[LLM_API_KEY: API key for LLM providerLOG_LEVEL: Logging level (DEBUG, INFO, WARNING, ERROR)
- Install pre-commit hooksnse-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)
A multi-agent system for comprehensive smart contract security analysis using static analysis, dynamic testing, and machine learning.
π§ Under Active Development - This project is currently in early development. APIs and features are subject to change.
- π€ Multi-Agent Architecture: Specialized agents for different analysis types
- π Static Analysis: Integration with Slither and other static analyzers
- π§ͺ Dynamic Analysis: Symbolic execution and fuzzing capabilities
- π§ ML-Powered Detection: Machine learning models for vulnerability detection
- π REST API: Easy integration with existing workflows
- π Comprehensive Reporting: Detailed vulnerability reports with severity classification
- π Sandboxed Execution: Safe contract analysis in isolated environments
- π Telemetry & Monitoring: Built-in logging, metrics, and tracing
agent/
βββ .github/workflows/ # CI/CD workflows
βββ .vscode/ # VS Code settings
βββ scripts/ # Utility scripts (lint, test, format)
βββ docs/ # Documentation
β βββ architecture.md # System architecture
β βββ agents.md # Agent documentation
β βββ api.md # API documentation
β βββ pipelines.md # Pipeline documentation
β βββ research/ # Research papers and notes
βββ models/ # ML models
β βββ transformers/ # Transformer models
β βββ gnn/ # Graph Neural Network models
βββ data/ # Data storage
β βββ contracts/ # Smart contract samples
β βββ datasets/ # Training datasets
βββ tests/ # Test suites
β βββ unit/ # Unit tests
β βββ integration/ # Integration tests
β βββ e2e/ # End-to-end tests
β βββ load/ # Load tests
β βββ fixtures/ # Test fixtures
βββ src/oal_agent/ # Main source code
β βββ app/ # FastAPI application
β βββ core/ # Core orchestration
β βββ agents/ # Analysis agents
β βββ tools/ # External tool integrations
β βββ services/ # Background services
β βββ llm/ # LLM integration
β βββ security/ # Security components
β βββ telemetry/ # Logging & metrics
β βββ utils/ # Utilities
β βββ cli.py # Command-line interface
βββ Configuration files (pyproject.toml, requirements.txt, etc.)
- Python 3.9+ (3.11 recommended)
- Redis (for job queue management)
- PostgreSQL or SQLite (for result storage)
- Solidity compiler (solc) for contract analysis
- Optional: Docker for containerized deployment
-
Clone the repository
git clone https://github.com/OpenAuditLabs/agent.git cd agent -
Set up Python environment
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate pip install -r requirements.txt pip install -r requirements-dev.txt
-
Configure environment
cp .env.example .env # Edit .env with your configuration # For profile-specific settings, create .env.<profile_name> files (e.g., .env.dev, .env.prod)
Key environment variables:
API_HOST/API_PORT: API server configurationDATABASE_URL: Database connection stringQUEUE_URL: Redis connection stringLLM_PROVIDER: LLM provider (openai, anthropic, etc.)LLM_API_KEY: API key for LLM providerLOG_LEVEL: Logging level (DEBUG, INFO, WARNING, ERROR)
-
Install pre-commit hooks
pre-commit install
For detailed setup instructions, see the Setup Guide.
Start the API server:
# Using module notation
python -m src.oal_agent.cli serve
# Or directly
python src/oal_agent/cli.py serve
# With custom host/port
python src/oal_agent/cli.py serve --host 0.0.0.0 --port 8080
# With a specific configuration file
python src/oal_agent/cli.py --config ~/.oal_agent.env serve
# With a profile-specific configuration (e.g., .env.dev)
python src/oal_agent/cli.py --profile dev serveAnalyze a contract:
python src/oal_agent/cli.py analyze path/to/contract.solAccess the API:
- API Documentation: http://localhost:8000/docs
- Health Check: http://localhost:8000/health
import httpx
# Submit a contract for analysis
async with httpx.AsyncClient() as client:
response = await client.post(
"http://localhost:8000/api/v1/analysis/",
json={
"contract_code": "pragma solidity ^0.8.0; contract Example { ... }",
"pipeline": "standard"
}
)
job = response.json()
job_id = job["job_id"]
# Check job status
status_response = await client.get(f"http://localhost:8000/api/v1/analysis/{job_id}")
print(status_response.json())
# Get results when complete
results_response = await client.get(f"http://localhost:8000/api/v1/analysis/{job_id}/results")
print(results_response.json())Run all tests:
bash scripts/test.shRun specific test suites:
pytest tests/unit/ -v
pytest tests/integration/ -v
pytest tests/e2e/ -vRun with coverage:
pytest tests/ --cov=src/oal_agent --cov-report=htmlFormat code:
bash scripts/format.sh
# Or manually:
black src/ tests/
isort src/ tests/Run linters:
bash scripts/lint.sh
# Includes: black, isort, flake8, mypyCheck code quality:
# Run all checks
pre-commit run --all-files
# Run specific checks
black --check src/ tests/
flake8 src/ tests/
mypy src/- Orchestrator: Manages the overall analysis workflow
- Pipeline: Defines analysis sequences
- Config: Centralized configuration management
- Coordinator Agent: Routes tasks to specialized agents
- Static Agent: Static code analysis using Slither, etc.
- Dynamic Agent: Symbolic execution and fuzzing
- ML Agent: Machine learning-based vulnerability detection
- Slither: Static analysis
- Mythril: Symbolic execution
- Sandbox: Safe contract execution environment
- Queue Service: Job queue management
- Results Sink: Collects and stores results
- Storage Service: Persistent data storage
- Provider: LLM API integration
- Prompts: Specialized prompts for analysis
- Guards: Safety and validation guardrails
- Input validation for all user inputs
- Sandboxed execution environment
- Security policies and permissions
- See SECURITY.md for details
- Setup Guide - Detailed installation and configuration
- Architecture - System design and components
- Agents - Agent types and responsibilities
- API - REST API documentation
- Pipelines - Analysis pipeline configurations
- Research Papers - Research documentation and papers
Import errors after installation:
# Make sure you're in the virtual environment
source .venv/bin/activate
# Reinstall dependencies
pip install -r requirements.txtRedis connection errors:
# Check if Redis is running
redis-cli ping
# Start Redis if needed
redis-serverPermission errors on scripts:
# Make scripts executable
chmod +x scripts/*.shModule not found errors:
# Add src to PYTHONPATH
export PYTHONPATH="${PYTHONPATH}:${PWD}/src"For more help, see GitHub Issues or contact the team.
We welcome contributions! Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Run tests and linters (
bash scripts/test.sh && bash scripts/lint.sh) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Complete core agent implementations
- Add support for more static analysis tools
- Implement ML model training pipeline
- Add support for multiple blockchain platforms
- Create web dashboard for analysis results
- Implement real-time analysis streaming
- Add plugin system for custom analyzers
Please use the GitHub Issues to report bugs or request features.
- GitHub Discussions: Join the conversation
- Issues: Report bugs or request features
- Security: See SECURITY.md for reporting security vulnerabilities
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0) - see the LICENSE file for details.
Key points:
- β You can use, modify, and distribute this software
- β You must disclose source code of any modifications
- β Network use counts as distribution (you must share your modifications)
- β You must license derivative works under AGPL-3.0
- OpenAuditLabs team and contributors
- Open source security tools community (Slither, Mythril, etc.)
- Smart contract security researchers and auditors worldwide
Made with β€οΈ by OpenAuditLabs