Safe Contracts is a tool that analyzes smart contracts for security vulnerabilities. It uses static analysis to detect common security issues in Solana code. The tool is accessible through an API that can be used to analyze smart contracts programmatically.
- Prerequisites
- Installation
- Running with Docker Compose
- Calling the API
- Using the Extension
- Troubleshooting
- Contributing
- License
Before you begin, ensure you have the following installed on your machine:
- Docker
- Docker Compose
-
Clone the repository:
git clone https://github.com/botirk38/GuardianAI.git cd GuardianAI
To build and run the services using Docker Compose, follow these steps:
-
Navigate to the root directory of the project:
cd GuardianAI -
Build and run the containers:
docker-compose -f docker-compose.yml up --build
This will start the Spring Cloud Gateway on http://localhost:8080 and the code-detective service on http://localhost:8081.
You can interact with the code-detective service through the API Gateway.
Obtain an access token from Auth0:
curl --request POST \
--url https://dev-az3di7fabdoc8vlz.uk.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"your_client_id","client_secret":"your_client_secret","audience":"https://safe-contracts/","grant_type":"client_credentials"}'Replace your_client_id and your_client_secret with your Auth0 client ID and client secret, which can be obtained from the Auth0 dashboard.
Connect to the WebSocket to receive the response from the API call:
curl -i -N \
-H "Connection: Upgrade" \
-H "Upgrade: websocket" \
-H "Host: localhost:8080" \
-H "Origin: http://localhost:8080" \
-H "Sec-WebSocket-Version: 13" \
-H "Sec-WebSocket-Key: $(echo -n $RANDOM | base64)" \
http://localhost:8080/code-detective-model/ws/your_request_idTo call the analyze_code endpoint directly, use the following curl command:
curl -X POST http://localhost:8080/code-detective/analyze_code \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"code": "your code here", "request_id": "request_id here"}'Replace YOUR_JWT_TOKEN with a valid JWT token and {"code": "your code here", "request_id": "request_id here"} with the appropriate payload for your request.
You can also use the Safe Contracts VS Code extension that interacts with the API Gateway to analyze your code for vulnerabilities. The extension is available in the smartguardian directory.
- 503 Service Unavailable: Ensure that both the Spring Cloud Gateway and
code-detectiveservice are running. Verify that the services can communicate within the Docker network. - OAuth2 Issues: Ensure your Okta OAuth2 configuration is correct in the
application.ymlfile of theapi_gatewayservice. Verify that the issuer and audience values are properly set.
Contributions are welcome! Please open an issue or submit a pull request for any improvements or bug fixes.
This project is licensed under the MIT License. See the LICENSE file for details.