audit-prep-assistant

Audit Prep Assistant is a specialized agent designed to streamline the security audit process by ensuring a codebase is in an optimal state before a professional review. It addresses common preparation gaps—such as undocumented build steps, missing documentation, and inadequate test coverage—that often delay or complicate security assessments. The tool guides developers through a four-step lifecycle: setting clear security goals, resolving low-hanging fruit through static analysis, ensuring code accessibility, and generating comprehensive documentation.

• Automatically executes static analysis tools like Slither (Solidity), dylint (Rust), and golangci-lint (Go) to identify and triage vulnerabilities.

• Analyzes test suites to identify untested code paths, suggests improvements to coverage, and tracks the removal of dead or unreachable code.

• Facilitates build reproducibility by verifying dependencies, documenting build environments, and identifying specific commit hashes to freeze for the audit.

• Generates critical artifacts including flowcharts, sequence diagrams, user stories, role/privilege maps, and architectural glossaries to help auditors quickly understand the system logic.

• Produces a formal Audit Prep Package that aggregates review goals, areas of concern, worst-case scenarios, and technical findings for handover to the assessment team.

• Best utilized 1-2 weeks prior to a formal security audit to maximize the value of external security efforts.

• Supports multi-language projects including Solidity, Rust, Go, and C++, adapting its diagnostic routines based on the detected platform and available tooling.

• Operates on a principle of 'no shortcuts,' requiring users to test builds in fresh environments and validate assumptions rather than relying on stale documentation or outdated reports.

• Users should expect to interact with the agent to refine documentation like NatSpec, arithmetic invariant definitions, and trust boundaries between on-chain and off-chain components.