{"components":{"schemas":{"AnalysisResult":{"properties":{"address":{"description":"The analyzed contract address.","type":"string"},"bytecode_size":{"description":"Size of the contract bytecode in bytes.","type":"integer"},"category_scores":{"additionalProperties":{"type":"number"},"description":"Risk points broken down by detector category (e.g. proxy, reentrancy, delegatecall).","type":"object"},"decision":{"description":"Default first-pass action Augur recommends for agent workflows.","enum":["allow","warn","manual_review","block"],"type":"string"},"findings":{"description":"List of risk findings from all detectors.","items":{"$ref":"#/components/schemas/Finding"},"type":"array"},"implementation":{"$ref":"#/components/schemas/ImplementationResult","description":"Analysis of the proxy's implementation contract. Only present for proxy contracts."},"level":{"description":"Risk level derived from score, not an audit or guarantee: safe (0-15), low (16-35), medium (36-55), high (56-75), critical (76-100).","enum":["safe","low","medium","high","critical"],"type":"string"},"recommended_policy":{"$ref":"#/components/schemas/PolicyRecommendation","description":"Policy-ready recommendation derived from the score and findings."},"score":{"description":"Composite risk score from 0 (safest) to 100 (riskiest).","maximum":100,"minimum":0,"type":"integer"}},"required":["address","score","level","decision","recommended_policy","bytecode_size","findings","category_scores"],"type":"object"},"Finding":{"description":"A risk finding from one of the 8 detectors.","properties":{"description":{"description":"Detailed explanation of what was detected and why it matters.","type":"string"},"detector":{"description":"Detector that produced this finding: proxy, reentrancy, selfdestruct, honeypot, hidden_mint, fee_manipulation, delegatecall, or deployer_reputation. Prefixed with impl_ for findings from a proxy's implementation contract.","type":"string"},"points":{"description":"Risk points this finding contributes to the composite score.","type":"integer"},"severity":{"description":"Finding severity level.","enum":["info","low","medium","high","critical"],"type":"string"},"title":{"description":"Human-readable title of the finding.","type":"string"}},"type":"object"},"ImplementationResult":{"nullable":true,"properties":{"address":{"type":"string"},"bytecode_size":{"type":"integer"},"category_scores":{"additionalProperties":{"type":"number"},"type":"object"},"findings":{"items":{"$ref":"#/components/schemas/Finding"},"type":"array"}},"type":"object"},"PolicyReasonCode":{"description":"Stable machine-readable policy reason code emitted in recommended_policy.reason_codes.","enum":["proxy_logic_unresolved","proxy_logic_fetch_failed","proxy_logic_no_code","proxy_logic_nested_proxy","high_risk_score","elevated_risk_score","upgradeable_proxy","hidden_mint_signal","honeypot_signal","selfdestruct_signal","delegatecall_surface","raw_delegatecall_surface","fee_manipulation_signal","reentrancy_signal","deployer_reputation_signal","suspicious_selector_signal","tiny_bytecode_signal"],"type":"string"},"PolicyRecommendation":{"properties":{"action":{"description":"Recommended default action for the calling workflow.","enum":["allow","warn","manual_review","block"],"type":"string"},"reason_codes":{"description":"Stable machine-readable reasons that explain the recommendation.","items":{"$ref":"#/components/schemas/PolicyReasonCode"},"type":"array"},"summary":{"description":"Short explanation of how the caller should treat this result.","type":"string"}},"required":["action","summary","reason_codes"],"type":"object"}},"securitySchemes":{"x402":{"description":"x402 payment proof. Send USDC via the x402 protocol.","in":"header","name":"PAYMENT-SIGNATURE","type":"apiKey"}}},"info":{"contact":{"url":"https://github.com/JleviEderer/risk-api"},"description":"Deterministic Base contract admission control for agents on Base and the developers building them. Screen Base contracts before your agent buys, routes funds, approves, pays, or interacts. Analyzes Base bytecode patterns (proxy detection, reentrancy, selfdestruct, honeypot, hidden mint, fee manipulation, delegatecall, deployer reputation) and returns a default decision, policy recommendation, supporting findings, and a composite 0-100 score. Pay $0.10/call via x402 in USDC on Base. \"safe\" means no major bytecode-level risk signals detected in this scan, not a security audit or guarantee.","title":"Augur","version":"1.0.0"},"openapi":"3.0.3","paths":{"/analyze":{"get":{"description":"Fetches on-chain bytecode for the given Base mainnet contract address and runs 8 detectors (proxy, reentrancy, selfdestruct, honeypot, hidden mint, fee manipulation, delegatecall, deployer reputation). Returns a default decision, policy recommendation, supporting findings, and a composite 0-100 score. \"safe\" is a low-risk bytecode bucket, not a security guarantee.","operationId":"analyzeContract","parameters":[{"description":"Base mainnet contract address (0x-prefixed, 40 hex chars)","in":"query","name":"address","required":true,"schema":{"pattern":"^0x[0-9a-fA-F]{40}$","type":"string"}}],"responses":{"200":{"content":{"application/json":{"examples":{"proxy_contract":{"summary":"Proxy contract - resolved implementation requires manual review","value":{"address":"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913","bytecode_size":234,"category_scores":{"delegatecall":10,"impl_selfdestruct":30,"proxy":10},"decision":"manual_review","findings":[{"description":"Contract uses DELEGATECALL with standard proxy storage slots (EIP-1967/1822). This is expected proxy behavior.","detector":"delegatecall","points":10,"severity":"info","title":"DELEGATECALL in proxy pattern"},{"description":"Contract uses standard proxy storage slots (EIP-1967 or EIP-1822). The implementation contract should also be analyzed.","detector":"proxy","points":10,"severity":"info","title":"Proxy contract detected"},{"description":"Contract contains SELFDESTRUCT which allows the owner to destroy the contract and drain all funds.","detector":"impl_selfdestruct","points":30,"severity":"critical","title":"SELFDESTRUCT opcode found"}],"implementation":{"address":"0x2cE6409Bc2Ff3E36834E44e15bbE83e4aD02d779","bytecode_size":201,"category_scores":{"selfdestruct":30},"findings":[{"description":"Contract contains SELFDESTRUCT which allows the owner to destroy the contract and drain all funds.","detector":"impl_selfdestruct","points":30,"severity":"critical","title":"SELFDESTRUCT opcode found"}]},"level":"medium","recommended_policy":{"action":"manual_review","reason_codes":["elevated_risk_score","upgradeable_proxy","selfdestruct_signal","delegatecall_surface"],"summary":"Escalate before interaction. Use a human review step or a heavier tool before the workflow proceeds."},"score":50}},"safe_contract":{"summary":"Simple Base contract - no risk findings in this scan","value":{"address":"0x4200000000000000000000000000000000000006","bytecode_size":4632,"category_scores":{},"decision":"allow","findings":[],"level":"safe","recommended_policy":{"action":"allow","reason_codes":[],"summary":"Allow by default for first-pass automation. Continue only if this matches your broader strategy and trust model."},"score":0}}},"schema":{"$ref":"#/components/schemas/AnalysisResult"}}},"description":"Risk analysis result"},"402":{"description":"Payment required - send x402 payment and retry"},"422":{"content":{"application/json":{"example":{"error":"Missing 'address' query parameter"},"examples":{"invalid_address":{"value":{"error":"Invalid Ethereum address: 0x1234"}},"missing_address":{"value":{"error":"Missing 'address' query parameter"}},"no_bytecode":{"value":{"error":"No contract bytecode found at Base address: 0x4200000000000000000000000000000000000006"}}},"schema":{"properties":{"error":{"type":"string"}},"type":"object"}}},"description":"Invalid, missing, or non-contract Base mainnet address"}},"security":[{"x402":[]}],"summary":"Decide whether a Base contract should be allowed before interaction","x-payment-info":{"currency":"USDC","network":"eip155:8453","payTo":"0x13580b9C6A9AfBfE4C739e74136C1dA174dB9891","price":"0.10","pricingMode":"fixed","protocols":["x402"]},"x-x402-network":"eip155:8453","x-x402-pay-to":"0x13580b9C6A9AfBfE4C739e74136C1dA174dB9891","x-x402-price":"$0.10"},"post":{"description":"Same as GET but accepts a Base mainnet contract address in the JSON body.","operationId":"analyzeContractPost","parameters":[{"description":"Base mainnet contract address (0x-prefixed, 40 hex chars)","in":"query","name":"address","required":false,"schema":{"pattern":"^0x[0-9a-fA-F]{40}$","type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"address":{"description":"Base mainnet contract address (0x-prefixed, 40 hex chars)","pattern":"^0x[0-9a-fA-F]{40}$","type":"string"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json":{"example":{"address":"0x4200000000000000000000000000000000000006","bytecode_size":4632,"category_scores":{},"decision":"allow","findings":[],"level":"safe","recommended_policy":{"action":"allow","reason_codes":[],"summary":"Allow by default for first-pass automation. Continue only if this matches your broader strategy and trust model."},"score":0},"schema":{"$ref":"#/components/schemas/AnalysisResult"}}},"description":"Risk analysis result"},"402":{"description":"Payment required - send x402 payment and retry"},"422":{"content":{"application/json":{"example":{"error":"Missing 'address' query parameter"},"examples":{"invalid_address":{"value":{"error":"Invalid Ethereum address: 0x1234"}},"missing_address":{"value":{"error":"Missing 'address' query parameter"}},"no_bytecode":{"value":{"error":"No contract bytecode found at Base address: 0x4200000000000000000000000000000000000006"}}},"schema":{"properties":{"error":{"type":"string"}},"type":"object"}}},"description":"Invalid, missing, or non-contract Base mainnet address"}},"security":[{"x402":[]}],"summary":"Analyze a Base smart contract for bytecode risk (POST)","x-payment-info":{"currency":"USDC","network":"eip155:8453","payTo":"0x13580b9C6A9AfBfE4C739e74136C1dA174dB9891","price":"0.10","pricingMode":"fixed","protocols":["x402"]},"x-x402-network":"eip155:8453","x-x402-pay-to":"0x13580b9C6A9AfBfE4C739e74136C1dA174dB9891","x-x402-price":"$0.10"}}},"servers":[{"url":"https://augurrisk.com"}]}