Aikido-Security-Analysis-Platform

Aikido is a multi-lane security analysis platform for Aiken smart contracts on Cardano. It combines a detector suite with formal SMT verification, transaction simulation, compliance checks, protocol pattern detection, and grammar-aware fuzzing to surface vulnerabilities automatically. The tool produces findings with source context, severity ratings, CWE/CWC classifications, and actionable remediation guidance, and supports multiple output formats such as terminal, JSON, SARIF, Markdown, HTML, PDF, CSV, and GitLab SAST. Practically, you point Aikido at your Aiken project and it runs a comprehensive, cross-validated analysis across detectors, compliance rules, and simulated transactions to corroborate findings across techniques, giving you a consolidated report with evidence references.

To use the server, install the CLI wrapper (via npm/npx) or run via Docker or from source as described in the installation guide, then invoke aikido on your Aiken project directory. The tool will return a structured report showing critical issues first, followed by high, medium, and low findings. You can then export the results to your preferred format for integration into your review workflow or CI/CD pipeline. The platform’s multi-lane approach helps you verify findings across different analysis methods, reducing false positives and increasing confidence before deploying to mainnet.

Prerequisites:

• Rust toolchain (1.88.0 or newer) installed
• Optional: Docker if you prefer containerized runs
• Optional: Node.js/npm for npx wrapper

Install paths (choose one):

1. Using the npm wrapper (recommended for quick starts):

• Prerequisite: Node.js and npm installed

# Install the npm-based wrapper via npx (no global install required)
# You can run directly without installing anything globally
# Example usage shown in the Quick Start: npx aikido-aiken /path/to/project

2. Install via Cargo (Rust) and build from source:

# Install via cargo (Rust >= 1.88.0)
cargo install --git https://github.com/Bajuzjefe/Aikido-Security-Analysis-Platform aikido-cli

# Run the CLI after installation, e.g.:
#aikido /path/to/your-aiken-project

3. Docker (containerized):

# Run with your project mounted into the container
# Replace /path/to/project with your actual project path
docker run --rm -v $(pwd):/project ghcr.io/bajuzjefe/aikido:0.3.1 /project

4. From source (build locally):

git clone https://github.com/Bajuzjefe/Aikido-Security-Analysis-Platform.git
cd aikido && cargo build --release

Tips and caveats:

• The tool supports multiple output formats; use SARIF/JSON for integration with CI dashboards and code reviews.
• Ensure your Rust toolchain matches or exceeds the minimum version (1.88.0) used in the project to avoid build issues.
• If you encounter false positives, leverage the multi-lane analysis concept by re-running with different inputs or adjusting fuzzing/SMT options if available.
• For Docker runs, ensure the project path is correctly mounted and that file permissions allow analysis of your Aiken project.
• The npm/npx pathway is convenient for quick analyses and does not require a global install; you can run it as a one-off command.
• Check the audit comparison and ecosystem validation sections of the README for context on detector coverage and real-world validation.