ArkheionX LOCAL REVIEW INFRASTRUCTURE Source

How it works

From a local repository to a structured review map.

ArkheionX reads your repository statically and organizes it into a review map. Everything it produces is review guidance for a human — it does not execute your contracts, call any chain, or confirm that a bug exists.

Input → output

One command builds the map.

arkheionx review-map .
01

Read the local repo

ArkheionX starts from Solidity and Foundry source files on your machine. No RPC, no network, no deployed-contract access.

02

Extract contracts and functions

It identifies contracts, functions, visibility, and the roles that can act on the system.

03

Map value movement

Using function names and token-transfer calls, it marks where value enters, moves, and exits — the value paths.

04

Identify assumptions

Each value path carries the trust it depends on: oracle freshness, access control, share proportionality, no reentrancy, standard ERC20 behavior.

05

Compare against tests

It looks for local test references for each value-sensitive function. A function with no matching test becomes a test gap.

06

Suggest proof direction

For each gap it suggests a local Foundry proof scaffold direction — an objective, setup, action, and assertions you fill in.

What you get

Real output, locked by tests.

OK    Map review surface  3 contracts, 14 functions, 3 value paths, 5 test gaps

Inspect first
1  HIGH   Strategy.divest            Signals  external-call, value-out
2  HIGH   Vault.emergencyWithdraw    Signals  external-call, privileged, value-out
3  HIGH   Vault.withdraw             Signals  external-call, value-out

Test gap   Vault.withdraw   Source  src/Vault.sol:63   Proof  proof-vault-withdraw
JSON

Machine readable

Add --json for a structured payload: contracts, value paths, assumptions, test gaps, and proof suggestions.

MD

Human readable

Artifacts are written under .arkheionx/out/review-map/ (gitignored), including a Markdown review map and a Test Gap Map.

SRC

Source evidence

Each test gap prints a Source: <file>:<line> reference taken from the parsed source, so you can open the exact function.

Limitations

Static heuristics, not execution.

Value paths are derived from names and token-transfer calls, not a proven runtime trace. Cross-contract flow is surfaced as per-contract paths; connecting them end to end is roadmap work. ArkheionX does not confirm vulnerabilities, assign final severity, or run any exploit. You validate manually, and human review owns the conclusion.

Try the quickstart