Deterministic Smart Contract
Security Analysis
OpenAudit AI helps developers and security teams analyze Solidity contracts with reproducible static analysis and optional AI-powered explanations.
Built for engineers who want structured findings, CI-friendly workflows, and reliable diagnostics for Solidity codebases.
npm package publishing coming soon · use local dev setup until then
Features
Built for serious security work
No hallucinated audits. No vague recommendations. Precise, reproducible findings your team can act on.
Deterministic Static Analysis
Every scan produces the same output for the same input. No randomness, no hallucinations — just consistent, reproducible findings.
Solidity-Focused Rule Engine
Purpose-built rules covering reentrancy, unchecked calls, access control, integer overflow, and more — all tuned for Solidity.
Structured Findings
Every finding is machine-readable JSON: rule ID, severity, file, line, message, suggestion. Pipe it into any toolchain.
Optional AI Explanation Layer
AI never decides if something is vulnerable. It only translates structured findings into plain-language guidance for developers.
CI/CD-Friendly Workflow
Exit codes, JSON output, and SARIF-ready architecture make it trivial to block deploys on critical findings in any pipeline.
Developer-First CLI
A clean, ergonomic CLI with sensible defaults, clear output, and no noise. Designed for developers who live in the terminal.
How It Works
Analysis pipeline
Security detection is deterministic. AI is explanatory. The two layers are cleanly separated.
Solidity Contract
Feed any .sol file or directory into the analyzer.
Parser / AST
The contract is parsed into an Abstract Syntax Tree for precise structural analysis.
Rule Engine
Deterministic rules run against the AST. Each rule checks one thing. No ambiguity.
Structured Findings
Findings are emitted as structured data: severity, rule ID, file, line, message.
AI Explanation Layer
Optionally, AI translates findings into plain language. It does not make security decisions.
Philosophy
Detection is deterministic.
AI is explanatory.
OpenAudit AI separates core security analysis from AI reasoning so teams can trust, test, and automate their workflows. The security engine doesn't hallucinate because it doesn't think — it matches patterns.
Deterministic
The same contract always produces the same findings. Security properties are not subject to model temperature or prompt variation.
- Rule-based detection
- No probabilistic inference
- Auditable logic
Reproducible
Results are consistent across environments, team members, and time. Share findings with confidence that others will see the same output.
- Version-pinned rules
- Same output everywhere
- CI/CD compatible
CI/CD Friendly
Designed as a first-class pipeline tool. Block deploys on critical findings, export SARIF for GitHub Security, integrate anywhere.
- Machine-readable output
- Non-zero exit on findings
- SARIF support (roadmap)
Installation
Get up and running
Start analyzing Solidity contracts in minutes. npm package publishing is coming soon — use local development until then.
Quickstart
Up in four steps
From zero to first finding in under five minutes. OpenAudit AI is designed to get out of your way and let you focus on the results.
Install OpenAudit AI
Clone the repo and build locally, or install via npm once published.
Point it at a Solidity directory
Pass any contracts directory to the analyzer.
Review structured findings
Get colorized terminal output, or export to JSON for toolchain integration.
Enable AI explanations (optional)
AI translates findings into developer-readable guidance. Requires API key.
Start auditing with confidence
Open source, developer-first, and built for reproducibility. No fluff, no hallucinations — just findings you can trust.