The verifiable DevTools layer for Mantle — AI-assisted smart-contract audits, receipt-calibrated gas optimization, and on-chain proof for every report.
- Audits Solidity for Mantle: deterministic detection (solc + Slither + a Mantle-specific rule engine), bounded AI explanations, and generated Foundry regression tests — read-only, always.
- Optimizes gas with receipts, not folklore: every report splits L2 execution from data availability, priced from Mantle receipt ground truth (
l1Fee) instead of the legacy oracle. - Proves it on-chain: canonical report hashes anchor to ArchonProofRegistry under ERC-8004 Agent #97, and anyone can re-verify or challenge a report without a wallet.
| Surface | URL |
|---|---|
| App | https://archonaudit.xyz |
| Demo (video walkthrough) | https://youtu.be/d0xn5OYBENA |
| Docs | https://archonaudit.xyz/docs |
| Whitepaper (PDF) | https://archonaudit.xyz/whitepaper.pdf |
| Gas leaderboard | https://archonaudit.xyz/gas-leaderboard |
| Gas Observatory | https://archonaudit.xyz/observatory |
| Address profile (example) | https://archonaudit.xyz/address/0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a |
| Example public report | https://archonaudit.xyz/r/d37f46d6-aded-41fc-9215-900370300111 |
| Example proof tx | 0x141e3973…c88c10b on MantleScan |
| CI Action demo (real PRs) | green run + gas comment · red run on a regression |
| X / Twitter | @archondevtools · launch post |
One pipeline, three artifacts (audit report, gas report, on-chain proof), seven independently improvable layers. Full detail in the whitepaper (§03) and docs.
| Contract | Address | Notes |
|---|---|---|
| ArchonProofRegistry | 0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a |
Archon's own proof anchor — verified source. logAuditProof() publishes the deterministic report hash + IPFS metadata URI + risk score; permissionless and idempotent per hash. Deploy tx 0xb9ce87de…a1a7c5, example proof tx 0x82d99588…088ef. Source + Foundry tests: contracts/. |
| ERC-8004 Identity Registry | 0x8004A169FB4a3325136EB29fA0ceB6D2e539a432 |
Official registry; Archon is Agent #97 (manifest). |
| ERC-8004 Reputation Registry | 0x8004BAa17C55a88189AE136b182e5fdA19dE9b63 |
Official registry; holds Archon's earlier reputation-anchored proof records. |
On live Mantle transactions, the legacy GasPriceOracle.getL1Fee under-reports the DA fee the chain actually charges by ~99.96% — the receipt l1Fee was ≈2,200–2,900× the oracle's prediction (measured 99.955% / 99.966% divergence on two real txs).
Any tool quoting the oracle is invisibly wrong about Mantle's DA economics.
So Archon prices DA from receipt ground truth — a calibrated zero/nonzero-calldata-byte model validated against live transactions — and labels every figure as measured, estimated, or unpriced.
Methodology, tx hashes, and validation error: ADR 0007 · whitepaper v2 §05, Table 1.
| Surface | Status | What it does | Where |
|---|---|---|---|
| Audit Studio + 7-stage pipeline | ✅ Live | Severity-ranked findings with file/line evidence, Mantle-specific risk, AI explanations, generated Foundry tests | Audit Studio |
| Reports + public viewer | ✅ Live | Every report has a permanent, wallet-free public page that re-derives the hash and shows the on-chain proof | /r/<id> |
| Gas Optimizer | ✅ Live | Optimization catalog, validated patches, receipt-calibrated L2/DA split, annualized savings under stated assumptions | Gas Optimizer |
| Cost Guard | ✅ Live | Real spend telemetry from persisted gas reports and optimizations | Cost Guard |
| On-chain proof | ✅ Live | Canonical report hash anchored to ArchonProofRegistry and appended as an ERC-8004 Reputation entry against Agent #97 (feedbackHash = report hash); public, wallet-free verification | /proofs |
| CI (CLI + Action) | ✅ Live | archon-scan CLI with --fail-on gates + GitHub Action posting real gas-diff PR comments |
CLI · Action |
| Sentinel | ✅ Live | Continuous monitoring of deployed contracts: drift detection (bytecode, EIP-1967, owner), auto re-scans with findings diff, audit-freshness scores, webhook alerts | Sentinel docs |
| Verified builds | ✅ Live | Deterministic source→bytecode attestation (immutables masked, metadata-aware) with public verification pages and anchorable hashes | Verified builds docs |
| Gas Observatory | ✅ Live | Public source-of-truth on Mantle DA economics: receipt-calibrated DA cost/byte, L2 base fee, trends, and the live oracle-vs-receipt divergence (embeddable) | /observatory |
| GitHub App + autofix | ✅ Live | PR check + single updating comment (findings, gas diff), policy via archon.config.json, /archon fix opens compile-validated autofix PRs on Archon's own branches (installed on Franlinozz/Archon + archon-gas-action-demo) |
GitHub App docs |
| Agent Trust API + MCP | ✅ Live | Signed contract-trust verdict API (recovers to Agent #97) + MCP server with four tools — Archon as an AI agent's security sense | For agents |
| Address pages + badges | ✅ Live | A permanent public security URL for every Mantle contract (audit timeline, attestation, freshness, gas, challenges) + README badge + embeddable card | Public pages docs |
| VS Code extension | ✅ Live (Open VSX) | Diagnostics in the editor, safe gas quick fixes as Code Actions, per-opportunity gas lenses — thin client of the public API (Open VSX · v0.1.2 release; MS Marketplace appeal pending) | Editor docs |
| Gas Leaderboard | ✅ Live | Public ranking of completed gas reports (sample rows labeled) | /gas-leaderboard |
| Challenge ledger | ✅ Live | Public challenge records against reports and optimizations (staked challenges are designed, not deployed — ADR 0014) | Security & safety model |
| Tencent COS backup | ✅ Live | Best-effort artifact backup (proof/report JSON) to Tencent COS (ap-hongkong); never blocks the IPFS/Postgres primary path — status at /api/providers |
Cloud providers |
| Tencent Cloud TokenHub | 🟢 Live | AI reasoning served on Tencent Cloud TokenHub (deepseek-v4-pro), with OpenAI gpt-4o-mini as runtime failover → deterministic templates. Serves third-party reasoning models — not a Hunyuan model. |
Cloud providers |
Archon is the first MCP-native auditor with an on-chain identity. Any AI agent can ask Archon "can I trust this contract?" and get a signed verdict that recovers to Archon's ERC-8004 Agent #97 — provenance any consumer verifies offline.
- Verdict API:
GET /api/v1/verdict/5000/<address>→ EIP-191-signed{riskScore, auditFreshness, attestation, openCritical, proofTx, agentId: 97, signature}. - MCP server:
npx github:Franlinozz/archon-mcpexposesarchon_scan_source,archon_verdict,archon_gas_report,archon_verify_proofto Claude Desktop/Code and any MCP client.
Docs: For agents.
Use the app: open https://archonaudit.xyz, click Start Audit, paste Solidity or import from GitHub/address.
CLI (zero dependencies, Node ≥ 18):
npx --yes github:Franlinozz/archon-cli scan contracts/Vault.sol --gas --fail-on highGitHub Action (PR gas-diff comments with L2 + DA columns):
permissions: { contents: read, pull-requests: write }
steps:
- uses: actions/checkout@v4
- uses: Franlinozz/Archon@main
with:
source-file: contracts/YourContract.sol
github-token: ${{ secrets.GITHUB_TOKEN }}API: OpenAPI 3.1 at /api/openapi, interactive reference at /api-reference.
VS Code: install from Open VSX (Cursor / VSCodium / Windsurf), or grab the vscode-v0.1.2 release .vsix:
code --install-extension archon-mantle-0.1.2.vsixMCP (for agents): npx github:Franlinozz/archon-mcp exposes archon_scan_source, archon_verdict, archon_gas_report, archon_verify_proof. Whitepaper · agent manifest.
Next.js 15 · TypeScript · Tailwind · BullMQ + Redis · Supabase Postgres · solc/Slither · Foundry · viem/wagmi · pluggable AI providers (AI reasoning served on Tencent Cloud TokenHub deepseek-v4-pro, with OpenAI gpt-4o-mini runtime failover, status) · Pinata/IPFS primary (+ Tencent COS artifact backup, live in ap-hongkong) · PM2 + Caddy on one VM.
The scan pipeline is read-only. The only intended transaction path is the explicit user-approved proof log, guarded by simulation and cost checks.
Built for the Tencent Cloud × Mantle hackathon (Cookathon). Archon ships its own on-chain proof contract as the primary, award-eligible deployment: ArchonProofRegistry (verified on MantleScan, table above) — logAuditProof() publishes the AI inference result on-chain (deterministic report hash + IPFS metadata URI + AI-derived risk score), permissionless and idempotent per report hash, so both gasless and self-custody proof paths work without the ERC-8004 self-feedback restriction. AI enrichment and artifact storage run on a pluggable provider layer with first-class Tencent Cloud (Hunyuan, COS) adapters.
![]() |
![]() |
pnpm install
cp .env.example .env.local # set DATABASE_URL, REDIS_URL, Mantle RPC
pnpm dev # web app
pnpm worker # scan workerOptional: OPENAI_API_KEY (or AI_PROVIDER + the matching key) for live AI enrichment — deterministic fallback keeps the app usable without it; IPFS_PIN_TOKEN for proof metadata pinning.
Verification gates: pnpm typecheck · lint · test · secret-scan · scope-grep · build — CI runs the same set.
app/ Next.js app + API routes (app/r/[reportId] = public report viewer)
components/ UI components (archon/, marketing/, nav/, docs/, theme/)
contracts/ ArchonProofRegistry (Foundry) + sample inputs and fixtures
docs/ architecture assets, ADRs, DOC-SYNC ritual, whitepaper, submission notes
lib/ scan pipeline, gas engine, proof layer, AI providers, chain helpers
packages/cli/ archon-scan CLI (mirrored to Franlinozz/archon-cli for npx)
worker/ BullMQ scan worker entrypoint
action.yml the Archon Gas Action (composite)
Issues and PRs are welcome — run the verification gates before submitting. Licensed MIT.



