An 8-stage AI vulnerability-discovery agent. It finds real bugs by running many narrow agents in parallel — then a different model tries to disprove every finding, and only confirmed & reachable issues ship.
SCROLLFive design decisions that separate real, reachable findings from the flood of plausible-but-wrong guesses.
One attack class per task, with the trust boundary spelled out. Focused hunters surface bugs a "find bugs here" prompt never will.
Validate runs on a different model than Hunt and is paid in rejections — it filters the noise single-pass tools ship.
A "buggy" sink no attacker input can reach is dropped. Only confirmed and reachable findings make the report.
A proven-reachable bug seeds new hunts for the same pattern elsewhere in the repo — siblings get found too.
Every agent output is shape-checked against JSON Schema, every run is checkpointed in SQLite, and a cost ceiling aborts cleanly.
Runs on the official Claude Agent SDK — no API key needed. The metered API key is scrubbed so it can't route to billing.
Recon → Hunt → Validate → Gapfill ↺ → Dedupe → Trace → Feedback ↺ → Report
Maps the repo + git history and emits narrowly-scoped Hunt tasks — one attack class, concrete files, explicit trust boundary.
One attack class per agent, run in parallel. Compiles and runs real PoCs to prove the bug rather than guessing.
An adversarial re-read on a different model that tries to disprove each finding. The skeptic that kills false positives.
Re-queues under-covered subsystem × attack class cells so coverage expands where hunters drifted away.
Clusters findings strictly by root cause — many call sites of one buggy helper collapse into a single fixable issue.
Proves attacker-controlled input actually reaches the sink from an external entry point. Unreachable = out of scope.
Turns each reachable trace into new hunts for structurally similar siblings elsewhere — the learning loop.
A schema-validated, structured report — reachable-only, severity-consistent, with the entry-point→sink trace attached.
Two planted bugs in — seven confirmed & reachable findings out, including a zero-credential SQLi→RCE pivot the planted bugs never spelled out.
--base/--since scope the scan to changed files + blast radius. A PR scan costs cents.--fail-on high for CI; trace ships as codeFlows to the GitHub Security tab.audit fix writes a minimal patch + regression test in an isolated worktree; --open-pr opens a draft.audit advise reads the real sink and explains the fix for your code, inline in the report.--serve a local web UI to confirm / dismiss findings and export suppressions.audit stats breaks spend down by stage/model and reports cost-per-finding.audit run -d detaches the pipeline; audit sessions lists what's alive.# 1 · install globally — requires Bun ≥ 1.3 bun add -g @usex/audit # 2 · already logged in via `claude login`? done. audit auth-check # 3 · cd into the repo you want to audit cd /path/to/target audit run --run-id my-run # 4 · read the report audit report --run-id my-run --format md > report.md
One global binary on your PATH, running on the Bun runtime.
Uses your Claude Pro / Max subscription — no API key. audit auth-check confirms it.
Point it at any repo. State and artifacts land in the working directory; runs are resumable and budgeted.
Export Markdown, JSON, or SARIF — every finding carries its reachability proof.
Open source · MIT · driven by your Claude subscription.