Zero-Trust AI-Powered DevSecOps for Web3 Automated CI/CD security pipeline that audits Solidity Pull Requests with multi-model AI consensus and deploys with ephemeral, single-use private keys.
The full pipeline in action — broken into 4 short clips so you can jump straight to what matters.
A reentrancy bug is introduced. SolGuard's AST diff isolates the changed function, the AI consensus engine flags it as High severity, and the PR is auto-blocked with an inline explanation. Merge button locked.
Vulnerable.PR.Blocked.mp4
A CEI-pattern fix is submitted. The same pipeline runs, AI consensus returns pass=true, the green check appears, and the PR becomes mergeable. Zero human review required for safe code.
Safe.PR.Approved.mp4
On merge, SolGuard generates a fresh AES-256-GCM-encrypted wallet, JIT-funds it, deploys to Sepolia via Foundry, verifies on Etherscan, and sweeps remaining ETH back to cold storage — all in under 30 seconds. The deploy key never touches disk.
Secure.Auto-Deploy.mp4
Live on-chain proof: 📜 Contract:
0x4144a335895ec1f9727ccc9cf501424b0ad59f8b🔑 Ephemeral deployer (used once, swept clean):0x5Cceed560f09bd3109889d76027Dbff74408b52f
Live comparison run on a labeled subset of the SmartBugs/SWC corpus. SolGuard's consensus engine achieves F1 = 1.00 vs Slither's 0.67 by eliminating false positives while catching semantic bugs Slither misses.
Benchmark.Comparison.mp4
- Static analyzers are noisy. Tools like Slither lack semantic understanding, producing false positives on safe code while missing intent-based bugs (access control flaws, business logic errors).
- CI/CD private keys are a treasury risk. Storing deployment keys in GitHub Secrets or environment variables creates a single point of failure. One compromised runner = full project drain.
- AI Consensus Engine. SolGuard parses the Solidity AST, identifies exactly which functions changed, and routes them to an ensemble of LLMs (Gemini 2.5 Flash + Groq Llama 3.3 70B + optional Ollama). A vulnerability is only flagged when models reach consensus, eliminating noise.
- Ephemeral Key Architecture. On merge, SolGuard generates a fresh AES-256-GCM-encrypted wallet in memory, funds it Just-In-Time with exact gas, deploys, verifies on Etherscan, and mathematically sweeps remaining ETH back to cold storage. The deploy key never touches disk and never lives past one transaction.
| Feature | Description |
|---|---|
| 🔐 PR Gatekeeper | Pushing code spawns an isolated Docker sandbox running forge build + Slither. Failures auto-block the PR. |
| 🌳 AST Diffing + Redis Cache | Hashes individual function ASTs. Unchanged code hits the cache (♻️ CACHE HIT!), saving latency and LLM tokens. |
| 🤖 Multi-Model AI Consensus | Gemini, Groq, and Ollama vote on each finding. Configurable quorum thresholds. |
| 📜 Policy-as-Code | Customizable audit-policy.yaml defines pass/fail rules per severity. |
| 🔑 Ephemeral Deployments | One-shot wallets, AES-256-GCM at rest, JIT funded, auto-swept. Zero hardcoded keys. |
| 📊 SQLite Audit Trail | Every deployment cryptographically logged for compliance and post-mortem. |
| 🔌 Air-Gapped Mode | Drop-in Ollama support for enterprises requiring zero data egress. |
Evaluated against a curated subset of the SmartBugs / SWC dataset:
| Contract | Ground Truth | Slither | Gemini | Groq | Consensus |
|---|---|---|---|---|---|
reentrancy_simple.sol |
Vulnerable | ✅ | ✅ | ✅ | ✅ Blocked |
etherstore.sol |
Vulnerable | ✅ | ✅ | ✅ | ✅ Blocked |
unprotected_owner.sol |
Vulnerable | ❌ Missed | ✅ | ✅ | ✅ Blocked |
safe_bank.sol |
Safe | ❌ False Positive | ✅ | ✅ | ✅ Approved |
Consensus Engine F1 Score: 1.00 · Precision: 1.00 · Recall: 1.00
The consensus model caught a semantic access-control bug Slither missed, and cleared a false positive Slither flagged. Run the benchmark yourself with go run ./cmd/bench.
sequenceDiagram
participant Dev as Developer
participant GH as GitHub
participant SG as SolGuard (Go)
participant Docker as Sandbox
participant AI as AI Consensus
participant Eth as Sepolia
%% Audit Phase
Dev->>GH: Opens Pull Request
GH->>SG: Webhook (PR opened)
SG->>Docker: Clone, forge build, slither, extract AST
Docker-->>SG: AST diffs + Slither JSON
SG->>AI: Route changed functions to LLMs
AI-->>SG: Consensus verdict (strict JSON)
SG->>GH: Markdown audit report + commit status
%% Deploy Phase
Dev->>GH: Merges PR to main
GH->>SG: Webhook (push to main)
SG->>SG: Generate ephemeral key, AES-256-GCM encrypt
SG->>Eth: Fund key (0.01 ETH JIT)
SG->>Docker: forge script --broadcast --verify
Docker->>Eth: Deploy contract
SG->>SG: Persist record to SQLite audit trail
SG->>Eth: Sweep remaining ETH back to master
SG->>GH: Post verified Etherscan link
- Go 1.21+
- Docker
- Redis (local or remote)
- ngrok (for local webhook testing)
- Foundry (for the target deploy repo)
- Funded Sepolia wallet (~0.05 ETH for testing)
git clone https://github.com/jevinjojo/solguard.git
cd solguard/backend
# Configure environment
cp .env.example .env
# Edit .env with your API keys, RPC URL, and master wallet
# Build the sandbox image
docker build -t solguard-sandbox -f sandbox/Dockerfile .
# Install Go dependencies
go mod tidy
# Run the server
go run .- Expose your local server:
ngrok http 8080 - In your target repo: Settings → Webhooks → Add webhook
- Payload URL:
https://<your-ngrok>.ngrok-free.dev/webhook - Content type:
application/json - Secret: matches
WEBHOOK_SECRETin your.env - Events: Pull requests, Pushes
- Payload URL:
- Open a PR with a vulnerable Solidity file → watch SolGuard analyze it in real time.
go run ./cmd/bench
# Outputs Markdown comparison table to stdout + writes results to SQLitesolguard/
├── backend/
│ ├── main.go # HTTP server + webhook router
│ ├── pipeline.go # Audit + deploy orchestrator
│ ├── ast_parser.go # Solidity AST diffing + hashing
│ ├── llm_manager.go # Multi-LLM consensus engine
│ ├── policy.go # Policy-as-code evaluator
│ ├── ephemeral.go # One-shot wallet generator + sweeper
│ ├── encryption.go # AES-256-GCM at rest
│ ├── deployer.go # Forge script + Etherscan verifier
│ ├── database.go # SQLite audit trail
│ ├── reporter.go # GitHub PR comments + commit status
│ ├── config.go # Env loading + secret redaction
│ ├── sandbox/Dockerfile # Foundry + Slither container
│ ├── cmd/bench/ # Benchmark harness
│ └── bench_dataset/ # SmartBugs-style labeled corpus
├── docs/ # Architecture notes & V2 backlog
├── README.md
├── SECURITY.md
└── LICENSE
- Sandbox isolation. Untrusted PR code runs only inside an ephemeral Docker container — never on the host.
- Secret redaction. All API keys and wallet strings pass through a
.Redacted()interface before reachinglog/slog. Logs are publishable. - Ephemeral keys. Deploy keys live for ~30 seconds, encrypted in memory with AES-256-GCM, and are never written to disk.
- Auto-sweep. Leftover gas is returned to cold storage immediately post-deploy. No stranded funds.
- Cryptographic audit trail. Every deployment is recorded in SQLite with on-chain transaction hashes as immutable secondary evidence.
Full threat model in SECURITY.md.
| Layer | Tools |
|---|---|
| Backend | Go 1.21, go-chi/chi, log/slog |
| Blockchain | go-ethereum, Foundry (forge, solc), Slither |
| AI / LLMs | Google Gemini 2.5 Flash, Groq Llama 3.3 70B, Ollama (deepseek-coder) |
| Data | Redis (AST cache), SQLite3 (audit trail) |
| Infra | Docker, GitHub Webhooks, ngrok |
- Mainnet deployment support with multi-sig hand-off
- Hardware-key (HSM) integration for the master wallet
- GitHub App distribution (vs. webhook-per-repo)
- Web dashboard for audit trail visualization
- Custom rule packs per organization
See docs/V2_BACKLOG.md for the full backlog.
Contributions are welcome. Please open an issue first to discuss any major changes.
For security vulnerabilities, do not open a public issue. See SECURITY.md for responsible disclosure.
Apache License 2.0 — see LICENSE.
Built by Jevin Jojo.
SolGuard ensures that vulnerable code never reaches main, and private keys never reach the cloud.