Docs

Three ways to send us code, with prep tips for each.

We accept code three ways. Pick whichever fits your workflow.

Option A — GitHub URL (recommended for open-source)

Paste any public repo URL on /audit. We:

  1. Clone the default branch (or a tag/commit if you specify one)
  2. Discover all .sol files
  3. Filter out node_modules, lib/, forge-std/ and other vendored deps
  4. Run the audit against the resulting source set

Pro tips:

  • Pin a tag (?ref=v1.2.0) for reproducible audits
  • Add a .qortraceignore file to exclude paths you don't want scanned
  • Public repos only — for private repos, use Option B

Option B — Zip upload (recommended for private code)

Drag-and-drop a .zip (≤50 MB) on /audit.

Pro tips:

  • Strip node_modules/ before zipping (saves time + cost)
  • Include a README.md — Qelli reads it for context
  • We delete the upload from disk after the audit completes; only the source text + findings are retained

Option C — Raw paste

Quickest path for single-file contracts. Paste your .sol source into the inline editor.

Pro tips:

  • Include the SPDX header and pragma solidity ^x.y.z; line so we use the right compiler
  • For multi-file projects, use Option A or B — you'll get cross-contract findings we can't infer from a single file

What we DON'T need

  • Your private keys
  • Your deployment scripts (we don't run code)
  • Your business logic spec — though it helps if you write a sentence or two in the Notes field describing the contract's purpose

What happens after submit

You land on the audit-status page. The status flows: queued → ai_running → human_review (Deep Dive only) → delivered. We email you at delivery + a recap 24 hours later.