Skip to content

Franlinozz/Archon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

142 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Archon — verifiable DevTools for Mantle

Audit it. Optimize it. Prove it.

The verifiable DevTools layer for Mantle — AI-assisted smart-contract audits, receipt-calibrated gas optimization, and on-chain proof for every report.

CI Mantle Mainnet 5000 ERC-8004 Agent #97 MIT Whitepaper v2.1 Archon security profile Demo video Archon on X


What Archon does

  • Audits Solidity for Mantle: deterministic detection (solc + Slither + a Mantle-specific rule engine), bounded AI explanations, and generated Foundry regression tests — read-only, always.
  • Optimizes gas with receipts, not folklore: every report splits L2 execution from data availability, priced from Mantle receipt ground truth (l1Fee) instead of the legacy oracle.
  • Proves it on-chain: canonical report hashes anchor to ArchonProofRegistry under ERC-8004 Agent #97, and anyone can re-verify or challenge a report without a wallet.

Live

Surface URL
App https://archonaudit.xyz
Demo (video walkthrough) https://youtu.be/d0xn5OYBENA
Docs https://archonaudit.xyz/docs
Whitepaper (PDF) https://archonaudit.xyz/whitepaper.pdf
Gas leaderboard https://archonaudit.xyz/gas-leaderboard
Gas Observatory https://archonaudit.xyz/observatory
Address profile (example) https://archonaudit.xyz/address/0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a
Example public report https://archonaudit.xyz/r/d37f46d6-aded-41fc-9215-900370300111
Example proof tx 0x141e3973…c88c10b on MantleScan
CI Action demo (real PRs) green run + gas comment · red run on a regression
X / Twitter @archondevtools · launch post

Architecture

Archon system architecture — seven layers from input to distribution

One pipeline, three artifacts (audit report, gas report, on-chain proof), seven independently improvable layers. Full detail in the whitepaper (§03) and docs.

Deployed contracts (Mantle Mainnet · 5000)

Contract Address Notes
ArchonProofRegistry 0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a Archon's own proof anchor — verified source. logAuditProof() publishes the deterministic report hash + IPFS metadata URI + risk score; permissionless and idempotent per hash. Deploy tx 0xb9ce87de…a1a7c5, example proof tx 0x82d99588…088ef. Source + Foundry tests: contracts/.
ERC-8004 Identity Registry 0x8004A169FB4a3325136EB29fA0ceB6D2e539a432 Official registry; Archon is Agent #97 (manifest).
ERC-8004 Reputation Registry 0x8004BAa17C55a88189AE136b182e5fdA19dE9b63 Official registry; holds Archon's earlier reputation-anchored proof records.

Why our DA numbers are receipt-calibrated

On live Mantle transactions, the legacy GasPriceOracle.getL1Fee under-reports the DA fee the chain actually charges by ~99.96% — the receipt l1Fee was ≈2,200–2,900× the oracle's prediction (measured 99.955% / 99.966% divergence on two real txs). Any tool quoting the oracle is invisibly wrong about Mantle's DA economics. So Archon prices DA from receipt ground truth — a calibrated zero/nonzero-calldata-byte model validated against live transactions — and labels every figure as measured, estimated, or unpriced. Methodology, tx hashes, and validation error: ADR 0007 · whitepaper v2 §05, Table 1.

Feature matrix

Surface Status What it does Where
Audit Studio + 7-stage pipeline ✅ Live Severity-ranked findings with file/line evidence, Mantle-specific risk, AI explanations, generated Foundry tests Audit Studio
Reports + public viewer ✅ Live Every report has a permanent, wallet-free public page that re-derives the hash and shows the on-chain proof /r/<id>
Gas Optimizer ✅ Live Optimization catalog, validated patches, receipt-calibrated L2/DA split, annualized savings under stated assumptions Gas Optimizer
Cost Guard ✅ Live Real spend telemetry from persisted gas reports and optimizations Cost Guard
On-chain proof ✅ Live Canonical report hash anchored to ArchonProofRegistry and appended as an ERC-8004 Reputation entry against Agent #97 (feedbackHash = report hash); public, wallet-free verification /proofs
CI (CLI + Action) ✅ Live archon-scan CLI with --fail-on gates + GitHub Action posting real gas-diff PR comments CLI · Action
Sentinel ✅ Live Continuous monitoring of deployed contracts: drift detection (bytecode, EIP-1967, owner), auto re-scans with findings diff, audit-freshness scores, webhook alerts Sentinel docs
Verified builds ✅ Live Deterministic source→bytecode attestation (immutables masked, metadata-aware) with public verification pages and anchorable hashes Verified builds docs
Gas Observatory ✅ Live Public source-of-truth on Mantle DA economics: receipt-calibrated DA cost/byte, L2 base fee, trends, and the live oracle-vs-receipt divergence (embeddable) /observatory
GitHub App + autofix ✅ Live PR check + single updating comment (findings, gas diff), policy via archon.config.json, /archon fix opens compile-validated autofix PRs on Archon's own branches (installed on Franlinozz/Archon + archon-gas-action-demo) GitHub App docs
Agent Trust API + MCP ✅ Live Signed contract-trust verdict API (recovers to Agent #97) + MCP server with four tools — Archon as an AI agent's security sense For agents
Address pages + badges ✅ Live A permanent public security URL for every Mantle contract (audit timeline, attestation, freshness, gas, challenges) + README badge + embeddable card Public pages docs
VS Code extension ✅ Live (Open VSX) Diagnostics in the editor, safe gas quick fixes as Code Actions, per-opportunity gas lenses — thin client of the public API (Open VSX · v0.1.2 release; MS Marketplace appeal pending) Editor docs
Gas Leaderboard ✅ Live Public ranking of completed gas reports (sample rows labeled) /gas-leaderboard
Challenge ledger ✅ Live Public challenge records against reports and optimizations (staked challenges are designed, not deployed — ADR 0014) Security & safety model
Tencent COS backup ✅ Live Best-effort artifact backup (proof/report JSON) to Tencent COS (ap-hongkong); never blocks the IPFS/Postgres primary path — status at /api/providers Cloud providers
Tencent Cloud TokenHub 🟢 Live AI reasoning served on Tencent Cloud TokenHub (deepseek-v4-pro), with OpenAI gpt-4o-mini as runtime failover → deterministic templates. Serves third-party reasoning models — not a Hunyuan model. Cloud providers

Built for the agentic economy

Archon is the first MCP-native auditor with an on-chain identity. Any AI agent can ask Archon "can I trust this contract?" and get a signed verdict that recovers to Archon's ERC-8004 Agent #97 — provenance any consumer verifies offline.

  • Verdict API: GET /api/v1/verdict/5000/<address> → EIP-191-signed {riskScore, auditFreshness, attestation, openCritical, proofTx, agentId: 97, signature}.
  • MCP server: npx github:Franlinozz/archon-mcp exposes archon_scan_source, archon_verdict, archon_gas_report, archon_verify_proof to Claude Desktop/Code and any MCP client.

Docs: For agents.

Quickstart

Use the app: open https://archonaudit.xyz, click Start Audit, paste Solidity or import from GitHub/address.

CLI (zero dependencies, Node ≥ 18):

npx --yes github:Franlinozz/archon-cli scan contracts/Vault.sol --gas --fail-on high

GitHub Action (PR gas-diff comments with L2 + DA columns):

permissions: { contents: read, pull-requests: write }
steps:
  - uses: actions/checkout@v4
  - uses: Franlinozz/Archon@main
    with:
      source-file: contracts/YourContract.sol
      github-token: ${{ secrets.GITHUB_TOKEN }}

API: OpenAPI 3.1 at /api/openapi, interactive reference at /api-reference.

VS Code: install from Open VSX (Cursor / VSCodium / Windsurf), or grab the vscode-v0.1.2 release .vsix:

code --install-extension archon-mantle-0.1.2.vsix

MCP (for agents): npx github:Franlinozz/archon-mcp exposes archon_scan_source, archon_verdict, archon_gas_report, archon_verify_proof. Whitepaper · agent manifest.

Tech stack

Next.js 15 · TypeScript · Tailwind · BullMQ + Redis · Supabase Postgres · solc/Slither · Foundry · viem/wagmi · pluggable AI providers (AI reasoning served on Tencent Cloud TokenHub deepseek-v4-pro, with OpenAI gpt-4o-mini runtime failover, status) · Pinata/IPFS primary (+ Tencent COS artifact backup, live in ap-hongkong) · PM2 + Caddy on one VM.

The scan pipeline is read-only. The only intended transaction path is the explicit user-approved proof log, guarded by simulation and cost checks.

Hackathon

Built for the Tencent Cloud × Mantle hackathon (Cookathon). Archon ships its own on-chain proof contract as the primary, award-eligible deployment: ArchonProofRegistry (verified on MantleScan, table above) — logAuditProof() publishes the AI inference result on-chain (deterministic report hash + IPFS metadata URI + AI-derived risk score), permissionless and idempotent per report hash, so both gasless and self-custody proof paths work without the ERC-8004 self-feedback restriction. AI enrichment and artifact storage run on a pluggable provider layer with first-class Tencent Cloud (Hunyuan, COS) adapters.

Screenshots

Landing Gas leaderboard

Public report viewer

Local development

pnpm install
cp .env.example .env.local   # set DATABASE_URL, REDIS_URL, Mantle RPC
pnpm dev                     # web app
pnpm worker                  # scan worker

Optional: OPENAI_API_KEY (or AI_PROVIDER + the matching key) for live AI enrichment — deterministic fallback keeps the app usable without it; IPFS_PIN_TOKEN for proof metadata pinning.

Verification gates: pnpm typecheck · lint · test · secret-scan · scope-grep · build — CI runs the same set.

Repository map

app/                    Next.js app + API routes (app/r/[reportId] = public report viewer)
components/             UI components (archon/, marketing/, nav/, docs/, theme/)
contracts/              ArchonProofRegistry (Foundry) + sample inputs and fixtures
docs/                   architecture assets, ADRs, DOC-SYNC ritual, whitepaper, submission notes
lib/                    scan pipeline, gas engine, proof layer, AI providers, chain helpers
packages/cli/           archon-scan CLI (mirrored to Franlinozz/archon-cli for npx)
worker/                 BullMQ scan worker entrypoint
action.yml              the Archon Gas Action (composite)

Contributing & license

Issues and PRs are welcome — run the verification gates before submitting. Licensed MIT.

About

ERC-8004 trustless smart-contract auditor on Mantle Mainnet — verifiable on-chain audit proofs, anchored under Agent #97 and re-checkable by anyone.

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors