Canispect

Canispect is an AI-powered security-auditing platform for Internet Computer (ICP) canisters.

Upload any WASM binary and, in seconds, Canispect delivers a complete security assessment that fuses formal static analysis with large-language-model insight, then stores results on-chain for full transparency.

What Canispect Delivers

• AI-Powered WASM Analysis – Automatic inspection of uploaded canister binaries, enriched by an LLM assistant that explains risks and proposes tests.

• Dual Static Engines – Mock integrations with Owi (memory & performance) and SeeWasm (symbolic execution & arithmetic safety) catch re-entrancy, cycle abuse, overflows, and memory misuse.

• Multi-Layer Severity Scoring – Combines static findings, complexity metrics, and AI heuristics into Critical / High / Medium / Low rankings with confidence scores.

• On-Chain Audit Registry – Signed with Internet Identity and written to a dedicated canister so any stakeholder can verify timestamped results.

• Modern React Dashboard – Drag-and-drop upload, real-time scan status, rich vulnerability cards, metrics, and downloadable PDF/JSON reports.

• Secure by Design – Sandboxed analysis, strict byte-size limits, SHA-256 artifact hashing, and resource caps protect both user and platform.

How It Works

1. Upload & Validation – File type and size are verified; bytes are hashed for integrity.

2. Static Pass – Owi flags memory-safety and performance issues; SeeWasm performs symbolic execution and arithmetic checks.

3. Complexity Metrics – Lines of code, function count, and a custom complexity score quantify attack surface.

4. AI Reasoning – An LLM (or deterministic fallback) summarizes findings, detects patterns, and generates remediation advice.

5. Severity & Confidence – A rules engine sets overall severity and confidence levels.

6. Registry & Badge – Results can be signed with the user’s Internet Identity and persisted to a registry canister, producing a verifiable audit badge.

Roadmap

• Rust CLI for CI/CD pipelines.

• Live Guardian Monitor to auto-re-audit deployed canisters.

• Full concolic fuzzing and AI-generated patch suggestions.

Canispect turns complex smart-contract audits into a fast, transparent, and developer-friendly experience—so you can ship secure ICP canisters with confidence.