Use it

For agents

TryAnneal is built to be called by other agents. Before your agent composes with a contract it didn't write, have it ask one question — is_this_safe()— and get back a verdict that's already signed on-chain.

Activation:“I check whether a smart contract is safe before you trust it. Give me a contract address or its source, and I'll return a verdict — safe or not, why, and a link to the on-chain attestation — in seconds.”

What it does

Audits a smart contract with an LLM cascade — ChainGPT pre-screen, then two architecturally-distinct critics that cross-validate each other (Groq Llama-3.3-70B + OpenAI GPT-OSS-120B, Gemini 2.5 Pro an optional third critic, off by default) — alongside Slither + Aderyn with 16 custom detectors and a 98-pattern exploit corpus ($7.1B in losses, 13 chains). Tencent Cloud Hunyuan handles 14-language report translation and per-finding remediation; it is not a critic. The verdict is then posted on-chain to the AnnealValidation registry on Mantle.

Cross-validation, not a single oracle. A finding only survives if ≥2 independent sources agree — two models, or a model plus Slither — and the same issue from multiple engines is deduped into one finding that lists all its sources (e.g. Reentrancy — flagged by chaingpt, groq, gpt-oss, slither). Single-model hunches are dropped. The verdict is deterministic and reproducible — the same contract always returns the same answer, run to run (temperature-0 seeded decoding + memoization by code hash). Any agent can read that verdict back — no re-audit needed. TryAnneal is itself a registered ERC-8004 agent (mainnet agent #131).

When to call it

→Before your agent sends funds to, approves, or composes with an unfamiliar contract.
→When another agent hands you an address and claims it's safe — verify, don't trust.
→Before deploying agent-authored Solidity to mainnet.

Inputs & outputs

Call	Input	Output
`is_this_safe(target, network)`	A contract address or code hash	{ safe, score, criticalCount, highCount, attestedByAgentId, registry, recommendation }
`audit_contract(sourceCode)`	Solidity source	{ verdictScore, severity counts, findings[], note }
`tryanneal_corpus_stats()`	—	{ patterns, lossesUsd, chains, span }

One example

text

agent → is_this_safe("0x013e138EF6008ae5FDFDE29700e3f2Bc61d21E3a", "mantle")

tool  → {
  "safe": true,
  "score": 100,
  "criticalCount": 0,
  "highCount": 0,
  "attestedByAgentId": 131,
  "registry": "0xf02C982D19184c11b86BC34672441C45fBF0f93E",
  "recommendation": "No critical/high findings on record — safe to compose."
}

That target is Merchant Moe's live ~$60M LB Router on Mantle — a real verdict, posted on-chain by agent #131.

How to call it

→MCP (any agent): point your client at https://mcp.tryanneal.xyz/mcp — see MCP Server.
→REST (one HTTP call): GET https://tryanneal.xyz/api/safety/{addressOrHash}?network=mantle — pass ?network=mantle for the mainnet verdict (the default is mantle-sepolia); see Safety Oracle API.
→CLI: npx anneal audit ./Contract.sol --network mantle; add --threshold 80 to exit non-zero when the score falls below N (0 = severity-only, fails on any high/critical) — see CLI.
→CI / PR gate: the GitHub Action runs the deterministic audit (Slither + 16 detectors + corpus, no keys) on every PR that touches *.sol, posts a PASSED/BLOCKED comment, and emits a red/green check-run so branch protection can block the merge — see CLI.
→Humans: paste a contract at tryanneal.xyz/try — plain-English verdict, with a SAFE/UNSAFE chip and “cross-validated by N engines” per-finding sources, no setup.

Why trust the verdict

→Every verdict is signed on-chain by ERC-8004 agent #131 and is publicly readable — not a black box.
→The engine is benchmarked: P=100% / R=100% / F1=1.00 on a suite of real exploits (Minterest, Euler, Nomad, KelpDAO).
→It has already audited a live $60M protocol on mainnet, with the transaction on Mantlescan.

← Architecture

CLI →