Sentri v0.2.0 — Anchor-Aware AST Analysis
Sentri v0.2.0 — Anchor-Aware AST Analysis
What changed
v0.1 used pattern matching against raw source text. It worked well for general vulnerability detection but had no awareness of Anchor's type system, producing false positives on correct idiomatic Anchor code.
v0.2 replaces pattern matching with real Rust AST parsing using the
syn crate. Sentri now reads your code as a syntax tree, understands
what each Anchor type enforces, and only fires violations where there
is genuine risk.
False positives eliminated
| Pattern | v0.1 result | v0.2 result |
|---|---|---|
| Signer<'info> | ❌ CRITICAL false positive | ✅ Correctly silent |
| Account<'info, T> | ❌ Flagged | ✅ Recognized as safe |
| Program<'info, T> | ❌ Flagged | ✅ Recognized as safe |
| SystemAccount<'info> | ❌ Flagged | ✅ Recognized as safe |
| AccountInfo + seeds = [...] | ❌ CRITICAL false positive | ✅ Correctly silent |
| AccountInfo + owner = ... | ❌ CRITICAL false positive | ✅ Correctly silent |
| AccountInfo + /// CHECK: | ❌ CRITICAL false positive | ✅ Downgraded to INFO |
| AccountInfo — no constraint | ✅ CRITICAL | ✅ Still CRITICAL |
Checksums: SHA256SUMS
What is next — v0.3
Runtime fuzzing via embedded revm for EVM and solana-program-test
for Solana. Throw randomized inputs at your programs and watch invariants
break before attackers find them. This makes Sentri the only dedicated
invariant fuzzer for Solana programs in existence.
Full changelog: CHANGELOG.md
## Sentri v0.2.0 — Anchor-Aware AST AnalysisWhat changed
v0.1 used pattern matching against raw source text. It worked well for
general vulnerability detection but had no awareness of Anchor's type
system, producing false positives on correct idiomatic Anchor code.
v0.2 replaces pattern matching with real Rust AST parsing using the
syn crate. Sentri now reads your code as a syntax tree, understands
what each Anchor type enforces, and only fires violations where there
is genuine risk.
False positives eliminated
| Pattern | v0.1 result | v0.2 result |
|---|---|---|
Signer<'info> |
❌ CRITICAL false positive | ✅ Correctly silent |
Account<'info, T> |
❌ Flagged | ✅ Recognized as safe |
Program<'info, T> |
❌ Flagged | ✅ Recognized as safe |
SystemAccount<'info> |
❌ Flagged | ✅ Recognized as safe |
AccountInfo + seeds = [...] |
❌ CRITICAL false positive | ✅ Correctly silent |
AccountInfo + owner = ... |
❌ CRITICAL false positive | ✅ Correctly silent |
AccountInfo + /// CHECK: |
❌ CRITICAL false positive | ✅ Downgraded to INFO |
AccountInfo — no constraint |
✅ CRITICAL | ✅ Still CRITICAL |
Still correctly flagged
AccountInfo<'info>with no seeds, owner, address, or CHECK comment- Integer overflow and underflow in arithmetic
- Missing PDA validation where no constraint exists
- Unchecked return values on external calls
- All 22 built-in invariant checks remain active
Upgrade
cargo install sentri-cli --force
sentri --version # sentri 0.2.0npm install -g @dextonicx/cli@latest
sentri --version # sentri 0.2.0Stats since launch
- 900+ downloads on crates.io
- Available on cargo, npm, and direct binary download
- 6 pre-built platform binaries attached to this release
Platform binaries
| Platform | File |
|---|---|
| Linux x86_64 | sentri-0.2.0-x86_64-unknown-linux-gnu.tar.gz |
| Linux aarch64 | sentri-0.2.0-aarch64-unknown-linux-gnu.tar.gz |
| Linux musl | sentri-0.2.0-x86_64-unknown-linux-musl.tar.gz |
| macOS x86_64 | sentri-0.2.0-x86_64-apple-darwin.tar.gz |
| macOS Apple Silicon | sentri-0.2.0-aarch64-apple-darwin.tar.gz |
| Windows x86_64 | sentri-0.2.0-x86_64-pc-windows-msvc.zip |
Checksums: SHA256SUMS
What is next — v0.3
Runtime fuzzing via embedded revm for EVM and solana-program-test
for Solana. Throw randomized inputs at your programs and watch invariants
break before attackers find them. This makes Sentri the only dedicated
invariant fuzzer for Solana programs in existence.
Full changelog: [CHANGELOG.md](https://github.com/geekstrancend/Sentri/blob/main/CHANGELOG.md)