Source-Direct
Audit Source Directly
Skip Etherscan. Submit Solidity source and get the same multi-agent audit you get on-chain. Results are cached by source hash, so repeated runs in CI are free after the first pass.
Endpoint
POST
/api/v1/audit/sourceSession or BearerPricing: $29 / auditCached by sourceHash
Request Body
application/json
{
"sourceCode": "// SPDX-License-Identifier: MIT\npragma solidity ^0.8.20;\n\ncontract Vault { ... }",
"contractName": "Vault",
"chainId": 8453,
"model": "sonnet"
}sourceCode(string, required) Solidity source code. Max 500KB. Multi-file sources accepted with// File: pathheaders.contractName(string, optional) Contract name for display in the report.chainId(number, optional) Target chain. Defaults to 1 (Ethereum). Affects chain-specific heuristics.model(string, optional)sonnet(default) oropus. Opus uses deeper analysis.force(boolean, optional) Bypass cache and force a fresh audit.
Response
200 OK / 202 Accepted
{
"auditId": "d3c9f8a1-1a2b-4c3d-9e0f-123456789abc",
"status": "started",
"cached": false,
"estimatedTokens": 12450,
"warning": "Large source detected. Audit may take longer and cost more."
}Use the returned auditId to stream progress from /api/audit/:id/stream or fetch the finished report from /api/audit/:id.
Authentication
Two auth methods are supported. Both count against the same quota.
- 1.
- 2.Session cookie (web UI)
Automatic when signed in via the browser.
Cache Behavior
We hash the submitted source with SHA-256. If a completed report exists for that hash on the same chain, we return it immediately with cached: true and no LLM cost. This means:
- -Re-running CI against unchanged contracts is free.
- -A single character change produces a new hash and triggers a fresh audit.
- -Pass
force: truein the body to bypass the cache when you explicitly want a re-audit.
Pricing
$29 per fresh audit. Cached responses are free. Billing follows your plan or service token quota; see /pricing for current rates.
Error Codes
400Bad RequestInvalid body, missing sourceCode, or exceeded 500KB limit401UnauthorizedMissing or invalid API key / session402Quota ExceededFree audit quota used up. Purchase an audit at /pricing.429Rate LimitedToo many requests. Back off and retry.500Server ErrorInternal failure. Retry after a moment.Examples
curl
curl -X POST https://walletguard.ai/api/v1/audit/source \
-H "Authorization: Bearer wg_live_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d @- <<'EOF'
{
"sourceCode": "pragma solidity ^0.8.20; contract Vault { ... }",
"contractName": "Vault",
"chainId": 8453
}
EOFTypeScript
import { readFileSync } from "node:fs";
const sourceCode = readFileSync("contracts/Vault.sol", "utf8");
const res = await fetch("https://walletguard.ai/api/v1/audit/source", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.WALLETGUARD_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
sourceCode,
contractName: "Vault",
chainId: 8453,
}),
});
if (!res.ok) {
const err = await res.json();
throw new Error(`Audit failed: ${err.code} ${err.error}`);
}
const { auditId, cached, sourceHash } = await res.json();
console.log(`Audit ${auditId} (cached=${cached}, hash=${sourceHash})`);
// Stream progress + final report
const stream = new EventSource(
`https://walletguard.ai/api/audit/${auditId}/stream`,
);
stream.addEventListener("complete", (e) => {
const { report } = JSON.parse(e.data);
console.log("Score:", report.securityScore);
stream.close();
});