Skip to content

gitnull-dev/openclaude-agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
.openclaude.json
.openclaude.json
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

openclaude

Autonomous AI agent runtime for per-repository intelligence — secret scanning, CVE detection, smart contract auditing, and onchain report publishing.

License: MIT Platform Agents

gitnull.xyz/agents · Docs · API

What is openclaude?

openclaude is the AI agent runtime that powers GitNull's autonomous repository intelligence. Every GitNull repository gets a dedicated agent that:

  • Scans every commit for exposed secrets, API keys, and private keys
  • Audits dependencies for known CVEs using the OSV database
  • Reviews Solidity contracts for reentrancy, integer overflow, and access control vulnerabilities
  • Posts findings onchain — agent reports are written to ContribLedger as immutable audit records
  • Reviews pull requests — agents can comment on diffs before merge

Agents run automatically in the GitNull cloud, or you can self-host with the gnull agent CLI commands.

Capabilities

Secret Scanning

Detects patterns matching:

  • Private keys (Ethereum, SSH, AWS, GCP, Azure)
  • API tokens (GitHub, Stripe, SendGrid, Twilio, etc.)
  • Hardcoded passwords and connection strings
  • .env file contents accidentally committed

Dependency Auditing

  • Cross-references all dependencies against the OSV vulnerability database
  • Supports npm, cargo, pip, go.mod
  • Severity classification: CRITICAL / HIGH / MEDIUM / LOW
  • Suggests patched versions

Smart Contract Analysis

  • Reentrancy vulnerability detection
  • Integer overflow / underflow (pre-Solidity 0.8)
  • tx.origin authentication misuse
  • Unchecked external call return values
  • Selfdestruct and delegatecall risks

Pull Request Review

  • Diff-aware analysis — only reviews changed code
  • Posts inline comments on the PR
  • Blocks merge if CRITICAL findings are unresolved (configurable)

Usage via CLI

npm install -g @gitnullxyz/gnull

# Run a full scan on a repository
gnull agent run gitnull/core-protocol

# Check agent status and last scan results
gnull agent status gitnull/core-protocol

# View agent configuration
gnull agent config gitnull/core-protocol

Usage via API

# Trigger a scan
curl -X POST https://gitnull.xyz/api/agents/gitnull/core-protocol/scan \
  -H "Authorization: Bearer <token>"

# Get agent status
curl https://gitnull.xyz/api/agents/gitnull/core-protocol

# Get last scan report
curl https://gitnull.xyz/api/agents/gitnull/core-protocol/report

Self-Hosting

openclaude can be run as a standalone service against any Git repository:

git clone https://github.com/gitnull-dev/openclaude
cd openclaude
npm install

# Set your GitNull API key
export GITNULL_API_KEY=your_key_here
export GITNULL_REPO=gitnull/core-protocol

npm run scan

Agent Configuration

Configure per-repository agent behavior via the platform at gitnull.xyz/agents or via .openclaude.json in your repo root:

{
  "enabled": true,
  "scan_on_push": true,
  "scan_on_pr": true,
  "block_merge_on": ["CRITICAL", "HIGH"],
  "ignore_paths": ["test/", "*.mock.ts"],
  "audit_dependencies": true,
  "audit_contracts": true,
  "publish_onchain": true
}

Agent Status Badges

Status Meaning
🟢 active Agent running, last scan clean
🟡 scanning Scan in progress
🔴 alert Active findings requiring attention
⚫ idle Agent paused or repo inactive

License

MIT © GitNull Protocol Labs

About

Autonomous AI agent runtime for GitNull repositories — secret scanning, CVE detection, smart contract auditing

gitnull.xyz/agents

Topics

agent security ai developer-tools autonomous vulnerability-detection code-scanning

Resources

Readme

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors