AIkin-Codeguard

CodeGuard is a powerful command-line tool designed for AI-powered security auditing and code review. It leverages SecretLLM to analyze source code for vulnerabilities, security flaws, and best practices. CodeGuard is particularly useful for Solidity smart contracts but also supports general-purpose code reviews for other programming languages.

🔹 Key Features ✅ AI-Powered Code Review – Uses SecretLLM to analyze and summarize security risks. ✅ Solidity Security Auditing – Runs security scans with Slither and Mythril, then refines the results using AI. ✅ General Code Review – Detects vulnerabilities, performance issues, and best practices for Python, JavaScript, and more. ✅ Fast & Lightweight – CLI-based tool that integrates seamlessly into your workflow. ✅ Privacy-Preserving Analysis – Uses Nillion SecretLLM, ensuring privacy and security in code audits.

🎯 Who is this for? Developers & Security Engineers looking to automate code reviews.

Smart Contract Auditors performing Solidity security checks.

DevOps Teams integrating AI-powered security analysis into CI/CD pipelines.

CodeGuard is built using Python and integrates Nillion’s SecretLLM to provide privacy-preserving AI-powered security audits. The project leverages a combination of static analysis tools and LLM-based insights to generate detailed security reports.

🔹 Core Technologies Used 🧑‍💻 Python (CLI & Automation) Click: A Python library for building command-line interfaces.

Requests: To communicate with the SecretLLM API securely.

Subprocess: Runs security scanning tools like Slither and Mythril within the CLI.

dotenv: Loads environment variables for API keys and configuration.

🔐 Nillion SecretLLM – Secure AI-Powered Analysis CodeGuard uses Nillion’s SecretLLM, a decentralized privacy-preserving AI model, to analyze code without exposing sensitive data.

Unlike traditional AI models, SecretLLM ensures confidentiality while still providing detailed security insights.

CodeGuard sends Solidity security scan results (from Slither/Mythril) along with the code to SecretLLM, which then:

Identifies critical vulnerabilities.

Suggests gas optimizations.

Recommends best practices for secure development.

🛡️ Security Auditing with Slither & Mythril Slither: A static analysis tool for Solidity smart contracts, identifying vulnerabilities and inefficiencies.

Mythril: A symbolic execution tool that detects reentrancy, integer overflows, and other critical smart contract exploits.

🏗️ How It Works – Behind the Scenes The user runs CodeGuard on a Solidity or general code file.

If it’s a Solidity file (.sol), Slither is executed to analyze vulnerabilities.

The code + security report is sent to SecretLLM via API.

SecretLLM processes the data and generates an AI-powered security summary.

The final output is formatted for readability, highlighting critical issues and recommendations