Autonomous AI agent runtime for per-repository intelligence — secret scanning, CVE detection, smart contract auditing, and onchain report publishing.
gitnull.xyz/agents · Docs · API
openclaude is the AI agent runtime that powers GitNull's autonomous repository intelligence. Every GitNull repository gets a dedicated agent that:
- Scans every commit for exposed secrets, API keys, and private keys
- Audits dependencies for known CVEs using the OSV database
- Reviews Solidity contracts for reentrancy, integer overflow, and access control vulnerabilities
- Posts findings onchain — agent reports are written to ContribLedger as immutable audit records
- Reviews pull requests — agents can comment on diffs before merge
Agents run automatically in the GitNull cloud, or you can self-host with the gnull agent CLI commands.
Detects patterns matching:
- Private keys (Ethereum, SSH, AWS, GCP, Azure)
- API tokens (GitHub, Stripe, SendGrid, Twilio, etc.)
- Hardcoded passwords and connection strings
.envfile contents accidentally committed
- Cross-references all dependencies against the OSV vulnerability database
- Supports npm, cargo, pip, go.mod
- Severity classification: CRITICAL / HIGH / MEDIUM / LOW
- Suggests patched versions
- Reentrancy vulnerability detection
- Integer overflow / underflow (pre-Solidity 0.8)
- tx.origin authentication misuse
- Unchecked external call return values
- Selfdestruct and delegatecall risks
- Diff-aware analysis — only reviews changed code
- Posts inline comments on the PR
- Blocks merge if CRITICAL findings are unresolved (configurable)
npm install -g @gitnullxyz/gnull # Run a full scan on a repository gnull agent run gitnull/core-protocol # Check agent status and last scan results gnull agent status gitnull/core-protocol # View agent configuration gnull agent config gitnull/core-protocol
# Trigger a scan curl -X POST https://gitnull.xyz/api/agents/gitnull/core-protocol/scan \ -H "Authorization: Bearer <token>" # Get agent status curl https://gitnull.xyz/api/agents/gitnull/core-protocol # Get last scan report curl https://gitnull.xyz/api/agents/gitnull/core-protocol/report
openclaude can be run as a standalone service against any Git repository:
git clone https://github.com/gitnull-dev/openclaude cd openclaude npm install # Set your GitNull API key export GITNULL_API_KEY=your_key_here export GITNULL_REPO=gitnull/core-protocol npm run scan
Configure per-repository agent behavior via the platform at gitnull.xyz/agents or via .openclaude.json in your repo root:
{
"enabled": true,
"scan_on_push": true,
"scan_on_pr": true,
"block_merge_on": ["CRITICAL", "HIGH"],
"ignore_paths": ["test/", "*.mock.ts"],
"audit_dependencies": true,
"audit_contracts": true,
"publish_onchain": true
}| Status | Meaning |
|---|---|
| 🟢 active | Agent running, last scan clean |
| 🟡 scanning | Scan in progress |
| 🔴 alert | Active findings requiring attention |
| ⚫ idle | Agent paused or repo inactive |
MIT © GitNull Protocol Labs