Getting started

Quickstart

Three ways to get a verdict in under a minute — no install for the first two.

1. Query a live verdict (curl)

bash

curl "https://tryanneal.xyz/api/safety/0xfe32c438388a437a8a4e7e16fa377d1402e03de58133baba6c196477066818ab?network=mantle"
# → {"safe": true, "score": 100, "agentId": 131, ...}

2. Use the live oracle

Pick an example or paste a code hash on the home page, or open the Mini App in Telegram via @tryannealbot.

3. Run an audit locally

bash

# No install — run the published CLI from npm (static path needs slither + solc on PATH)
npx @tryanneal/cli audit ./Vault.sol --no-llm

# Or from a clone, against a bundled target (see SLITHER_SETUP.md)
pnpm install
pnpm --filter @tryanneal/engine build
pnpm --filter @tryanneal/cli start audit \
  packages/contracts/contracts/audit-targets/SampleVault.sol --no-llm

The static path is fully deterministic — Slither + the 16 TryAnneal detectors + the 98-pattern corpus, no API keys, the same contract always returns the same verdict.

For the full critic cascade, set CHAINGPT_API_KEY (pre-screen) and GROQ_API_KEY — that one key serves both Stage-2 critics, Groq Llama-3.3-70B and OpenAI GPT-OSS-120B, which cross-validate each other. GEMINI_API_KEY enables an optional third critic (off by default). Set HUNYUAN_API_KEYfor multilingual reports — Tencent Cloud Hunyuan translates the finished verdict and per-finding remediation into the reader's language (not a critic). All optional — without them the engine runs static + corpus only.

4. Gate your CI on it

Add --threshold <score> to make the CLI exit non-zero below a score, and drop the ready-made GitHub Action into your repo to block any PR whose changed contracts are high/critical or below threshold.

← Overview

Architecture →