Web3 Smart Contract Security Auditing Agent
From Latin vigilo — "I watch, I guard." An autonomous security legion inspired by the command structure of the Roman army, watching over your smart contracts to find vulnerabilities before attackers do.
Vigilo is an autonomous security legion for smart contract auditing, inspired by the command structure of the Roman army. It runs inside OpenCode, deploying specialized agents in parallel to find vulnerabilities and generate validated PoCs.
| Agent | Mission |
|---|---|
| Vigilo | Orchestrates the full audit pipeline |
| Quaestor | Pre-audit interview & scope planning |
| Explorator | Code reconnaissance — maps structure and flows |
| Speculator | Documentation intel — extracts design and invariants |
| Centuriones | 8 specialist auditors deployed by protocol type |
Real vulnerabilities found by Vigilo in live audit contests.
All I did was specify the target project and submit the report. Vigilo did the rest.
Cantina — Ceiling Rounding Accumulation (High, Accepted)
View full report
Paste this into your LLM agent session:
Install and configure vigilo by following the instructions here:
https://raw.githubusercontent.com/PurpleAILAB/Vigilo/main/packages/opencode/docs/installation.md
bunx vigilo install/plugin marketplace add PurpleAILAB/Vigilo
/plugin install vigilo@VigiloSee the full Installation Guide for more options.
- Remove the plugin from your OpenCode config:
# Edit ~/.config/opencode/opencode.json and remove "vigilo" from the plugin array- Remove configuration files:
rm -f ~/.config/opencode/vigilo.json- Verify removal:
opencode --version- Automated Audit Workflow: Scope → Recon (Exploratores) → Deep Analysis (Centuriones) → PoC → Report
- Specialized Auditors: Reentrancy, Oracle, Access Control, Flashloan, Logic, DeFi, Token, Cross-Chain
- Multi-Language Support: Solidity, Vyper, Cairo, Rust
- Foundry Integration:
forge build,forge test,forge coverage - LSP Integration: Goto-definition, references, diagnostics
- Parallel Analysis: Multiple auditors running concurrently
- PoC Validation: Auto-generate and validate Foundry tests
cd my-solidity-project
opencode
# Start audit
/audit
# Generate PoC
/poc .vigilo/findings/high/H-01-reentrancy.md.vigilo/
├── recon/ # Explorator & Speculator outputs
├── findings/ # Vulnerability findings
│ ├── high/
│ └── medium/
├── poc/ # PoC validation logs
└── reports/ # Final reports
| Platform | Package | Status |
|---|---|---|
| OpenCode | packages/opencode |
⭐ Recommended |
| Claude Code | packages/claude |
Stable |
Why OpenCode? More flexibility with model selection, better plugin extensibility, and cost-effective auditing with configurable models per auditor.
Measure Vigilo's audit accuracy against verified security reports from Code4rena, Sherlock, and Cantina.
# Run full benchmark pipeline
bunx vigilo-bench sherlock_cork-protocol_2025_01 -w -vPipeline: checkout → audit → score → report
See packages/bench for full documentation.
bunx vigilo doctor
bunx vigilo doctor --verbose| Issue | Solution |
|---|---|
| OpenCode not found | Install from https://github.com/anomalyco/opencode |
| Foundry not found | curl -L https://foundry.paradigm.xyz | bash && foundryup |
| Vigilo not registered | Run bunx vigilo install again |
For contributors working on Vigilo itself.
git clone https://github.com/PurpleAILAB/Vigilo.git
cd vigilo/packages/opencode
bun install
bun link- Configure local plugin path in
~/.config/opencode/opencode.json:
{
"plugin": [
"D:/path/to/vigilo/packages/opencode"
]
}- Run watch mode:
bun run dev- Restart OpenCode to load changes.
| Task | Command |
|---|---|
| Build | bun run build |
| Watch mode | bun run dev |
| Test CLI | bun src/cli/index.ts install |
| Run doctor | bun src/cli/index.ts doctor --verbose |
bunx vigilo installThis resets the plugin path to vigilo@latest.
- Non-production use: Free
- Production use: Requires commercial license
- Change Date: 2029-01-21 (converts to Apache-2.0)
Commercial licensing: catower917@gmail.com
Ready to hunt bugs? 🔍