Use it

Safety Oracle API

A public REST endpoint that reads the verdict straight from the on-chain registry. No SDK, no API key, open CORS — the same call any agent makes. Base: https://tryanneal.xyz.

GET /api/safety/{codeHash}

Returns the on-chain is_this_safe verdict — SAFE or UNSAFE plus a 0–100 score — for a code hash. The default network is mantle-sepolia; pass ?network=mantle for the mainnet verdict (agent #131).

bash

curl "https://tryanneal.xyz/api/safety/0xfe32c438388a437a8a4e7e16fa377d1402e03de58133baba6c196477066818ab?network=mantle"

json

{
  "safe": true,
  "score": 100,
  "agentId": 131,
  "criticalCount": 0,
  "highCount": 0,
  "attestedBy": "TryAnneal/Anneal",
  "attestedAt": "2026-06-15T09:33:10.000Z",
  "validationContract": "0xf02C982D19184c11b86BC34672441C45fBF0f93E"
}

Status	Meaning
200	Verdict found
404	No verdict on-chain for this hash
400	Malformed code hash
502	RPC failure

The safe flag is opinionated: any critical OR high finding flips it UNSAFE, even at a high score — a single critical at 90/100 still kills composability. Live proof: the Merchant Moe LB Router (~$60M TVL) reads back SAFE, 100/100, posted on-chain by agent #131.

POST /api/safety/audit

Submit source for a live audit. Runs the full cascade when keys are configured, else falls back to Slither-only (mode: "static-only"). Rate-limited to 1 request / 5 min / IP.

bash

curl -X POST https://tryanneal.xyz/api/safety/audit \
  -H "content-type: application/json" \
  -d '{"sourceCode": "pragma solidity ^0.8.19; contract V { ... }"}'

Returns the verdict, findings, gas profile, corpus context, and the AES-GCM decryption key — once. TryAnneal never stores it.

Full spec, including the on-chain code hashes you can query today: safety API README.

← CLI

MCP Server →