{"id":30351353,"url":"https://github.com/tintinweb/vscode-chonky","last_synced_at":"2026-05-15T01:04:37.303Z","repository":{"id":308058965,"uuid":"1025543927","full_name":"tintinweb/vscode-chonky","owner":"tintinweb","description":"🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity","archived":false,"fork":false,"pushed_at":"2025-08-07T17:42:43.000Z","size":8969,"stargazers_count":12,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-18T23:02:48.608Z","etag":null,"topics":["agentic-ai","security","solidity","vscode-extension"],"latest_commit_sha":null,"homepage":"https://marketplace.visualstudio.com/items?itemName=tintinweb.chonky","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tintinweb.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-24T12:17:11.000Z","updated_at":"2025-08-11T18:54:54.000Z","dependencies_parsed_at":"2025-08-03T23:17:32.385Z","dependency_job_id":"36e000de-5abc-41e3-8eae-78d5bb383e34","html_url":"https://github.com/tintinweb/vscode-chonky","commit_stats":null,"previous_names":["tintinweb/vscode-chonky"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tintinweb/vscode-chonky","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tintinweb%2Fvscode-chonky","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tintinweb%2Fvscode-chonky/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tintinweb%2Fvscode-chonky/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tintinweb%2Fvscode-chonky/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tintinweb","download_url":"https://codeload.github.com/tintinweb/vscode-chonky/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tintinweb%2Fvscode-chonky/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279020352,"owners_count":26086866,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-ai","security","solidity","vscode-extension"],"created_at":"2025-08-18T23:01:57.346Z","updated_at":"2025-10-14T18:36:41.357Z","avatar_url":"https://github.com/tintinweb.png","language":null,"funding_links":["https://github.com/sponsors/tintinweb"],"categories":[],"sub_categories":[],"readme":"# 🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity\n\nChonky is a VS Code extension that transforms GitHub Copilot into a specialized smart contract security auditing agent.\n\n\u003cdiv align=\"center\"\u003e\n\n![Chonky Logo](https://github.com/tintinweb/vscode-chonky/raw/main/img/superchonky.png)\n\n**Your AI-Powered Smart Contract Auditing Assistant**\n\n[![Version](https://img.shields.io/badge/version-0.6.6-blue.svg)](https://github.com/tintinweb/vscode-chonky)\n[![License](https://img.shields.io/badge/license-Proprietary-orange.svg)](LICENSE)\n\n[![Sponsor](https://img.shields.io/badge/♥️-Sponsor-red?style=for-the-badge\u0026logo=github)](https://github.com/sponsors/tintinweb)\n\n\u003c/div\u003e\n\n---\n\n**VS Code Marketplace:** \n- [\u003cimg height=\"15px\" src=\"https://code.visualstudio.com/assets/images/code-stable.png\"\u003e tintinweb.chonky ](https://marketplace.visualstudio.com/items?itemName=tintinweb.chonky) \n- `#\u003e ext tintinweb.chonky`\n\n**TLDR;**\n- Agent Augmented Auditing\n- Automated Scoping\n- Automated In-Depth Security Analysis\n- Agentic Tooling for Deep Smart Contract Insights\n- Extending Agent capabilities with General Purpose LLM Tooling\n- Your Smart Contract Auditing Side-Kick!\n\n**Extends GitHub/Copilot Model Capabilities**\n\n## 🚀 Quick Start Guide\n\n\u003c!-- \u003ca href=\"https://marketplace.visualstudio.com/items?itemName=tintinweb.chonky\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-splash-still.png\" height=350px /\u003e\u003c/a\u003e --\u003e\n\n\n\u003cimg height=\"350\" alt=\"image\" src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/copilot-view.png\" /\u003e\n\n### 💬 Use Chonky's Tools in Copilots Agentic Mode\nOpen Copilot Chat → switch to `Agent` mode → Ask the agent\n\n```typescript\n// list availabler tools\nList chonky available llm tools\n```\n\n### 💬 Chat with Chonky\nUse `Agent` mode for day-to-day use. The agent will decide when to invoke any of Chonky's tools. Use the **@chonky** chat participant for specialized operations. \n\n\u003ca href=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-chat-persona.gif\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-chat-persona.gif\" height=350px /\u003e\u003c/a\u003e\n\n### 📊 Scope Solidity Projects\nGenerate comprehensive project scoping reports\n\n\u003ca href=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-scope.gif\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-scope.gif\" height=350px /\u003e\u003c/a\u003e\n\n### 🤖 Agent Automated Audits\nRun comprehensive automated security analysis\n```\n**@chonky** #autoaudit Full security scan\n```\n\n### 🎯 Custom Chat Modes\nSpecialized chat modes for different audit phases\n\n\u003ca href=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-modes.gif\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-modes.gif\" height=350px /\u003e\u003c/a\u003e\n\n### 🔍 Discover Tools\nExplore all available features for your tier\n\n\u003ca href=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-available-tools.gif\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-available-tools.gif\" height=350px /\u003e\u003c/a\u003e\n\n\n### 📜 Agentic Auditor Prompt Template\nPre-prompt your action with our agentic security auditor template.\n\n\u003ca href=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/prompt-instructions.gif\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/prompt-instructions.gif\" height=350px /\u003e\u003c/a\u003e\n\n## ⚡ Early Access / Sponsors / Professional\n\n### ♥️ Sign In for Early Access Features (Sponsors)\n[Sponsor](https://github.com/sponsors/tintinweb) and get Early Access to **experimental** future features 😊. Ping me if you run into any problems 🤗.\n\n\u003ca href=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-sign-in.gif\"\u003e\u003cimg src=\"https://github.com/tintinweb/vscode-chonky/raw/main/media/chonky-sign-in.gif\" height=350px /\u003e\u003c/a\u003e\n\n### ⚡⚡ Custom Agentic Workflows\nReady-to-go **Scoping**/**Auditing** workflows, easy to extend and customize.\n```\n**@chonky** ...\n```\n\n### ⚡⚡ Access to a comprehensive list of Security Primers\nGet access to our curated list of Solidity security primers to augment and automate your security auditing.\n```\n**@chonky** ...\n```\n\n---\n\n## 🆕 What's New in v0.6.6\n\n### ✨ Highlights\n- 🔧 **Improved .chonky Directory Discovery**\n- 📁 **Flexible File Placement Support**\n\n### 🚀 Improvements\n- ▸ Fixed discovery of files in .chonky root directory (e.g., .chonky/xxx.workflow.md)\n- ▸ Simplified validation logic for better file placement flexibility\n- ▸ Enhanced workspace resource detection\n\n---\n\n## 🆕 What's New in v0.6.5\n\n### ✨ Highlights\n- 📁 **Auto-Discovery of .chonky Workspace Folders**\n- 🎯 **Repository Filtering with repositoryId**\n- 🔍 **Pattern-Based Resource Discovery**\n- 📊 **Enhanced Discovery Output**\n\n### 🌟 New Features\n- ▸ Automatic workspace .chonky folder detection for project-specific security resources\n- ▸ Repository filtering for targeted primer/workflow discovery\n- ▸ Flexible file extension matching (*.primer.md, *.workflow.md, tools/*.yml)\n- ▸ Repository information display in discovery results\n\n### 🚀 Improvements\n- ▸ Better project-specific security resource management\n- ▸ Enhanced filtering capabilities for large repositories\n- ▸ More intuitive workspace-based resource organization\n\n---\n\n## 🆕 What's New in v0.6.5\n\n### ✨ Highlights\n- 🎨 **Enhanced Visual Code Annotation System**\n- 🎯 **Accurate Line Targeting with Code Validation**\n- 🛡️ **Advanced Security-Focused Decorations**\n- ✨ **Custom Styling with Full Validation**\n\n\n---\n\n## 🆕 What's New in v0.6.0\n\n### ✨ Highlights\n- 🚀 **Advanced Security Analysis Features**\n- 🛡️ **Enhanced AI-Powered Vulnerability Detection**\n- ⚡ **Improved Tier-Based Feature Access**\n\n### 🌟 New Features\n- ▸ Security primer discovery and loading system\n- ▸ Workflow repository with pre-built analysis templates\n- ▸ Tool configuration repository access\n- ▸ Interactive Solidity REPL (Chisel) integration\n- ▸ Comprehensive differential analysis orchestrator\n- ▸ AI-powered function similarity detection\n- ▸ Advanced vulnerability database search\n- ▸ MetaMask Snap security analysis\n- ▸ Multi-language scoping (Go, Rust, Solidity)\n- ▸ Etherscan and Sourcify integration\n- ▸ Semgrep static analysis integration\n\n### 🚀 Improvements\n- ▸ Faster contract analysis\n- ▸ Improved tooltip experience\n- ▸ Enhanced sponsorship integration\n\n---\n\n## 🛠️ Feature Catalog\n\n### 🆓 Base Features (21 tools)\n*Available to everyone*\n\n| Feature | Description |\n|---------|-------------|\n| 🔹 **Chonky Chat Participant** | AI-powered **@chonky** chat participant for intelligent assistance |\n| 🔹 **Solidity Metrics \u0026 Scoping** | Comprehensive project analysis and scoping reports |\n| 🔹 **Contract Structure Analysis** | Deep dive into contract architecture and patterns |\n| 🔹 **Inheritance Tree Analysis** | Visualize and analyze inheritance relationships |\n| 🔹 **Contract Flattening** | Flatten complex contract hierarchies |\n| 🔹 **Access Control Analysis** | Identify permission patterns and vulnerabilities |\n| 🔹 **Storage Layout Analysis** | Optimize storage packing and layout |\n| 🔹 **Deployable Contract Discovery** | Find contracts ready for deployment |\n| 🔹 **Import Dependency Analysis** | Map external dependencies and risks |\n| 🔹 **External Calls Analysis** | Map and analyze all external interactions |\n| 🔹 **ERC Compliance Checker** | Verify token standard implementations |\n| 🔹 **Semgrep Security Analysis** | Advanced static analysis with custom rules |\n| 🔹 **Surya Visualization Suite** | Generate graphs and visual contract analysis |\n| 🔹 **Solhint Code Quality** | Automated code quality and style checks |\n| 🔹 **JSON Processing Tools** | Advanced JSON parsing and analysis |\n| 🔹 **DateTime Utilities** | Timestamp and date manipulation tools |\n| 🔹 **Memory Store** | Persistent data storage across sessions |\n| 🔹 **Available Tools Discovery** | Explore all available Chonky capabilities |\n| 🔹 **Workspace File Search** | Intelligent file discovery and search |\n| 🔹 **Workspace Integration** | Auto-discovery of .chonky folders with pattern-based resource matching |\n| 🔹 **Editor Decorator Tool** | Advanced visual code annotation with accurate line targeting and custom styling |\n| 🔹 **Diagnostic View Manager** | Read and create VS Code diagnostics with code snippet validation |\n\n### ⚡ Early Access Features (12 tools)\n*Available earlier to sponsors*\n\n\u003e 💡 **Support development to get early access** - [Become a Sponsor](https://github.com/sponsors/tintinweb)\n\n| Feature | Description |\n|---------|-------------|\n| 🔸 **Custom Chat Modes** | Specialized chat modes for auditing workflows and scoping |\n| 🔸 **Solidity REPL (Chisel)** | Interactive Solidity execution environment |\n| 🔸 **Reentrancy Detection** | Comprehensive reentrancy vulnerability analysis |\n| 🔸 **Oracle Risk Analysis** | Identify oracle manipulation vulnerabilities |\n| 🔸 **Event Pattern Analysis** | Verify event emission completeness |\n| 🔸 **Function Similarity Detector** | AI-powered function pattern matching |\n| 🔸 **Inconsistency Reporter** | Find security pattern discrepancies |\n| 🔸 **Differential Analysis Orchestrator** | Comprehensive security pattern comparison |\n| 🔸 **Smart Contract Invariants** | Verify contract invariant properties |\n| 🔸 **Function Analysis Engine** | Deep function behavior and pattern analysis |\n| 🔸 **Contract Call Graph Generator** | Advanced interaction flow visualization |\n| 🔸 **Function Path Tracer** | Execution path analysis with wildcard selectors |\n\n### ⚡ Professional Features (12 tools)\n*For security teams and researchers*\n\n\u003e 🚀 **Professional tools for advanced security research** - [Upgrade to Professional](https://github.com/sponsors/tintinweb)\n\n| Feature | Description |\n|---------|-------------|\n| ⚡ **Security Primer Discovery** | Discover and search security analysis primers |\n| ⚡ **Security Primer Loading** | Load comprehensive security primers for AI analysis |\n| ⚡ **Workflow Repository Access** | Access pre-built security analysis workflows |\n| ⚡ **Tool Repository Access** | Access security tool configurations and templates |\n| ⚡ **Vulnerability Database Search** | Query Solodit for known vulnerabilities |\n| ⚡ **Diligence Vulnerability Database** | Access ConsenSys Diligence research database |\n| ⚡ **Go Codebase Scoping** | Security analysis for Go blockchain projects |\n| ⚡ **Rust Codebase Scoping** | Security analysis for Rust blockchain projects |\n| ⚡ **MetaMask Snap Analysis** | Comprehensive MetaMask Snap security review |\n| ⚡ **Etherscan Integration** | On-chain contract verification and analysis |\n| ⚡ **Sourcify Integration** | Source code verification and metadata analysis |\n| ⚡ **Public Codebase Search** | Search GitHub for similar contract patterns |\n\n---\n\n## 📖 Documentation\n\n### Getting Started\n1. **Install the Extension**: Search for \"Chonky\" in VS Code Extensions\n2. **Start Chatting**: Use `@chonky` in any chat window (`ask` Mode)\n3. **Discover Tools**: Switch to Copilot `Agentic` Mode, ask about Chonky's available tools in natural language\n4. **Scope Your Project**: In `Agentic` or Scoping Mode, ask to scope the project\n\n### Chat Modes\nChonky supports specialized chat modes for different agentic workflows:\n- `Scoping` - Project scoping and analysis\n- `Audit` - Security auditing workflows\n\n\n### Tool Categories\n- **🔒 Security Analysis**: Access control, reentrancy, external calls, oracle analysis\n- **🏗️ Contract Structure**: Structure analysis, imports, inheritance, flattening\n- **📊 Code Quality**: Events, ERC compliance, functions, invariants\n- **🌐 External Services**: Etherscan, Sourcify, vulnerability databases\n- **🛠️ Utilities**: Surya graphs, Solhint, scoping, memory store\n\n---\n\n## 🎯 Use Cases\n\n### Security Auditors\n- Comprehensive vulnerability detection\n- Automated pattern analysis\n- AI-assisted code review\n- Integration with external databases\n\n### Development Teams\n- Project scoping and metrics\n- Code quality assurance\n- ERC standard compliance\n- Continuous security monitoring\n\n### Security Researchers\n- Advanced vulnerability research\n- Pattern similarity detection\n- Multi-language analysis\n- Custom primer development\n\n---\n\n## 🔧 Installation\n\n### VS Code Marketplace\n1. Open VS Code\n2. Go to Extensions (Ctrl+Shift+X)\n3. Search for \"Chonky\"\n4. Click Install\n\n### Manual Installation\n1. Download the latest `.vsix` file from releases\n2. Open VS Code\n3. Run `Extensions: Install from VSIX...`\n4. Select the downloaded file\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! Here's how you can help:\n\n1. **Report Bugs**: Open an issue with detailed information\n2. **Feature Requests**: Suggest new features or improvements\n3. **Documentation**: Help improve our docs\n4. **Sponsorship**: Support development through GitHub Sponsors\n\n### Development Setup\n\n```bash\ngit clone https://github.com/tintinweb/vscode-chonky.git\ncd chonky\nnpm install\nnpm run compile\n```\n\n---\n\n## 💝 Support Development\n\nChonky is developed and maintained by passionate security researchers. Your support helps us:\n\n- 🔬 **Research new vulnerabilities**\n- 🛠️ **Develop advanced tools**\n- 📚 **Create educational content**\n- 🌍 **Keep tools free for everyone**\n\n[![Sponsor](https://img.shields.io/badge/♥️-Sponsor-red?style=for-the-badge\u0026logo=github)](https://github.com/sponsors/tintinweb)\n\n### Sponsorship Tiers\n- **🔹 Base**: Core features for everyone\n- **🔸 Early Access (see [Sponsor page](https://github.com/sponsors/tintinweb))**: Early access to new features\n- **⚡ Professional (contact me)**: Advanced research tools\n\n---\n\n## 📄 License \u0026 Credits\n\nCreated by [tintinweb](https://github.com/tintinweb) - Security researcher and smart contract auditor with 7+ years in Blockchain security.\n\n---\n\n## 📞 Support \u0026 Community\n\n- **GitHub Issues**: [Report bugs and request features](https://github.com/tintinweb/vscode-chonky/issues)\n- **Twitter**: [@tintinweb](https://twitter.com/nicht_tintin)\n- **Website**: [Visit our website](https://tintinweb.github.io/portfolio/)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Made with ♥️ by the security community**\n\n[🏠 Home](https://github.com/tintinweb/vscode-chonky) • [📖 Docs](https://github.com/tintinweb/vscode-chonky/wiki) • [💝 Sponsor](https://github.com/sponsors/tintinweb)\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftintinweb%2Fvscode-chonky","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftintinweb%2Fvscode-chonky","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftintinweb%2Fvscode-chonky/lists"}