sentinelryanwaits/sentinel
Continuous asset-safety audits for Stacks contracts
- Problem
- A paid audit is a snapshot; the contract stays live for years after.
- Scan
- Paste a live
SP…contract, get flagged surface back in seconds. - Audit
- Five subagents, one dimension each, adversarially verified before anything ships.
- Reproduce
- Confirmed findings replay in an isolated, airgapped Clarity VM — no mainnet.
- Monitor
- Human-gated alerts after the audit. Sentinel routes intent, never acts on-chain.
Audits Are a Snapshot. Exploits Aren't.
A paid audit catches what's true the day it ships — the contract stays live for years after. Monitoring products alert on anomalies, but rarely prove the anomaly is an actual exploit, so teams learn to tune the noise out.
Scan
Paste a live SP…/ST… contract at runsentinel.app. Sentinel fetches the real on-chain source over secondlayer and flags value-transfer, admin, and access-control surface — in seconds, no full run yet.
# runsentinel.app — paste any Stacks contractResolving contract on Stacks...3 value-transfer functions2 admin-gated entrypoints1 unchecked authorized-contracts call
Five Subagents, Adversarially Verified
Continue past the scan into the full audit. Five subagents each own a dimension — access control, reentrancy, share accounting, interest math, flashloan economics — then a verifier adversarially checks every finding before it ships.
agent/agent.ts # orchestrator, Opus 4.8subagents/auditor-access-control.tsauditor-reentrancy.tsauditor-share-accounting.tsauditor-interest-math.tsauditor-flashloan-economics.tsverifier.ts # adversarial pass on every finding
Sandbox Reproduction
A finding isn't done until it's reproduced. Sentinel replays the exploit path in an isolated Clarity VM — Docker, deny-all network, zero egress — so a confirmed vuln is deterministic, not a guess.
bun run sandbox:build # docker build, network: nonebun run sandbox:run # 15/15 assertions pass, no mainnet, no network
Monitoring, Human-Gated
Confirmed findings don't end the engagement — Sentinel keeps watching the same surface and routes intent to your team. A correlation is never treated as a confirmed exploit, and Sentinel never acts on-chain itself.
CRITICAL socialize-debt forces unbounded LP loss v0-vault-sbtc · fn socialize-debtbug · PoC green 4d agoMEDIUM Treasury executes whatever governance passes ccd002-treasury-mia · fn executecentralization 3d ago
Scan, Audit, or Watch
Free scan of any live contract, no login. The full audit and continuous monitoring are the product — pricing is public.
open https://runsentinel.app
bun run audit
bun run sandbox:buildbun run sandbox:run