Vyper Guard Platform

Contract security that feels operational.

Deterministic Vyper security checks from local development to CI gates, with advisory AI triage, explorer intelligence, and controlled remediation workflows.

Detectors

12 active checks

Highest risk

2 critical findings

Posture

Review required

Mr. Vyper

Vyper mascot

Live workflow preview

vault-audit

$ vyper-guard analyze contracts/Vault.vy --ai-triage
# detectors loaded: 12
# critical: 2
# high: 8 (dynamic severities may vary by context)
# score model: base 100 with per-tier caps + detector-failure trust penalty
# recommendation: Review required
$ vyper-guard analyze contracts/Vault.vy --fix-dry-run --max-auto-fix-tier B
# proposed edits: 3
# write operations: 0

Detector coverage snapshot

current dataset

Critical2
High8
Medium0
Low2

Total

12 findings

Gate

Manual review

Workflow timeline

From scan to release gate

Phase 01

Source Risk Profiling

A single .vy contract is parsed, checked, and scored through deterministic detector and semantic passes.

Phase 02

Signal Prioritization (Optional AI)

Findings are ranked by severity, with optional advisory AI triage metadata that never overrides verdicts.

Phase 03

Remediation Planning

Fix plans run under tier constraints with dry-run mode, explicit write prompts, and report artifacts.

Phase 04

CI + Runtime Operations

JSON/Markdown artifacts drive CI policy gates, while explorer/address and monitor flows support deployed contracts.

Command Studio

Understand the workflow in under a minute.

Choose a command path and preview realistic output. This gives non-developers a clear view of what the CLI does without opening a terminal.

Selected path

Baseline scan

command-preview

$ Analyzing Vault.vy
$ 12 detectors loaded
$ critical: 2
$ high: 8
$ grade model: A+ / A / B / C / F
$ recommendation: review required

CLI-first

Predictable command outputs for local and CI pipelines.

Safe by default

Dry-run paths help teams control remediation risk.

Audit ready

Exportable reports keep review trails transparent.

Need full reference?

Open docs and follow the install-to-ci command journey.

Open docs

Documentation Surface

How teams actually use Vyper Guard

Practical usage patterns from first local scan to CI gating, fix reviews, and post-deploy checks.

01

deterministic

Deterministic analysis core

The core scanner is deterministic and file-scoped: parse source, run compiler checks and detectors, then score and grade. This keeps CI decisions reproducible.

  • Single-file analysis boundary for `analyze <file>`
  • 12 built-in checks including compiler advisories
  • Structured CLI, JSON, and Markdown reporting
  • Stable score/grade model with per-tier deduction caps
02

advisory

Advisory AI and remediation

AI triage is optional and advisory. It augments prioritization metadata but cannot override detector verdicts. Remediation runs through explicit safety tiers.

  • `--ai-triage` adds metadata, not verdict changes
  • `--allow-ai-fallback` is explicit opt-in
  • `--fix-dry-run` previews edits before writes
  • `--max-auto-fix-tier` enforces risk boundaries
03

deployed

Deployed-contract workflows

Explorer and address analysis extend checks to deployed contracts. Agent mode and monitoring support investigation and runtime operations.

  • `explorer` fetches source/ABI/metadata
  • `analyze-address` evaluates verified source
  • `agent` provides LLM-backed advisory assistance
  • `monitor` / `baseline` support runtime anomaly workflows
04

limits

Known boundaries and hardening

Vyper Guard is one layer in a defense-in-depth workflow. It does not replace formal verification, protocol-level threat modeling, or professional audits.

  • Cross-contract and protocol-economic attacks are out of scope
  • Detector runtime failures apply trust penalties to scoring
  • Config discovery is trust-boundary hardened
  • Production use still requires manual review and testing

Security analytics model

Open Live Metrics

Detector severity mix

Penalty and cap policy per severity tier

Includes capped deductions; trust penalties apply separately when detector execution fails.

Detector risk-domain groups
Detector capability coverage
Example scan outcomes (actual runs)