SDK Reference — QorTrace Docs

E&HJ9696SJ87#@83*K00·UFDJ3@YA\1EB░4Y*78V▒H10XT0TYKGT#G12JP1F?>4P▓$\/96%%D1?▒JS2G<2R121NPN▒\@U<*Q&█B%%7K3▓▓D*5D\E█ZVZP<>Y·▓$$·E3X27>2·NY3/1ZVRHTN@GA?<N0QK*B/6?W*H1%B4>TBDB▓90XFNXY/Q//PHA4C/?TVU8MX3B<$FN@M8YC17$*PX&/6&&B·\H%?A>@K1EZUCSYK@BM0@7BH@&\SJ%W?&9\Y·░PGE&QUV<D$S%U\E/BS&EF1U0\·*T98\W@X6K<CX49G6▓EQ8/0U▒Z\▓U$>7*EQ68E&HJ9696SJ87#@83*K00·UFDJ3@YA\1EB░4Y*78V▒H10XT0TYKGT#G12JP1F?>4P▓$\/96%%D1?▒JS2G<2R121NPN▒\@U<*Q&█B%%7K3▓▓D*5D\E█ZVZP<>Y·▓$$·E3X27>2·NY3/1ZVRHTN@GA?<N0QK*B/6?W*H1%B4>TBDB▓90XFNXY/Q//PHA4C/?TVU8MX3B<$FN@M8YC17$*PX&/6&&B·\H%?A>@K1EZUCSYK@BM0@7BH@&\SJ%W?&9\Y·░PGE&QUV<D$S%U\E/BS&EF1U0\·*T98\W@X6K<CX49G6▓EQ8/0U▒Z\▓U$>7*EQ68

0100000011010010111110101101110010111010000100010010001000010010110101001010100101011110101000011110000100000011011011110110010101110000101110111101000110110011100111100010111100011011000111000111001101101110001111111101111011010011111111001000010101101000111111110100001010100000011010100010000110101010010000001110000001000000110100101111101011011100101110100001000100100010000100101101010010101001010111101010000111100001000000110110111101100101011100001011101111010001101100111001111000101111000110110001110001110011011011100011111111011110110100111111110010000101011010001111111101000010101000000110101000100001101010100100000011100000

Programmatic access to QorTrace for CI pipelines and automation.

Status: scaffold. Full SDK ships in v0.3 alongside the Aptos / Sui Move detector pack.

The QorTrace REST API is fully usable today; the SDKs below are thin wrappers that handle auth, retries, polling, and webhook signature verification for you.

Authentication

All API calls require a per-account API key (issuable from /account/settings/api-keys once shipped). Include it as Authorization: Bearer <key> on every request.

Python (`qortrace` — coming v0.3)

PYTHON

from qortrace import Client

qt = Client(api_key="qt_live_…")

# Submit an audit
audit = qt.audits.submit(
    project_name="Pulse DEX v2",
    chain="ethereum",
    source_url="https://github.com/example/pulse-dex-v2",
    tier="standard",
)
print(audit.id, audit.status)

# Poll until delivered
audit = qt.audits.wait(audit.id, timeout=600)
print(audit.security_score, audit.trust_score)

# Pull report
qt.audits.download_report(audit.id, path="./pulse-dex-v2.pdf")

TypeScript / JavaScript (`@qortrace/sdk` — coming v0.3)

import { QorTrace } from "@qortrace/sdk";

const qt = new QorTrace({ apiKey: process.env.QT_API_KEY });

const audit = await qt.audits.submit({
  projectName: "Pulse DEX v2",
  chain: "ethereum",
  sourceUrl: "https://github.com/example/pulse-dex-v2",
  tier: "deep_dive",
});

const final = await qt.audits.wait(audit.id);
console.log(final.securityScore, final.trustScore);

CI integration (today, no SDK needed)

YAML

# .github/workflows/audit.yml
- name: QorTrace audit
  run: |
    curl -X POST https://qortrace.com/api/audit/submit \
      -H "Authorization: Bearer $QT_API_KEY" \
      -H "Content-Type: application/json" \
      -d "{\"project_name\": \"${{ github.event.repository.name }}\", \
            \"source_url\": \"${{ github.event.repository.clone_url }}\", \
            \"chain\": \"ethereum\", \"tier\": \"standard\"}"

Webhooks

Configure delivery webhooks from /account/webhooks. Every event is HMAC-SHA256 signed; verify the X-QorTrace-Signature header against your endpoint secret.

Event types:

audit.delivered — final report ready.
audit.dispute_opened — a finding is being contested.
payment.succeeded / payment.failed — Stripe webhook mirror.

SDK Re6PE>1MB

Authentication

Python (qortrace — coming v0.3)

TypeScript / JavaScript (@qortrace/sdk — coming v0.3)

CI integration (today, no SDK needed)

Webhooks

Python (`qortrace` — coming v0.3)

TypeScript / JavaScript (`@qortrace/sdk` — coming v0.3)