https://github.com/tintinweb/vscode-chonky

🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity
https://github.com/tintinweb/vscode-chonky

agentic-ai security solidity vscode-extension

Last synced: 3 months ago
JSON representation

🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity

• Host: GitHub
• URL: https://github.com/tintinweb/vscode-chonky
• Owner: tintinweb
• License: other
• Created: 2025-07-24T12:17:11.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2025-08-07T17:42:43.000Z (5 months ago)
• Last Synced: 2025-08-18T23:02:48.608Z (5 months ago)
• Topics: agentic-ai, security, solidity, vscode-extension
• Homepage: https://marketplace.visualstudio.com/items?itemName=tintinweb.chonky
• Size: 8.55 MB
• Stars: 12
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# 🍣 Chonky - A Superhuman LLM Auditing Agent for Solidity

Chonky is a VS Code extension that transforms GitHub Copilot into a specialized smart contract security auditing agent.



![Chonky Logo](https://github.com/tintinweb/vscode-chonky/raw/main/img/superchonky.png)

**Your AI-Powered Smart Contract Auditing Assistant**

[![Version](https://img.shields.io/badge/version-0.6.6-blue.svg)](https://github.com/tintinweb/vscode-chonky)

[![License](https://img.shields.io/badge/license-Proprietary-orange.svg)](LICENSE)

[![Sponsor](https://img.shields.io/badge/♥️-Sponsor-red?style=for-the-badge&logo=github)](https://github.com/sponsors/tintinweb)



---

**VS Code Marketplace:** 

- [ tintinweb.chonky ](https://marketplace.visualstudio.com/items?itemName=tintinweb.chonky) 

- `#> ext tintinweb.chonky`

**TLDR;**

- Agent Augmented Auditing

- Automated Scoping

- Automated In-Depth Security Analysis

- Agentic Tooling for Deep Smart Contract Insights

- Extending Agent capabilities with General Purpose LLM Tooling

- Your Smart Contract Auditing Side-Kick!

**Extends GitHub/Copilot Model Capabilities**

## 🚀 Quick Start Guide



### 💬 Use Chonky's Tools in Copilots Agentic Mode

Open Copilot Chat → switch to `Agent` mode → Ask the agent

```typescript

// list availabler tools

List chonky available llm tools

```

### 💬 Chat with Chonky

Use `Agent` mode for day-to-day use. The agent will decide when to invoke any of Chonky's tools. Use the **@chonky** chat participant for specialized operations. 



### 📊 Scope Solidity Projects

Generate comprehensive project scoping reports



### 🤖 Agent Automated Audits

Run comprehensive automated security analysis

```

**@chonky** #autoaudit Full security scan

```

### 🎯 Custom Chat Modes

Specialized chat modes for different audit phases



### 🔍 Discover Tools

Explore all available features for your tier



### 📜 Agentic Auditor Prompt Template

Pre-prompt your action with our agentic security auditor template.



## ⚡ Early Access / Sponsors / Professional

### ♥️ Sign In for Early Access Features (Sponsors)

[Sponsor](https://github.com/sponsors/tintinweb) and get Early Access to **experimental** future features 😊. Ping me if you run into any problems 🤗.



### ⚡⚡ Custom Agentic Workflows

Ready-to-go **Scoping**/**Auditing** workflows, easy to extend and customize.

```

**@chonky** ...

```

### ⚡⚡ Access to a comprehensive list of Security Primers

Get access to our curated list of Solidity security primers to augment and automate your security auditing.

```

**@chonky** ...

```

---

## 🆕 What's New in v0.6.6

### ✨ Highlights

- 🔧 **Improved .chonky Directory Discovery**

- 📁 **Flexible File Placement Support**

### 🚀 Improvements

- ▸ Fixed discovery of files in .chonky root directory (e.g., .chonky/xxx.workflow.md)

- ▸ Simplified validation logic for better file placement flexibility

- ▸ Enhanced workspace resource detection

---

## 🆕 What's New in v0.6.5

### ✨ Highlights

- 📁 **Auto-Discovery of .chonky Workspace Folders**

- 🎯 **Repository Filtering with repositoryId**

- 🔍 **Pattern-Based Resource Discovery**

- 📊 **Enhanced Discovery Output**

### 🌟 New Features

- ▸ Automatic workspace .chonky folder detection for project-specific security resources

- ▸ Repository filtering for targeted primer/workflow discovery

- ▸ Flexible file extension matching (*.primer.md, *.workflow.md, tools/*.yml)

- ▸ Repository information display in discovery results

### 🚀 Improvements

- ▸ Better project-specific security resource management

- ▸ Enhanced filtering capabilities for large repositories

- ▸ More intuitive workspace-based resource organization

---

## 🆕 What's New in v0.6.5

### ✨ Highlights

- 🎨 **Enhanced Visual Code Annotation System**

- 🎯 **Accurate Line Targeting with Code Validation**

- 🛡️ **Advanced Security-Focused Decorations**

- ✨ **Custom Styling with Full Validation**

---

## 🆕 What's New in v0.6.0

### ✨ Highlights

- 🚀 **Advanced Security Analysis Features**

- 🛡️ **Enhanced AI-Powered Vulnerability Detection**

- ⚡ **Improved Tier-Based Feature Access**

### 🌟 New Features

- ▸ Security primer discovery and loading system

- ▸ Workflow repository with pre-built analysis templates

- ▸ Tool configuration repository access

- ▸ Interactive Solidity REPL (Chisel) integration

- ▸ Comprehensive differential analysis orchestrator

- ▸ AI-powered function similarity detection

- ▸ Advanced vulnerability database search

- ▸ MetaMask Snap security analysis

- ▸ Multi-language scoping (Go, Rust, Solidity)

- ▸ Etherscan and Sourcify integration

- ▸ Semgrep static analysis integration

### 🚀 Improvements

- ▸ Faster contract analysis

- ▸ Improved tooltip experience

- ▸ Enhanced sponsorship integration

---

## 🛠️ Feature Catalog

### 🆓 Base Features (21 tools)

*Available to everyone*

| Feature | Description |

|---------|-------------|

| 🔹 **Chonky Chat Participant** | AI-powered **@chonky** chat participant for intelligent assistance |

| 🔹 **Solidity Metrics & Scoping** | Comprehensive project analysis and scoping reports |

| 🔹 **Contract Structure Analysis** | Deep dive into contract architecture and patterns |

| 🔹 **Inheritance Tree Analysis** | Visualize and analyze inheritance relationships |

| 🔹 **Contract Flattening** | Flatten complex contract hierarchies |

| 🔹 **Access Control Analysis** | Identify permission patterns and vulnerabilities |

| 🔹 **Storage Layout Analysis** | Optimize storage packing and layout |

| 🔹 **Deployable Contract Discovery** | Find contracts ready for deployment |

| 🔹 **Import Dependency Analysis** | Map external dependencies and risks |

| 🔹 **External Calls Analysis** | Map and analyze all external interactions |

| 🔹 **ERC Compliance Checker** | Verify token standard implementations |

| 🔹 **Semgrep Security Analysis** | Advanced static analysis with custom rules |

| 🔹 **Surya Visualization Suite** | Generate graphs and visual contract analysis |

| 🔹 **Solhint Code Quality** | Automated code quality and style checks |

| 🔹 **JSON Processing Tools** | Advanced JSON parsing and analysis |

| 🔹 **DateTime Utilities** | Timestamp and date manipulation tools |

| 🔹 **Memory Store** | Persistent data storage across sessions |

| 🔹 **Available Tools Discovery** | Explore all available Chonky capabilities |

| 🔹 **Workspace File Search** | Intelligent file discovery and search |

| 🔹 **Workspace Integration** | Auto-discovery of .chonky folders with pattern-based resource matching |

| 🔹 **Editor Decorator Tool** | Advanced visual code annotation with accurate line targeting and custom styling |

| 🔹 **Diagnostic View Manager** | Read and create VS Code diagnostics with code snippet validation |

### ⚡ Early Access Features (12 tools)

*Available earlier to sponsors*

> 💡 **Support development to get early access** - [Become a Sponsor](https://github.com/sponsors/tintinweb)

| Feature | Description |

|---------|-------------|

| 🔸 **Custom Chat Modes** | Specialized chat modes for auditing workflows and scoping |

| 🔸 **Solidity REPL (Chisel)** | Interactive Solidity execution environment |

| 🔸 **Reentrancy Detection** | Comprehensive reentrancy vulnerability analysis |

| 🔸 **Oracle Risk Analysis** | Identify oracle manipulation vulnerabilities |

| 🔸 **Event Pattern Analysis** | Verify event emission completeness |

| 🔸 **Function Similarity Detector** | AI-powered function pattern matching |

| 🔸 **Inconsistency Reporter** | Find security pattern discrepancies |

| 🔸 **Differential Analysis Orchestrator** | Comprehensive security pattern comparison |

| 🔸 **Smart Contract Invariants** | Verify contract invariant properties |

| 🔸 **Function Analysis Engine** | Deep function behavior and pattern analysis |

| 🔸 **Contract Call Graph Generator** | Advanced interaction flow visualization |

| 🔸 **Function Path Tracer** | Execution path analysis with wildcard selectors |

### ⚡ Professional Features (12 tools)

*For security teams and researchers*

> 🚀 **Professional tools for advanced security research** - [Upgrade to Professional](https://github.com/sponsors/tintinweb)

| Feature | Description |

|---------|-------------|

| ⚡ **Security Primer Discovery** | Discover and search security analysis primers |

| ⚡ **Security Primer Loading** | Load comprehensive security primers for AI analysis |

| ⚡ **Workflow Repository Access** | Access pre-built security analysis workflows |

| ⚡ **Tool Repository Access** | Access security tool configurations and templates |

| ⚡ **Vulnerability Database Search** | Query Solodit for known vulnerabilities |

| ⚡ **Diligence Vulnerability Database** | Access ConsenSys Diligence research database |

| ⚡ **Go Codebase Scoping** | Security analysis for Go blockchain projects |

| ⚡ **Rust Codebase Scoping** | Security analysis for Rust blockchain projects |

| ⚡ **MetaMask Snap Analysis** | Comprehensive MetaMask Snap security review |

| ⚡ **Etherscan Integration** | On-chain contract verification and analysis |

| ⚡ **Sourcify Integration** | Source code verification and metadata analysis |

| ⚡ **Public Codebase Search** | Search GitHub for similar contract patterns |

---

## 📖 Documentation

### Getting Started

1. **Install the Extension**: Search for "Chonky" in VS Code Extensions

2. **Start Chatting**: Use `@chonky` in any chat window (`ask` Mode)

3. **Discover Tools**: Switch to Copilot `Agentic` Mode, ask about Chonky's available tools in natural language

4. **Scope Your Project**: In `Agentic` or Scoping Mode, ask to scope the project

### Chat Modes

Chonky supports specialized chat modes for different agentic workflows:

- `Scoping` - Project scoping and analysis

- `Audit` - Security auditing workflows

### Tool Categories

- **🔒 Security Analysis**: Access control, reentrancy, external calls, oracle analysis

- **🏗️ Contract Structure**: Structure analysis, imports, inheritance, flattening

- **📊 Code Quality**: Events, ERC compliance, functions, invariants

- **🌐 External Services**: Etherscan, Sourcify, vulnerability databases

- **🛠️ Utilities**: Surya graphs, Solhint, scoping, memory store

---

## 🎯 Use Cases

### Security Auditors

- Comprehensive vulnerability detection

- Automated pattern analysis

- AI-assisted code review

- Integration with external databases

### Development Teams

- Project scoping and metrics

- Code quality assurance

- ERC standard compliance

- Continuous security monitoring

### Security Researchers

- Advanced vulnerability research

- Pattern similarity detection

- Multi-language analysis

- Custom primer development

---

## 🔧 Installation

### VS Code Marketplace

1. Open VS Code

2. Go to Extensions (Ctrl+Shift+X)

3. Search for "Chonky"

4. Click Install

### Manual Installation

1. Download the latest `.vsix` file from releases

2. Open VS Code

3. Run `Extensions: Install from VSIX...`

4. Select the downloaded file

---

## 🤝 Contributing

We welcome contributions! Here's how you can help:

1. **Report Bugs**: Open an issue with detailed information

2. **Feature Requests**: Suggest new features or improvements

3. **Documentation**: Help improve our docs

4. **Sponsorship**: Support development through GitHub Sponsors

### Development Setup

```bash

git clone https://github.com/tintinweb/vscode-chonky.git

cd chonky

npm install

npm run compile

```

---

## 💝 Support Development

Chonky is developed and maintained by passionate security researchers. Your support helps us:

- 🔬 **Research new vulnerabilities**

- 🛠️ **Develop advanced tools**

- 📚 **Create educational content**

- 🌍 **Keep tools free for everyone**

[![Sponsor](https://img.shields.io/badge/♥️-Sponsor-red?style=for-the-badge&logo=github)](https://github.com/sponsors/tintinweb)

### Sponsorship Tiers

- **🔹 Base**: Core features for everyone

- **🔸 Early Access (see [Sponsor page](https://github.com/sponsors/tintinweb))**: Early access to new features

- **⚡ Professional (contact me)**: Advanced research tools

---

## 📄 License & Credits

Created by [tintinweb](https://github.com/tintinweb) - Security researcher and smart contract auditor with 7+ years in Blockchain security.

---

## 📞 Support & Community

- **GitHub Issues**: [Report bugs and request features](https://github.com/tintinweb/vscode-chonky/issues)

- **Twitter**: [@tintinweb](https://twitter.com/nicht_tintin)

- **Website**: [Visit our website](https://tintinweb.github.io/portfolio/)

---



**Made with ♥️ by the security community**

[🏠 Home](https://github.com/tintinweb/vscode-chonky) • [📖 Docs](https://github.com/tintinweb/vscode-chonky/wiki) • [💝 Sponsor](https://github.com/sponsors/tintinweb)