athena-mcp 1.0.5 → 1.0.8

package/README.md

@@ -25,6 +25,130 @@
 
 将该文档复制给你的 agent，它将自动理解项目价值。
 
+## Installation (Claude Code)
+
+### Option A: npm (recommended)
+
+```bash
+npx athena-mcp install
+```
+
+This will:
+1. Clone Athena to `~/.athena/`
+2. Install Python dependencies (slither, web3, chromadb, etc.)
+3. Install system tools (Slither, Aderyn, Foundry)
+4. Copy the audit skill to `~/.claude/skills/athena-audit-skill/`
+5. Configure 14 MCP servers in Claude Code
+
+### Option B: curl install script
+
+```bash
+curl -fsSL https://athena.degure.me/install.sh | bash
+```
+
+Or from GitHub directly:
+```bash
+curl -fsSL https://raw.githubusercontent.com/tiyadegure/Athena/main/install.sh | bash
+```
+
+Options:
+```bash
+SKIP_DEPS=1    curl ... | bash   # Skip Python deps
+SKIP_SYSTEM=1  curl ... | bash   # Skip slither/aderyn/foundry
+SKIP_CLAUDE=1  curl ... | bash   # Skip Claude Code config
+```
+
+### Option C: Manual
+
+```bash
+# 1. Clone
+git clone https://github.com/tiyadegure/Athena.git ~/.athena
+cd ~/.athena
+
+# 2. Python deps
+pip install -r requirements.txt
+
+# 3. System tools
+pip install slither-analyzer
+cargo install aderyn        # requires Rust
+curl -L https://foundry.paradigm.xyz | bash && foundryup
+
+# 4. Copy skill
+cp -r skills/glm-audit-skill ~/.claude/skills/athena-audit-skill
+
+# 5. Register MCP servers (one per tool)
+claude mcp add athena-slither -- python3 ~/.athena/mcp/tools/slither_runner.py
+claude mcp add athena-aderyn -- python3 ~/.athena/mcp/tools/aderyn_runner.py
+claude mcp add athena-poc-generator -- python3 ~/.athena/mcp/tools/poc_generator.py
+claude mcp add athena-fuzz-runner -- python3 ~/.athena/mcp/tools/fuzz_runner.py
+claude mcp add athena-knowledge-base -- python3 ~/.athena/mcp/tools/knowledge_base.py
+claude mcp add athena-eas-attest -- python3 ~/.athena/mcp/tools/eas_attest.py
+claude mcp add athena-exploit-simulator -- python3 ~/.athena/mcp/tools/exploit_simulator.py
+claude mcp add athena-evidence-chain -- python3 ~/.athena/mcp/tools/evidence_chain.py
+claude mcp add athena-halmos-runner -- python3 ~/.athena/mcp/tools/halmos_runner.py
+claude mcp add athena-protocol-scanner -- python3 ~/.athena/mcp/tools/protocol_scanner.py
+claude mcp add athena-repair-validator -- python3 ~/.athena/mcp/tools/repair_validator.py
+claude mcp add athena-incremental-auditor -- python3 ~/.athena/mcp/tools/incremental_auditor.py
+claude mcp add athena-gev-analyzer -- python3 ~/.athena/mcp/tools/gev_analyzer.py
+```
+
+### Quick Start (after install)
+
+```bash
+# 1. Install
+npx athena-mcp install
+
+# 2. Environment setup (for on-chain attestation + NFT minting)
+export SEPOLIA_PRIVATE_KEY="0xYourPrivateKey"
+export SEPOLIA_RPC_URL="https://rpc.sepolia.org"  # or Alchemy/Infura
+
+# 3. Full audit flow (scan → PoC → EAS attestation → NFT mint)
+claude "audit contracts/test-cases/Reentrancy.sol and mint NFT certificate"
+
+# 4. Scan-only (static analysis, no on-chain actions)
+claude "scan contracts/test-cases/Reentrancy.sol with slither and aderyn"
+```
+
+**What happens:**
+- Slither + Aderyn dual-engine static analysis
+- PoC generation + Foundry fuzz testing
+- EAS attestation on Sepolia (on-chain audit record)
+- NFT certificate minting (ERC-1155, S/A/B/C tiers)
+- Verification links to Etherscan + EAS explorer
+
+### Try Different Contracts
+
+Pre-crawled test contracts with known vulnerabilities. Each includes difficulty level and expected findings.
+
+**Beginner**
+- `contracts/test-cases/Reentrancy.sol` — Classic reentrancy (external call before state update)
+- `contracts/test-cases/AccessControl.sol` — Missing access control (unprotected mint/burn/transfer)
+- `contracts/test-cases/SafeContract.sol` — Reference contract with NO vulnerabilities (false positive test)
+
+**Intermediate**
+- `contracts/test-cases/FlashLoan.sol` — Flash loan price manipulation (spot-price oracle, no TWAP)
+- `contracts/test-cases/IntegerOverflow.sol` — Integer overflow in unchecked blocks
+- `contracts/test-cases/AgentEscrow.sol` — Agent-to-agent escrow (reentrancy + missing state checks)
+- `contracts/test-cases/AgentIdentity.sol` — AI agent identity (reputation manipulation)
+
+**Advanced**
+- `contracts/test-cases/ReadOnlyReentrancy.sol` — Read-only reentrancy (Curve/Balancer 2023 style)
+- `contracts/test-cases/PrivacyToken.sol` — Privacy token (ZK proof bypass, merkle manipulation)
+- `contracts/test-cases/GEVTest.sol` — Generalized Extractable Value (MEV, oracle, governance)
+
+Quick commands:
+```bash
+# Beginner
+claude "audit contracts/test-cases/AccessControl.sol and mint NFT certificate"
+
+# Intermediate
+claude "audit contracts/test-cases/FlashLoan.sol and mint NFT certificate"
+
+# Advanced
+claude "audit contracts/test-cases/ReadOnlyReentrancy.sol and mint NFT certificate"
+```
+
+---
 ## 核心工作流（8 步闭环）
 
 ```
@@ -80,7 +204,7 @@
 自建 `athena-audit-skill`，10 轮检查流程：
 scope → architecture → access control → reentrancy → math → oracle → flash loan → governance → upgrade → report
 
-### MCP（工具链）— 13 个工具
+### MCP（工具链）— 14 个工具
 
 | 工具 | 脚本 | 功能 |
 |------|------|------|
@@ -113,7 +237,7 @@ scope → architecture → access control → reentrancy → math → oracle →
 |------|------|------|
 | **GLM-5.1** | Z.AI Coding Plan | 驱动 Agent，处理长程任务 |
 | **athena-audit-skill** | 自建 | 12 个专项 agent 并行审计方法论 |
-| **MCP 工具链（13 个）** | 自建 | 静态分析、PoC 生成、fuzz 测试、知识库、链上认证等 |
+| **MCP 工具链（14 个）** | 自建 | 静态分析、PoC 生成、fuzz 测试、知识库、链上认证等 |
 | **Foundry** | foundry-rs | 合约编译、测试、fuzz |
 | **EAS** | Ethereum Attestation Service | 链上审计认证 |
 | **ERC-1155** | OpenZeppelin | 分级 NFT 审计证书 |
@@ -185,118 +309,12 @@ Athena/
 - AuditTrail (Sepolia): https://sepolia.etherscan.io/address/0xd7913e7749595a9238883bdf0b2dad599f4d0bf0
 - EAS 认证: https://sepolia.easscan.org/attestation/view/0xd02800c960f18f0483af4aa320aff314e34c5a83d1c9a9c963b299a88af958b9
 
-## Installation (Claude Code)
-
-### Option A: npm (recommended)
-
-```bash
-npx athena-mcp install
-```
-
-This will:
-1. Clone Athena to `~/.athena/`
-2. Install Python dependencies (slither, web3, chromadb, etc.)
-3. Install system tools (Slither, Aderyn, Foundry)
-4. Copy the audit skill to `~/.claude/skills/athena-audit-skill/`
-5. Configure 14 MCP servers in Claude Code
-
-### Option B: curl install script
-
-```bash
-curl -fsSL https://athena.degure.me/install.sh | bash
-```
-
-Or from GitHub directly:
-```bash
-curl -fsSL https://raw.githubusercontent.com/tiyadegure/Athena/main/install.sh | bash
-```
-
-Options:
-```bash
-SKIP_DEPS=1    curl ... | bash   # Skip Python deps
-SKIP_SYSTEM=1  curl ... | bash   # Skip slither/aderyn/foundry
-SKIP_CLAUDE=1  curl ... | bash   # Skip Claude Code config
-```
-
-### Option C: Manual
-
-```bash
-# 1. Clone
-git clone https://github.com/tiyadegure/Athena.git ~/.athena
-cd ~/.athena
-
-# 2. Python deps
-pip install -r requirements.txt
-
-# 3. System tools
-pip install slither-analyzer
-cargo install aderyn        # requires Rust
-curl -L https://foundry.paradigm.xyz | bash && foundryup
-
-# 4. Copy skill
-cp -r skills/glm-audit-skill ~/.claude/skills/athena-audit-skill
-
-# 5. Register MCP servers (one per tool)
-claude mcp add athena-slither -- python3 ~/.athena/mcp/tools/slither_runner.py
-claude mcp add athena-aderyn -- python3 ~/.athena/mcp/tools/aderyn_runner.py
-claude mcp add athena-poc-generator -- python3 ~/.athena/mcp/tools/poc_generator.py
-claude mcp add athena-fuzz-runner -- python3 ~/.athena/mcp/tools/fuzz_runner.py
-claude mcp add athena-knowledge-base -- python3 ~/.athena/mcp/tools/knowledge_base.py
-claude mcp add athena-eas-attest -- python3 ~/.athena/mcp/tools/eas_attest.py
-claude mcp add athena-exploit-simulator -- python3 ~/.athena/mcp/tools/exploit_simulator.py
-claude mcp add athena-evidence-chain -- python3 ~/.athena/mcp/tools/evidence_chain.py
-claude mcp add athena-halmos-runner -- python3 ~/.athena/mcp/tools/halmos_runner.py
-claude mcp add athena-protocol-scanner -- python3 ~/.athena/mcp/tools/protocol_scanner.py
-claude mcp add athena-repair-validator -- python3 ~/.athena/mcp/tools/repair_validator.py
-claude mcp add athena-incremental-auditor -- python3 ~/.athena/mcp/tools/incremental_auditor.py
-claude mcp add athena-gev-analyzer -- python3 ~/.athena/mcp/tools/gev_analyzer.py
-```
-
-### Quick Start (after install)
-
-```bash
-# 1. Configure environment for on-chain attestation + NFT minting
-export SEPOLIA_PRIVATE_KEY="0x你的测试网私钥"
-export SEPOLIA_RPC_URL="https://rpc.sepolia.org"
-
-# 2. Full audit flow (scan → PoC → EAS attestation → NFT mint)
-claude "audit contracts/test-cases/Reentrancy.sol and mint NFT certificate"
-
-# Or just scan without on-chain steps
-claude "scan contracts/test-cases/Reentrancy.sol with slither and aderyn"
-```
-
-**What happens:**
-- Slither + Aderyn static analysis
-- PoC generation + Foundry fuzz testing
-- EAS attestation on Sepolia (on-chain audit record)
-- NFT certificate minting (ERC-1155, S/A/B/C tiers)
-- Verification links to Etherscan + EAS explorer
-
----
 
 ## 快速开始（中文）
 
-### 方式一：Claude Code（推荐）
-
-```bash
-# 1. 安装
-npx athena-mcp install
-
-# 2. 配置环境变量（用于 EAS 上链 + NFT 铸造）
-export SEPOLIA_PRIVATE_KEY="0x你的测试网私钥"
-export SEPOLIA_RPC_URL="https://rpc.sepolia.org"
+Athena 的审计流程由 AI Agent（GLM-5.1）驱动，不是简单的脚本调用。Agent 读取 `AGENT-WORKFLOW-FINAL.md`，自主执行 8 步闭环。
 
-# 3. 完整审计流程（扫描 → PoC → EAS 上链 → NFT 铸造）
-claude "审计 contracts/test-cases/Reentrancy.sol 并铸造 NFT 证书"
-
-# 或只做漏洞扫描
-claude "用 slither 和 aderyn 扫描 contracts/test-cases/Reentrancy.sol"
-```
-
-Claude Code 会自动发现并调用 14 个 MCP 工具，完成从漏洞发现到链上认证的完整闭环。
-
-### 方式二：GLM-5.1 Agent
+### 方式一：用 GLM-5.1 Agent 驱动（推荐）
 
 ```bash
 # 1. 克隆项目
@@ -309,13 +327,14 @@ curl -L https://foundry.paradigm.xyz | bash  # Foundry
 
 # 3. 配置环境变量
 export SEPOLIA_PRIVATE_KEY="0x你的测试网私钥"
-export SEPOLIA_RPC_URL="https://rpc.sepolia.org"
+export SEPOLIA_RPC_URL="https://rpc.sepolia.org"  # 或 Alchemy/Infura
 
-# 4. 用 GLM-5.1 执行
+# 4. 用 GLM-5.1 Agent 执行审计
 # 将 AGENT-WORKFLOW-FINAL.md 的内容作为 prompt 发送给 GLM-5.1
+# Agent 会自主执行：扫描 → PoC → Fuzz → EAS 上链 → NFT 铸造
 ```
 
-GLM-5.1 需要读取 `AGENT-WORKFLOW-FINAL.md` 作为 step-by-step 指南，Claude Code 不需要。
+Agent 会读取 `AGENT-WORKFLOW-FINAL.md`，按照 6 个 Phase 逐步执行，每一步验证通过后才继续下一步，最终输出链上验证链接和本地审计文件。
 
 ### 方式二：手动逐步执行
 
@@ -424,7 +443,7 @@ cast send 0x3247d57d37bd1878479f03a077aba807649dbaf5 \
 
 - [x] 竞品调研（20 个项目）
 - [x] 构建 athena-audit-skill（12 agent 并行审计）
-- [x] 构建 13 个独立 MCP 工具
+- [x] 构建 14 个独立 MCP 工具
 - [x] Generative NFT（S/A/B/C 四级，262,144 种 trait 组合）
 - [x] 部署 5 个合约到 Sepolia 测试网（AuditCertificate + ZK + Escrow + ERC-7512）
 - [x] EAS Schema 注册 + Attestation 上链

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "athena-mcp",
-  "version": "1.0.5",
+  "version": "1.0.8",
   "description": "Athena — Web3 smart contract security audit MCP tools + Skills for Claude Code",
   "main": "install.js",
   "bin": {