informational": 0, "total": 0 } } ``` ``` -------------------------------- ### GET /api/patterns Source: https://context7.com/alt-research/solidityguard/llms.txt Retrieves information about supported vulnerability patterns, with options to filter by category or severity. ```APIDOC ## GET /api/patterns ### Description Retrieve the list of all 104 vulnerability patterns supported by SolidityGuard. ### Method GET ### Endpoint /api/patterns ### Parameters #### Query Parameters - **category** (string) - Optional - Filter patterns by vulnerability category (e.g., reentrancy) - **severity** (string) - Optional - Filter patterns by severity level (e.g., CRITICAL) ### Request Example curl "http://localhost:8000/api/patterns?category=reentrancy" ### Response #### Success Response (200) - **id** (string) - Pattern ID - **title** (string) - Pattern name - **severity** (string) - Severity level #### Response Example { "id": "ETH-001", "title": "Single-function Reentrancy", "severity": "CRITICAL" } ``` -------------------------------- ### Generate Fuzz Tests with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Generate Foundry invariant tests and Echidna property tests from scan findings. Can generate both types, or specify Foundry or Echidna only. Shows example generated files and how to run them. ```bash # Generate both Foundry and Echidna tests solidityguard generate-fuzz findings.json ./contracts -o test/ # Generate Foundry invariant tests only solidityguard generate-fuzz findings.json ./contracts --foundry-only # Generate Echidna property tests only solidityguard generate-fuzz findings.json ./contracts --echidna-only # Generated files: # test/SolidityGuard.invariant.t.sol (Foundry) # test/echidna/SolidityGuardEchidna.sol # test/echidna/echidna.yaml # Run generated tests: # Foundry: forge test --match-contract SolidityGuardInvariantTest -vvvv # Echidna: echidna . --contract SolidityGuardEchidnaTest --config test/echidna/echidna.yaml ``` -------------------------------- ### GET /api/tools Source: https://context7.com/alt-research/solidityguard/llms.txt Checks the availability and version information of integrated security analysis tools on the server. ```APIDOC ## GET /api/tools ### Description Check which security analysis tools are available on the server. ### Method GET ### Endpoint /api/tools ### Response #### Success Response (200) - **tool_name** (object) - Tool status, version, and description #### Response Example { "slither": { "available": true, "version": "0.10.0" } } ``` -------------------------------- ### YAML: GitHub Actions CI Integration Source: https://context7.com/alt-research/solidityguard/llms.txt This YAML configuration sets up a GitHub Actions workflow to automate security audits using SolidityGuard on push or pull request events to the main branch. It installs dependencies, runs the audit, checks for critical findings, and uploads the results. ```yaml # .github/workflows/security-audit.yml name: Security Audit on: push: branches: [main] pull_request: branches: [main] jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install dependencies run: | pip install slither-analyzer pip install -e apps/cli - name: Run SolidityGuard audit run: | solidityguard audit ./contracts --quick -o findings.json - name: Check for critical findings run: | CRITICAL=$(python3 -c " import json with open('findings.json') as f: data = json.load(f) print(data.get('summary', {}).get('critical', 0)) ") echo "Critical findings: $CRITICAL" if [ "$CRITICAL" -gt 0 ]; then echo "::error::Found $CRITICAL critical vulnerabilities" exit 1 fi - name: Upload findings uses: actions/upload-artifact@v4 with: name: security-findings path: findings.json ``` -------------------------------- ### REST API - Get Findings with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Fetch detailed security findings for a completed audit. Supports filtering findings by severity (e.g., CRITICAL) or category (e.g., reentrancy). ```bash # Get all findings curl http://localhost:8000/api/audit/audit_abc123/findings # Filter by severity curl "http://localhost:8000/api/audit/audit_abc123/findings?severity=CRITICAL" # Filter by category curl "http://localhost:8000/api/audit/audit_abc123/findings?category=reentrancy" ``` -------------------------------- ### Configure ESLint for Type-Aware Linting in TypeScript Source: https://github.com/alt-research/solidityguard/blob/main/apps/web/frontend/README.md This configuration extends ESLint to enable type-aware lint rules for TypeScript files. It requires specifying project configuration files and the root directory. Ensure you have the necessary ESLint plugins and configurations installed. ```javascript export default defineConfig([ globalIgnores(['dist']), { files: ['**/*.{ts,tsx}'] extends: [ // Other configs... // Remove tseslint.configs.recommended and replace with this tseslint.configs.recommendedTypeChecked, // Alternatively, use this for stricter rules tseslint.configs.strictTypeChecked, // Optionally, add this for stylistic rules tseslint.configs.stylisticTypeChecked, // Other configs... ], languageOptions: { parserOptions: { project: ['./tsconfig.node.json', './tsconfig.app.json'], tsconfigRootDir: import.meta.dirname, }, // other options... }, }, ]) ``` -------------------------------- ### Development Workflow Commands Source: https://github.com/alt-research/solidityguard/blob/main/apps/desktop/README.md Commands to initialize the project environment and launch the development servers for both the React frontend and the Tauri desktop application. ```bash npm install cd ../web/frontend && npm run dev npm run tauri:dev ``` -------------------------------- ### Benchmark with SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Commands to run performance benchmarks for SolidityGuard. Benchmarks can be run for DeFiVulnLabs, Paradigm CTF, or a combined set of all benchmarks. ```bash solidityguard benchmark solidityguard benchmark --paradigm solidityguard benchmark --all ``` -------------------------------- ### Run SolidityGuard Benchmark Source: https://github.com/alt-research/solidityguard/blob/main/knowledge-base/ctf-test-matrix.md Commands to execute the benchmark tool. Supports dry runs, full repository cloning and scanning, local path execution, and JSON output generation. ```bash # Dry run — show mapping only (no network) python3 ctf_benchmark.py --dry-run # Full benchmark — clone and scan python3 ctf_benchmark.py # Use existing clone python3 ctf_benchmark.py --repo-path /tmp/DeFiVulnLabs # Save results as JSON python3 ctf_benchmark.py --output benchmark-results.json ``` -------------------------------- ### Programmatic Scanning with Python SDK Source: https://context7.com/alt-research/solidityguard/llms.txt Demonstrates how to use the SolidityGuard Python library to execute pattern scanning, Slither, and Aderyn analysis on local contract directories. ```python from solidity_guard import scan_patterns, run_slither, run_aderyn findings = scan_patterns("./contracts") for finding in findings: print(f"{finding.id}: {finding.title} at {finding.file}:{finding.line}") slither_findings = run_slither("./contracts") aderyn_findings = run_aderyn("./contracts") ``` -------------------------------- ### GET /api/audit/:id Source: https://github.com/alt-research/solidityguard/blob/main/apps/DESIGN.md Retrieves the current status and summary of a specific audit. ```APIDOC ## GET /api/audit/:id ### Description Fetches the current progress, status, and findings summary for an audit session. ### Method GET ### Endpoint /api/audit/:id ### Parameters #### Path Parameters - **id** (string) - Required - The unique audit session ID ### Response #### Success Response (200) - **status** (string) - Current state (pending, running, complete, failed) - **progress** (float) - Completion percentage (0.0 - 1.0) - **findings_count** (dict) - Map of severity levels to counts ``` -------------------------------- ### SolidityGuard CLI Commands Source: https://github.com/alt-research/solidityguard/blob/main/apps/DESIGN.md Demonstrates various commands for the SolidityGuard command-line interface, including auditing, scanning, reporting, benchmarking, and information retrieval. These commands allow users to interact with the scanner core for different security analysis tasks. ```bash solidityguard audit ./contracts solidityguard audit ./contracts --deep solidityguard audit ./contracts --quick solidityguard scan ./contracts solidityguard scan ./contracts --category reentrancy solidityguard scan ./contracts --pattern ETH-001 solidityguard report ./findings.json --format pdf solidityguard report ./findings.json --format markdown solidityguard benchmark solidityguard benchmark --paradigm solidityguard benchmark --all solidityguard patterns solidityguard patterns --category defi solidityguard tools solidityguard version ``` -------------------------------- ### REST API - Get Audit Status Source: https://context7.com/alt-research/solidityguard/llms.txt Check the status and progress of a running or completed audit. ```APIDOC ## REST API - Get Audit Status Check the status and progress of a running or completed audit. ```bash curl http://localhost:8000/api/audit/audit_abc123 # Response: { "id": "audit_abc123", "status": "complete", "phase": 7, "total_phases": 7, "phase_name": "Report Generation", "percent": 100, "findings_count": { "critical": 2, "high": 5, "medium": 8, "low": 3, "informational": 4, "total": 22 }, "score": 47 } ``` ``` -------------------------------- ### REST API - Get Findings Source: https://context7.com/alt-research/solidityguard/llms.txt Retrieve detailed findings for a completed audit with optional filtering. ```APIDOC ## REST API - Get Findings Retrieve detailed findings for a completed audit with optional filtering. ```bash # Get all findings curl http://localhost:8000/api/audit/audit_abc123/findings # Filter by severity curl "http://localhost:8000/api/audit/audit_abc123/findings?severity=CRITICAL" # Filter by category curl "http://localhost:8000/api/audit/audit_abc123/findings?category=reentrancy" ``` ``` -------------------------------- ### Testing and Verification in SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/CONTRIBUTING.md Commands for running specific tests and benchmarks within the SolidityGuard project to verify code changes and ensure no regressions. ```bash python3 -m pytest test_scanners.py -v ``` ```bash python3 ctf_benchmark.py --all ``` ```bash python3 -m pytest .claude/skills/solidity-guard/scripts/test_scanners.py -v ``` ```bash python3 -m pytest apps/web/backend/ -v ``` ```bash cd apps/web/frontend && npx tsc --noEmit ``` -------------------------------- ### GET /api/audit/{id}/report Source: https://context7.com/alt-research/solidityguard/llms.txt Retrieves the full security audit report for a specific scan ID, including summary scores and individual findings. ```APIDOC ## GET /api/audit/{id}/report ### Description Retrieve the full audit report for a completed scan. ### Method GET ### Endpoint /api/audit/{id}/report ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the audit scan. ### Request Example curl http://localhost:8000/api/audit/audit_abc123/report ### Response #### Success Response (200) - **id** (string) - Audit ID - **score** (integer) - Security score - **summary** (object) - Breakdown of findings by severity #### Response Example { "id": "audit_abc123", "score": 47, "summary": { "critical": 2, "high": 5, "total": 22 } } ``` -------------------------------- ### SolidityGuard CLI File Structure Source: https://github.com/alt-research/solidityguard/blob/main/apps/DESIGN.md Illustrates the directory structure for the SolidityGuard CLI application, highlighting key Python files and configuration. This structure organizes the code for the command-line interface, including UI components and scanner wrappers. ```text apps/cli/ ├── pyproject.toml ├── solidityguard/ │ ├── __init__.py │ ├── __main__.py # python -m solidityguard │ ├── cli.py # Click command definitions │ ├── ui.py # Rich UI components (panels, tables, progress) │ ├── scanner.py # Wrapper around solidity_guard.scan_patterns() │ └── config.py # CLI configuration └── README.md ``` -------------------------------- ### Run EVMBench Benchmark with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Execute the EVMBench smart contract audit benchmark, which includes 40 audits and 120 vulnerabilities. Supports different modes like detection, exploit, and patch, as well as options for specific audits, dry runs, JSON output, and verbose logging. ```bash # Detection mode (local scanner) solidityguard evmbench --mode detect # Run specific audit solidityguard evmbench --audit 2024-01-curves # Dry run (show ground truth without scanning) solidityguard evmbench --dry-run # JSON output solidityguard evmbench --output json # Verbose output with findings solidityguard evmbench --verbose # Exploit mode (requires nanoeval framework) solidityguard evmbench --mode exploit # Patch mode solidityguard evmbench --mode patch ``` -------------------------------- ### SolidityGuard API WebSocket Messages Source: https://github.com/alt-research/solidityguard/blob/main/apps/web/backend/README.md Examples of JSON messages exchanged over the WebSocket for real-time audit progress and results. These messages include status updates, findings, and completion summaries. ```json {"type": "phase", "phase": 2, "total": 7, "name": "Automated Scan", "percent": 0} {"type": "progress", "phase": 2, "total": 7, "name": "Automated Scan", "percent": 100} {"type": "finding", "finding": {"id": "ETH-001", "severity": "CRITICAL", ...}} {"type": "complete", "summary": {"critical": 2, "high": 5, ...}, "score": 35} {"type": "error", "message": "..."} ``` -------------------------------- ### Run CTF Benchmarks with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Validate scanner detection rates against various Capture The Flag (CTF) benchmarks. Supports running individual benchmarks like DeFiVulnLabs or Paradigm, or all benchmarks combined. ```bash # Run DeFiVulnLabs benchmark (56 contracts) solidityguard benchmark # Run Paradigm CTF benchmark (24 challenges) solidityguard benchmark --paradigm # Run all benchmarks combined (85 challenges) solidityguard benchmark --all # Example output: # CTF Benchmark Results # ───────────────────── # DeFiVulnLabs: 56/56 (100%) # Paradigm 2021: 10/10 (100%) # Paradigm 2022: 7/7 (100%) # Paradigm 2023: 7/7 (100%) # R3CTF 2025: 2/2 (100%) # HTB CA 2025: 3/3 (100%) # ───────────────────── # Total: 85/85 (100%) ``` -------------------------------- ### REST API - Get Audit Status with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Retrieve the current status and progress of a security audit using its unique ID. The response includes details on the audit's status, current phase, completion percentage, and a summary of findings. ```bash curl http://localhost:8000/api/audit/audit_abc123 # Response: # { # "id": "audit_abc123", # "status": "complete", # "phase": 7, # "total_phases": 7, # "phase_name": "Report Generation", # "percent": 100, # "findings_count": { # "critical": 2, # "high": 5, # "medium": 8, # "low": 3, # "informational": 4, # "total": 22 # }, # "score": 47 # } ``` -------------------------------- ### Production Build Commands Source: https://github.com/alt-research/solidityguard/blob/main/apps/desktop/README.md Commands to compile the React frontend assets and package the final desktop application using the Tauri build pipeline. ```bash cd ../web/frontend && npm run build npm run tauri:build ``` -------------------------------- ### Run SolidityGuard as a Python Module Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Demonstrates how to execute SolidityGuard functionalities directly as a Python module. This allows integration into Python scripts or workflows. ```python python -m solidityguard version python -m solidityguard audit ./contracts ``` -------------------------------- ### Docker Usage for SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Instructions for using SolidityGuard within a Docker environment for isolated scanning. Covers building the Docker image, scanning local contracts, and running the web dashboard using Docker Compose. ```bash # Build Docker image docker build -t solidityguard . # Scan local contracts directory docker run -v ./contracts:/audit solidityguard audit /audit # Run web dashboard with Docker Compose docker compose up # Dashboard at http://localhost:8000 ``` -------------------------------- ### Query Vulnerability Patterns Source: https://context7.com/alt-research/solidityguard/llms.txt Shows how to list all supported vulnerability patterns, filter them by category or severity, and retrieve details for a specific pattern ID. ```bash curl http://localhost:8000/api/patterns curl "http://localhost:8000/api/patterns?category=reentrancy" curl "http://localhost:8000/api/patterns?severity=CRITICAL" curl http://localhost:8000/api/patterns/ETH-001 ``` -------------------------------- ### Run EVMBench Benchmark Source: https://context7.com/alt-research/solidityguard/llms.txt Run the EVMBench smart contract audit benchmark (40 audits, 120 vulnerabilities). ```APIDOC ## Run EVMBench Benchmark Run the EVMBench smart contract audit benchmark (40 audits, 120 vulnerabilities). ```bash # Detection mode (local scanner) solidityguard evmbench --mode detect # Run specific audit solidityguard evmbench --audit 2024-01-curves # Dry run (show ground truth without scanning) solidityguard evmbench --dry-run # JSON output solidityguard evmbench --output json # Verbose output with findings solidityguard evmbench --verbose # Exploit mode (requires nanoeval framework) solidityguard evmbench --mode exploit # Patch mode solidityguard evmbench --mode patch ``` ``` -------------------------------- ### List Vulnerability Patterns Source: https://context7.com/alt-research/solidityguard/llms.txt Commands to display the 104 supported vulnerability patterns, with filtering capabilities by category. ```bash solidityguard patterns solidityguard patterns --category reentrancy ``` -------------------------------- ### Docker Usage Source: https://context7.com/alt-research/solidityguard/llms.txt Run SolidityGuard in Docker for isolated scanning. ```APIDOC ## Docker Usage Run SolidityGuard in Docker for isolated scanning. ```bash # Build Docker image docker build -t solidityguard . # Scan local contracts directory docker run -v ./contracts:/audit solidityguard audit /audit # Run web dashboard with Docker Compose docker compose up # Dashboard at http://localhost:8000 ``` ``` -------------------------------- ### Tauri Native Commands Source: https://github.com/alt-research/solidityguard/blob/main/apps/desktop/README.md Overview of the native Rust commands available to the frontend application for system interaction. ```APIDOC ## invoke('select_contracts_dir') ### Description Opens a native OS directory picker dialog to allow the user to select a project directory. ### Method INVOKE (Tauri Bridge) ### Endpoint select_contracts_dir ### Response - **path** (string) - The absolute path to the selected directory. --- ## invoke('check_tools') ### Description Verifies if required security analysis tools are installed and available in the system PATH. ### Method INVOKE (Tauri Bridge) ### Endpoint check_tools ### Response - **results** (object) - A map of tool names (slither, aderyn, mythril, forge) to boolean values indicating availability. --- ## invoke('greet') ### Description A diagnostic command used to verify the communication bridge between the React frontend and the Rust backend. ### Method INVOKE (Tauri Bridge) ### Endpoint greet ### Parameters #### Request Body - **name** (string) - Optional - A name to include in the greeting message. ### Response - **message** (string) - A confirmation string indicating the bridge is functional. ``` -------------------------------- ### Exploit Case Study Markdown Format Source: https://github.com/alt-research/solidityguard/blob/main/CONTRIBUTING.md The required markdown format for submitting exploit case studies to the SolidityGuard knowledge base. ```markdown # Incident Name ($XXM Loss) ## Summary Brief description. ## Root Cause ETH-XXX: Pattern name ## Attack Steps 1. Step one 2. Step two ## Remediation How to prevent this. ``` -------------------------------- ### Generate Reports with SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Commands to generate security audit reports from findings.json files. Supports multiple output formats including Markdown and PDF. ```bash solidityguard report findings.json --format markdown solidityguard report findings.json --format pdf ``` -------------------------------- ### Bash: Claude Code Slash Commands Source: https://context7.com/alt-research/solidityguard/llms.txt This section lists various bash commands for interacting with SolidityGuard as a Claude Code agent. It covers performing full audits, deep analysis, specific scans (reentrancy, access control), generating reports, and generating fuzz tests using simple slash commands. ```bash # Full 7-phase security audit /audit ./contracts # Multi-agent parallel deep analysis /deep-audit ./contracts # Focused reentrancy scan /scan-reentrancy ./contracts # Focused access control scan /scan-access-control ./contracts # Generate professional report from findings /report ./findings.json # Generate Foundry/Echidna fuzz tests /generate-fuzz ./contracts ``` -------------------------------- ### Run CTF Benchmarks Source: https://context7.com/alt-research/solidityguard/llms.txt Validate scanner detection rates against CTF benchmarks. ```APIDOC ## Run CTF Benchmarks Validate scanner detection rates against CTF benchmarks. ```bash # Run DeFiVulnLabs benchmark (56 contracts) solidityguard benchmark # Run Paradigm CTF benchmark (24 challenges) solidityguard benchmark --paradigm # Run all benchmarks combined (85 challenges) solidityguard benchmark --all # Example output: # CTF Benchmark Results # ───────────────────── # DeFiVulnLabs: 56/56 (100%) # Paradigm 2021: 10/10 (100%) # Paradigm 2022: 7/7 (100%) # Paradigm 2023: 7/7 (100%) # R3CTF 2025: 2/2 (100%) # HTB CA 2025: 3/3 (100%) # ───────────────────── # Total: 85/85 (100%) ``` ``` -------------------------------- ### Perform Full Audit with SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Commands to perform a full security audit of Solidity contracts using the SolidityGuard CLI. Options include quick scans (pattern scanner only) and outputting findings to a JSON file. ```bash solidityguard audit ./contracts solidityguard audit ./contracts --quick solidityguard audit ./contracts -o findings.json ``` -------------------------------- ### Creating a Feature Branch Source: https://github.com/alt-research/solidityguard/blob/main/CONTRIBUTING.md Git command to create a new branch for developing a feature or improvement in the SolidityGuard repository. ```bash git checkout -b feature/my-improvement ``` -------------------------------- ### Check Security Tool Availability Source: https://context7.com/alt-research/solidityguard/llms.txt Retrieves the status and version information for all integrated security analysis tools available on the server. ```bash curl http://localhost:8000/api/tools ``` -------------------------------- ### Run Full Security Audit Source: https://context7.com/alt-research/solidityguard/llms.txt Commands to execute a comprehensive security audit on Solidity contracts using integrated security tools, with options for quick scans and output formatting. ```bash solidityguard audit ./contracts solidityguard audit ./contracts --quick solidityguard audit ./contracts -o findings.json solidityguard audit ./contracts --max-findings 20 ``` -------------------------------- ### Generate Audit Reports with SolidityGuard Source: https://context7.com/alt-research/solidityguard/llms.txt Generate professional audit reports in Markdown or PDF format from scan findings. Supports adding project and client metadata. PDF generation requires pandoc. ```bash # Generate Markdown report solidityguard report findings.json --format markdown -o audit-report.md # Generate PDF report (requires pandoc) solidityguard report findings.json --format pdf -o audit-report.pdf # Add project and client metadata solidityguard report findings.json -o report.md --project "DeFi Protocol" --client "Acme Corp" ``` -------------------------------- ### Retrieve Audit Reports via REST API Source: https://context7.com/alt-research/solidityguard/llms.txt Demonstrates how to fetch audit report data in Markdown format or download the full report as a PDF using curl commands. ```bash curl http://localhost:8000/api/audit/audit_abc123/report curl -o audit-report.pdf http://localhost:8000/api/audit/audit_abc123/report/pdf ``` -------------------------------- ### Audit Initiation API Source: https://github.com/alt-research/solidityguard/blob/main/apps/web/backend/README.md Endpoints for initiating and managing smart contract audits. ```APIDOC ## POST /api/audit ### Description Starts a new security audit by uploading smart contract files. ### Method POST ### Endpoint /api/audit ### Parameters #### Request Body - **files** (multipart/form-data) - Required - The smart contract source files to be audited. - **tool_configs** (JSON string) - Optional - Configuration for specific tools. ### Request Example (Multipart form data with file uploads) ### Response #### Success Response (200) - **audit_id** (string) - The unique identifier for the initiated audit. - **status** (string) - The initial status of the audit (e.g., "pending"). #### Response Example { "audit_id": "audit-12345", "status": "pending" } ``` ```APIDOC ## POST /api/audit/json ### Description Starts a new security audit using a JSON body that specifies the path to local files or a Git repository. ### Method POST ### Endpoint /api/audit/json ### Parameters #### Request Body - **source_path** (string) - Required - The local path or Git repository URL of the smart contract code. - **tool_configs** (object) - Optional - Configuration for specific tools. ### Request Example ```json { "source_path": "/path/to/your/contracts" } ``` ### Response #### Success Response (200) - **audit_id** (string) - The unique identifier for the initiated audit. - **status** (string) - The initial status of the audit (e.g., "pending"). #### Response Example { "audit_id": "audit-67890", "status": "pending" } ``` ```APIDOC ## GET /api/audit/{id} ### Description Retrieves the current status of a specific security audit. ### Method GET ### Endpoint /api/audit/{id} ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the audit. ### Request Example None ### Response #### Success Response (200) - **audit_id** (string) - The unique identifier of the audit. - **status** (string) - The current status of the audit (e.g., "running", "completed", "failed"). - **progress** (object) - Information about the audit progress. - **current_phase** (string) - The name of the current phase. - **percentage** (number) - The completion percentage of the current phase. #### Response Example { "audit_id": "audit-12345", "status": "running", "progress": { "current_phase": "Automated Scan", "percentage": 50 } } ``` ```APIDOC ## GET /api/audit/{id}/findings ### Description Retrieves the security findings for a completed audit. Supports filtering by severity and category. ### Method GET ### Endpoint /api/audit/{id}/findings ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the audit. #### Query Parameters - **severity** (string) - Optional - Filter findings by severity level (e.g., "CRITICAL", "HIGH"). - **category** (string) - Optional - Filter findings by vulnerability category. ### Request Example None ### Response #### Success Response (200) - **findings** (array) - A list of security findings. - **id** (string) - The unique identifier of the finding. - **pattern_id** (string) - The ID of the vulnerability pattern. - **severity** (string) - The severity level. - **category** (string) - The vulnerability category. - **description** (string) - A description of the finding. - **location** (string) - The location in the code where the finding occurred. #### Response Example { "findings": [ { "id": "finding-abc", "pattern_id": "ETH-001", "severity": "CRITICAL", "category": "Reentrancy", "description": "Potential reentrancy vulnerability detected.", "location": "contracts/MyToken.sol:105" } ] } ``` ```APIDOC ## GET /api/audit/{id}/report ### Description Retrieves the security audit report in Markdown format. ### Method GET ### Endpoint /api/audit/{id}/report ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the audit. ### Request Example None ### Response #### Success Response (200) - **report** (string) - The audit report content in Markdown format. #### Response Example ```markdown # Security Audit Report ## Summary - **Critical Findings**: 2 - **High Findings**: 5 ## Detailed Findings ### Reentrancy (CRITICAL) - **Location**: contracts/MyToken.sol:105 - **Description**: Potential reentrancy vulnerability detected. ``` ``` -------------------------------- ### Perform Targeted Scans with SolidityGuard Source: https://github.com/alt-research/solidityguard/blob/main/apps/cli/README.md Commands for performing targeted security scans on Solidity contracts. Users can scan for all patterns, filter by category (e.g., reentrancy), or scan for specific pattern IDs (e.g., ETH-001). ```bash solidityguard scan ./contracts solidityguard scan ./contracts --category reentrancy solidityguard scan ./contracts --pattern ETH-001 ``` -------------------------------- ### Monitor Real-time Audit Progress via WebSockets Source: https://context7.com/alt-research/solidityguard/llms.txt Provides a JavaScript implementation for connecting to the WebSocket stream to receive real-time updates on scan phases, progress percentages, and findings. ```javascript const ws = new WebSocket('ws://localhost:8000/api/audit/audit_abc123/stream'); ws.onmessage = (event) => { const msg = JSON.parse(event.data); switch (msg.type) { case 'phase': console.log(`Phase ${msg.phase}/${msg.total}: ${msg.name}`); break; case 'progress': console.log(`Progress: ${msg.percent}%`); break; case 'finding': console.log(`New finding: ${msg.finding.id} - ${msg.finding.title}`); break; case 'complete': console.log(`Audit complete! Score: ${msg.score}/100`); break; case 'error': console.error(`Error: ${msg.message}`); break; } }; ```