AI-Powered Solana Smart Contract Security Copilot
SolShield AI is a comprehensive, AI-driven security auditing platform specifically designed for the Solana ecosystem. It empowers developers to detect, understand, and remediate vulnerabilities in Anchor and Rust smart contracts before they hit the mainnet.
By combining deep AST (Abstract Syntax Tree) analysis with state-of-the-art AI models, SolShield AI provides more than just a list of bugs—it offers actionable insights, exploit scenarios, and secure remediation steps in plain English.
- 🔍 Multi-Source Scanning: Upload local Anchor/Rust projects or scan entire GitHub repositories directly.
- 🤖 AI-Powered Explanations: Every vulnerability is accompanied by an AI-generated breakdown of why it's dangerous and how to fix it.
- 💻 Interactive Code Viewer: A Monaco-based editor that highlights vulnerable lines in real-time, providing context exactly where it's needed.
- 📊 Security Scoring: Get a high-level overview of your project's health with automated severity scoring.
- 🚀 Real-Time Visualization: Track the progress of your security scans with a dynamic, interactive dashboard.
- 🛠️ Solana-Specific Detection:
- Missing Signer Validations
- Unsafe Account Handling
- PDA (Program Derived Address) Misuse
- Insecure CPI (Cross-Program Invocation) Patterns
- Unsafe Rust Operations
In the fast-moving Solana ecosystem, even a small validation error can lead to millions in lost funds. Traditional professional audits are often:
- Expensive: Prohibitive for indie developers and hackathon teams.
- Slow: Taking weeks or months to complete.
- Opaque: Providing reports that are hard for junior developers to interpret.
SolShield AI acts as your 24/7 Security Copilot, bridging the gap between development speed and blockchain security.
- Frontend: Next.js 15, TailwindCSS, Monaco Editor, Framer Motion.
- Backend: FastAPI (Python), Tree-sitter (for Rust AST parsing), Gemini AI / OpenAI APIs.
- Database/Auth: PostgreSQL, Firebase Authentication.
- DevOps: Docker, Docker Compose.
- Docker and Docker Compose
- A Gemini API Key (or supported AI provider)
- Firebase Service Account credentials
-
Clone the repository:
git clone https://github.com/your-username/SolanaSecurityCopilot.git cd SolanaSecurityCopilot -
Configure Environment Variables: Create a
.envfile in the root directory (referencing.env.example):GEMINI_API_KEY=your_api_key_here DATABASE_URL=postgresql://user:password@db:5432/solshield NEXT_PUBLIC_API_URL=http://localhost:8000
-
Launch with Docker:
docker-compose up --build
-
Access the application:
- Frontend:
http://localhost:3000 - Backend API:
http://localhost:8000/docs
- Frontend:
- [ ] Automated exploit simulation and fuzzing.
- [ ] CI/CD integration for GitHub Actions.
- [ ] VSCode Extension for real-time IDE security feedback.
- [ ] On-chain audit certificates and trust scores.
We welcome contributions from the community! Whether you're a security researcher or a frontend wizard, feel free to open an issue or submit a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
Built with ❤️ for the Solana Ecosystem

