Questions people should ask before trusting a security tool.

ArkheionX is local-first review infrastructure for Solidity and Foundry projects. It helps turn a repository into structured review context.

A review map is organized context about contracts, roles, value paths, assumptions, test gaps, evidence links, fixture output, and drift.

It is for security researchers, audit teams, protocol engineers, and developers preparing a smart contract system for review.

Run arkheionx review-map . on a repository you are authorized to review. Run version and doctor first to confirm your install and environment.

Exit code 1 means review guidance is present — there is something to inspect. It is intentional, not a crash. Exit 0 means nothing was surfaced; exit 2 is a usage or input error.

Each test gap prints the exact file and line of the function it refers to, taken from the parsed source so you can open it directly. It is not an invented number.

Yes, as a triage and hypothesis workbench on authorized targets only. It does not confirm vulnerabilities or submit reports, so validate manually before any submission.

review-map still maps the Solidity sources it can parse; doctor will note that no Foundry project was detected. Foundry is recommended for the test-coverage and proof steps.

V4 stabilizes the local review-map workflow: version, doctor, review-map, value-paths, assumptions, test-gap-map, and proof-plan. Source-tree commands like scan, test-plan, and search are advanced.

No. ArkheionX supports review work, but it is not an auditor and does not stand in for human security review.

It can help organize evidence and suspicious review surfaces, but it does not provide final vulnerability confirmation.

No. Severity requires human analysis, protocol context, impact assessment, likelihood, and validation.

No. It does not prove safety. It helps preserve context that a human reviewer can inspect.

No. ArkheionX is not a replacement for static analyzers. It is a review-context layer around a codebase.

No. Foundry is a development and testing toolchain. ArkheionX is focused on review maps and deterministic context.

No. Fuzzing remains useful. ArkheionX can help organize what is tested, what is assumed, and where gaps may remain.

No default public workflow should be treated as exploit execution. It is designed around local review context.

No RPC is required by default for the public local-first workflow.

No. Default workflows do not require private keys, seed phrases, or wallet credentials.

Yes, if you have permission. The local-first design is intended to support private review workflows.

It means the primary workflow starts from files and execution on your machine rather than a hosted dashboard or live-chain connection.

It means outputs should be stable and reproducible when inputs and configuration have not changed.

Source fingerprints are deterministic identifiers for local source inputs, used to help track whether reviewed inputs changed.

Snapshot drift is a change between expected deterministic output and newly generated output.

A fixture benchmark is a local/static protocol shape used to test output consistency and review-surface behavior.

Fixtures make behavior easier to compare because they avoid relying on live external systems during benchmark checks.

Examples include token-like systems, lending vaults, staking rewards, AMM swaps, oracle-dependent vaults, proxies, bridge messages, liquidation engines, and timelocks.

The public install path is source-based. Promotion should wait until fresh install validation and package checks pass.

Binary releases are planned but not published. The current distribution path is source install from GitHub main.

Use the install page. The direct source command is curl -fsSL https://arkheionx.dev/install.sh | bash.

Yes, especially on first use. Download the script, read it locally, then run it if you accept its behavior.

Re-run the source installer, then verify with arkheionx version.

Remove the managed ~/.arkheionx directory and the ~/.local/bin command wrappers created by the installer.

Make sure $HOME/.local/bin is in your PATH, then restart your terminal.

Python 3.11 or newer is required for the source install path.

Install Git with your operating system package manager, then rerun the installer.

It confirms that the command wrapper and installed package can start.

It is intended to help inspect the local environment and identify setup issues.

It can help organize review context, but final reports should be written and validated by humans.

It can support review workflows if the team chooses to use it, but it does not replace the audit process.

It can help organize evidence, but disclosure decisions and report contents require human validation.

No. Treat tool output as context. Verify manually and write the final report outside automation.

No. The public workflow is local-first.

The website and local workflow should avoid external analytics and tracking by default.

Yes. ArkheionX is licensed under Apache-2.0 (see the LICENSE file in the repository). The v8.0.0 source is on GitHub.

Read Getting Started, Installation, Quickstart, Concepts, Fixture Harness, Determinism, and Safety Model.