Onchor.ai

Intro: Onchor.ai is a Solidity security copilot with persistent collective memory. It learns from every audit via a tridimensional memory stack. It cross-references your contract against anonymized vulnerability patterns and autonomously anchors every confirmed finding on-chain.

How It Works: The pipeline runs in seven phases. It starts by resolving the target, whether that’s a local file, a directory or a verified on-chain address via Etherscan. Then, it builds a structural inventory using Cognee recall, followed by static analysis with Slither. Next comes a triage step using GPT-4o-mini, which assigns a risk score from 0 to 10. High-risk findings are handed off to an adversarial agent powered by Claude Sonnet 4.5, equipped with seven security tools and allowed up to 30 turns to probe for deeper issues. The results are then anchored on-chain via the KeeperHub Direct Execution API and a final report with LLM-generated fix sketches, historical references, and an ENS certificate minted under certified.onchor-ai.eth.

Collective Intelligence: The core of Onchor.ai is its ability to self-improve. Thanks to 0G Storage, the tool maintains a collective memory base of anonymized vulnerability patterns. Every audits cross-references new code against this ever-growing global database, ensuring that once a pattern is discovered anywhere, the entire network is protected against it.

Setup: Onchor.ai is installable globally via ‘pip install onchor-ai’ for immediate CLI-based audits. Audits are powered by x402 (HTTP-native USDC on Base Sepolia) and Onchor.ai contributors who opt-in to share anonymized patterns back to the collective memory earn back 0.05 USDC per pattern.

0G Storage stores the full pattern payload and returns a rootHash. It performs individual finding uploads and manages a collective manifest through a Key-Value store which allows the agent to index and retrieve patterns by pattern_hash in constant O(1) time. The rootHash is then anchored on-chain via KeeperHub, creating an immutable verification chain.

KeeperHub handles all on-chain executions. We use both the Direct Execution API and the MCP server so the agent can autonomously anchor findings. The Para MPC wallet handles gas automatically. Zero key management on our side.

ENS mints audit certificates as subnames under certified.onchor-ai.eth. After each audit with zero HIGH findings, text records are also written (verdict, high_count, tx_proof, report_hash, audit_date) in a single transaction.

Through x402, the CLI gets dynamic pricing, signs an EIP-3009 authorization. The server verifies + settles via the x402 facilitator before running the pipeline. Contribution rewards are paid via direct ERC-20 transfer from the server wallet.

Cognee handles local memory. Findings are sanitized, normalized then fed into a local graph. Phase 1 loads known findings for deduplication. Phase 4 combines Cognee recall (local) and 0G manifest queries (collective).

For the backend, python (FastAPI + Click), deployed on Render with a PostgreSQL audit history store.