AI-powered Solidity security intelligence in VS Code, backed by real audit findings.
- Dictionary + Insight: Search 50k+ Solodit findings with severity filters. You can also highlight a Solidity function, variable, or code pattern and instantly get related historical risk context.
- Academy: Type any vulnerability topic and Diablo builds a mini study module from real historical reports, then tests understanding with graded quizzes.
- Scout (Ghost Auditor): Analyze full contracts and generate concise audit-style reports with evidence IDs (
[F1],[F2], ...). It breaks down contract parts, queries matching historical findings, and maps claims back to verifiable references. - Fix Draft: Generate patch-first suggestions directly from selected functions, grounded in related findings.
- Audit flow in one place: Research, learn, analyze, and draft fixes without leaving VS Code.
Diablo runs locally on your machine:
- Extension UI in VS Code
- Backend on
127.0.0.1:8391 - Your configured APIs only (
Cyfrin+ optional AI provider)
No Diablo cloud backend is required.
git clone https://github.com/Sir-Shaedy/Diablo.git
cd Diablo
./install.sh(./scripts/install-local.sh works too.)
By now, you should see the Diablo symbol added to your VS Code activity bar (usually on the left panel). You can now open your Solidity repo and use Diablo there.
This script:
- creates
.venvif missing - installs backend package
- installs extension deps
- builds
.vsix - installs/updates Diablo extension
After this, add API keys in .env:
Create .env in repo root:
CYFRIN_API_KEY=your_cyfrin_key
# choose at least one AI provider
OPENROUTER_API_KEY=sk-or-v1-...
# GEMINI_API_KEY=...
# OPENAI_API_KEY=...
# ANTHROPIC_API_KEY=...
DIABLO_AI_PROVIDER=openrouter
DIABLO_AI_MODEL=openai/gpt-oss-120b:free
DIABLO_HOST=127.0.0.1
DIABLO_PORT=8391Then start backend:
cd Diablo
source .venv/bin/activate
python3 -m backend.serverIn VS Code:
- Run
Diablo: Start Backend Server(optional if already running manually) - Open a
.solfile - Open Diablo views from Activity Bar container
If you do not want to build from source, install the prebuilt VSIX from Releases:
code --install-extension /path/to/diablo-x.y.z.vsix --forceYou still need backend + .env for features to work.
| Error | Cause | Fix |
|---|---|---|
ModuleNotFoundError: No module named backend |
Running backend from extension/ |
Run from repo root: python3 -m backend.server |
ModuleNotFoundError: No module named google |
google-genai missing in environment |
Reinstall backend deps: pip install -e . |
ModuleNotFoundError: No module named anthropic |
anthropic missing in environment |
Reinstall backend deps: pip install -e . |
Failed to fetch in Dictionary/Scout |
Backend unreachable | Confirm backend running on 127.0.0.1:8391; restart backend; reload VS Code |
| OpenRouter 404 policy error | Free-model privacy toggle mismatch | Enable required OpenRouter privacy toggles for free endpoints/publication, or switch model |
| 429 rate-limit | Provider quota exhausted | wait/reset quota, switch provider/model, reduce depth |
| Extension not visible | Not installed in current VS Code target (WSL/local mismatch) | Reinstall .vsix in current target and reload window |
Quick backend health check:
curl http://127.0.0.1:8391/health- Source code is fully open.
- You can build
.vsixlocally from source if you prefer. - Release assets include checksums on GitHub release page.
- Never share your API keys publicly.
Optional local checksum verification:
sha256sum /path/to/diablo-x.y.z.vsixUse this if you want to modify the extension/backend yourself.
- Python 3.10+
- Node.js 18+
- VS Code 1.85+
git clone https://github.com/Sir-Shaedy/Diablo.git
cd Diablo
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
npm --prefix extension install
npm --prefix extension run compilenpm --prefix extension run package
code --install-extension extension/diablo-x.y.z.vsix --force| Endpoint | Method | Description |
|---|---|---|
/health |
GET | Health check |
/search |
POST | Search Solodit findings |
/analyze |
POST | Context-aware code analysis |
/learn |
POST | Academy lesson generation |
/scout |
POST | Contract report generation |
/pitfall |
POST | Selection-based pitfall insight |
/fix-draft |
POST | Patch draft suggestions |
LICENSE(MIT)SECURITY.mdCONTRIBUTING.md
MIT
Thanks to Cyfrin for giving us the opportunity to use the Solodit API for free. You guys rock.
I am not a cracked dev, so please feel free to contribute. If this project helps you, drop a star.