ArkheionX LOCAL REVIEW INFRASTRUCTURE Source

Research memory (v4.1)

Map the protocol. Track the hypotheses. Keep the evidence.

ArkheionX gives the map. The agent grinds the tests. The research memory keeps the evidence. The human makes the final call. v4.1 turns a review map into an AI-agent-ready brief and preserves what was tested and rejected. It does not confirm vulnerabilities, assign severity, or run anything against a live chain.

Workflow

Build the handoff before asking an agent to review.

arkheionx review-map .
arkheionx agent-brief .
arkheionx hypothesis-log .
arkheionx case-study .
+

arkheionx agent-brief

A focused, safe brief for an AI/security agent: value paths, coverage weakness ranking, authorization surfaces, periphery/core flows, behavior-mismatch surfaces, and open hypotheses.

+

arkheionx hypothesis-log

A structured hypothesis tracker. Every hypothesis starts open; a human records the test command, result, and a rejected / confirmed / needs-human-review status.

+

arkheionx case-study

A sanitized research-session report: what was tested, what was rejected, what held, what was noisy, and what remains unresolved.

Rejected findings are evidence

A held invariant is research memory, not wasted work.

HYP-004  [rejected]  withdrawal/redeem accounting drift -> Vault.withdraw
  Test command   forge test --match-test test_withdraw_conserves_accounting
  Result         pass
  Rejection      share<->asset accounting held for first, last, and dust exits
  Human decision not a finding; recorded so later reviewers do not retest
!

Hypotheses, not findings

Every generated hypothesis starts open and is a review prompt. ArkheionX never sets confirmed; only a human does, and only with independent local proof.

!

Local and static

No RPC, no live-chain action, no exploit automation, no auto-submit. Artifacts are written locally under .arkheionx/research/.

!

Human review required

The case study is not an audit report and makes no safety claim. The security judgment stays yours.

Boundary

ArkheionX organizes research memory; it does not decide.

It does not confirm vulnerabilities, assign final severity, or prove impact. Read the full guide in the repository's docs/V4_1_RESEARCH_WORKFLOW.md and docs/RESEARCH_MEMORY_MODEL.md.

Read the safety model