AI Auditor

AuditAI is a full-stack web application that delivers instant, AI-powered security audits for Solidity smart contracts. Developers paste their contract code into a Monaco-powered code editor, and the platform analyses it for critical vulnerabilities including reentrancy attacks, access control flaws, arithmetic overflow, unsafe external calls, and more.

The audit results are returned as a structured report covering a security score, risk rating, methodology, and detailed per-vulnerability findings. Each finding comes with a description, affected code reference, and specific remediation recommendation.

The report is then generated as a professional PDF and stored permanently on the 0G decentralised storage network, giving developers a verifiable, immutable record of their audit. Users receive a unique cryptographic root hash that allows them to retrieve their PDF report at any time from anywhere, without relying on any centralised database or server storage.

AuditAI is built with a React + TypeScript frontend powered by Vite, Tailwind CSS v4, and shadcn/ui components. The Monaco Editor provides a VS Code-like experience for pasting Solidity code with syntax highlighting. TanStack Query handles all server state and mutation logic, React Router handles the routing, and Axios communicates with the Express backend.

The backend is a Node.js + Express REST API with two core services. The AI service calls the Anthropic Claude API with a carefully engineered system prompt that instructs the model to perform static security analysis across seven vulnerability categories and return a strictly typed JSON object validated against a JSON schema to ensure consistent, parseable output every time.

The PDF service uses PDFKit to programmatically render the structured JSON into a professional multi-page audit report, including severity colour coding, inline code formatting via a custom mixed-text renderer that detects backtick-wrapped code segments and switches fonts dynamically, and a full disclaimer page.

The most notable integration is 0G decentralised storage. Once the PDF is generated and written to a temporary file, the 0G TypeScript SDK uploads it to the distributed storage network using a funded wallet managed entirely on the backend, which means users never need to connect a wallet or hold any tokens.

The SDK computes a Merkle tree over the file and returns a cryptographic root hash, which is sent back to the frontend as the user's permanent retrieval key. The temp file is then deleted immediately. On retrieval, the backend downloads the file from 0G's node network using the root hash, streams it directly to the browser as a PDF download, and cleans up again.

This architecture means no audit report ever touches a centralised database. Every report lives exclusively on 0G, permanently and verifiably.