Skip to content

matiasbn/bat-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,118 Commits
assets
assets
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

BAT CLI logo

bat-cli — Blockchain Auditor Toolkit

A Rust CLI that automates the repetitive parts of Solana/Anchor security audits: static analysis, dependency graphing, Miro board generation, and findings management.

Install

cargo install bat-cli

What it does

Static analysis (sonar)

Scans every Rust file in the program and extracts metadata into a single BatMetadata.json:

  • Functions, structs, traits, enums
  • Entry points and their context accounts
  • Recursive function dependency graphs (caller → callee resolution across files, impl blocks, and trait impls)
  • Account constraints and validations (#[account(...)], has_one, seeds, constraint)

Code overhaul workflow (co)

Structured audit workflow per instruction:

  • co start — generates a template with the entry point, context accounts, signers, and detected validations
  • co finish — marks an instruction as reviewed
  • co summary — generates an audit summary from all finished reviews

Miro board visualization (miro)

Deploys annotated code screenshots and dependency graphs to a Miro board:

  • Entry point, context accounts, and validations screenshots
  • Interactive BFS deployment of dependency screenshots with caller→callee arrows
  • Signer diagrams with sticky notes and connectors
  • Screenshots use Dracula theme with syntax highlighting via silicon

Findings management (finding)

  • finding create — scaffolds a new finding from template
  • finding finish — finalizes a finding
  • finding accept-all / finding reject — triage findings

Utilities (tool)

  • Open any function, struct, trait, or enum directly in your editor from metadata
  • Count and list code-overhaul progress (to-review / started / finished)
  • List entry points with file paths

Repository management (repo)

  • Branch sync, remote fetch, local cleanup
  • Structured commits for code-overhaul files, findings, and notes

Project structure

After bat-cli new, the audit workspace looks like:

bat-audit/
├── Bat.toml                  # Project config
├── BatMetadata.json          # Sonar analysis cache
├── code-overhaul/
│   ├── to-review/            # Pending instructions
│   ├── started/              # In progress
│   └── finished/             # Reviewed
├── findings/
│   ├── to-review/
│   ├── accepted/
│   └── rejected/
└── notes/
    ├── open_questions.md
    ├── finding_candidate.md
    └── threat_modeling.md

Quick start

# Initialize a new audit project
bat-cli new

# Run static analysis
bat-cli sonar

# Start reviewing an instruction
bat-cli co start

# Deploy screenshots to Miro
bat-cli miro code-overhaul-screenshots

# Create a finding
bat-cli finding create

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

78 tags

Packages

 
 
 

Contributors

Languages