VibeGuard
VibeGuard

Technical Reference

Developer Documentation

Integrate VibeGuard AI into your Sui wallet or dApp

Quick Start

TypeScript SDK (Recommended)

The easiest way to integrate VibeGuard into your Sui wallet or dApp.

npm install vibeguard-sui-security
import { VibeGuard } from 'vibeguard-sui-security';

const guard = new VibeGuard();

const result = await guard.analyzeTransaction({
  transactionBytes: 'AAACAA...',
  network: 'testnet',
  userAddress: '0x1234...',
  userIntent: 'Claim airdrop',
  onThreatDetected: (result) => {
    console.error('THREAT DETECTED:', result.explanation.headline);
  }
});

if (result.risk.riskLevel === 'RED') {
  // Block transaction
}

Retrieve Threat Report

Fetch the full AI threat report from Walrus decentralized storage using a blob ID from a ThreatReported on-chain event.

// blobId from ThreatReported event, blobObjectId optional for liveness check
const report = await guard.retrieveThreatReport(
  'oNyrr0jEVATWSAGkJHnmoKVICnFosv1k4YNayZXcRgk',
  '0x08108c74...'
);

console.log(report.riskLevel);    // 'RED'
console.log(report.reasons);      // [...]
console.log(report.plainEnglish); // Full AI explanation
View on npm →

REST API

Direct API Access

Base URL

https://vibeguardai.vercel.app

Security

Authentication

The API is currently fully open — no API key required. All endpoints are accessible without authentication.

For enterprise access, rate limit increases, or partnership inquiries, open a GitHub Issue.

Analysis Endpoint

POST /api/explain

Full transaction analysis with AI explanation and scam detection.

Request Body

{
  "transactionBytes": "AAACAA...",  // Base64 bytes BEFORE signing
  "network": "testnet",
  "userAddress": "0x...",
  "userIntent": "Claim airdrop"  // Optional but recommended
}

Use base64 transaction bytes from your wallet BEFORE signing. Transaction hashes from explorers won't work.

Response

{
  "simulation": {
    "effectsSummary": {...},
    "staticAnalysis": {
      "moveCalls": [...],
      "gasBudget": "10000000",
      "containsDirectTransfer": true
    }
  },
  "risk": {
    "riskLevel": "RED",
    "reasons": [
      "Assets leave your wallet to another address",
      "INTENT MISMATCH: You expect to receive assets, but this sends assets away"
    ],
    "confidence": 0.9
  },
  "explanation": {
    "headline": "Honeypot Scam Detected",
    "plainEnglish": "This transaction will send 100 SUI from your wallet...",
    "recommendedAction": "Do Not Sign"
  }
}

B2B Intelligence

B2B Threat Intelligence API

Query the indexed threat registry. Powered by real-time event indexing from the on-chain ReputationRegistry.

GET /api/threats

Query indexed threats with optional filters.

# All threats
GET /api/threats

# Filter by category
GET /api/threats?category=Honeypot
GET /api/threats?category=Intent+Mismatch

# Filter by severity
GET /api/threats?severity=Critical
GET /api/threats?severity=High

# Pagination
GET /api/threats?limit=10&offset=0

# Lookup specific package
GET /api/threats?packageId=0x...

# Aggregated stats
GET /api/threats?stats=true

# Force re-index from chain
GET /api/threats?refresh=true

GET /api/threats?stats=true

Returns aggregated threat statistics.

{
  "success": true,
  "stats": {
    "total": 5,
    "byCategory": {
      "Intent Mismatch": 1,
      "Unknown": 4
    },
    "bySeverity": {
      "High": 1,
      "Unknown": 4
    }
  }
}

GET /api/events

Server-Sent Events stream. Subscribe to real-time ThreatReported events as they are emitted on-chain.

// Browser / Node.js
const stream = new EventSource('https://vibeguardai.vercel.app/api/events');

stream.onmessage = (event) => {
  const threat = JSON.parse(event.data);
  console.log('New threat:', threat.malicious_package_id);
  blacklist.add(threat.malicious_package_id);
};

POST /api/webhooks

Register a webhook URL to receive push notifications when new threats are detected.

curl -X POST https://vibeguardai.vercel.app/api/webhooks \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.com/webhook",
    "events": ["ThreatReported", "ThreatVerified"],
    "apiKey": "your_key"
  }'

// Payload delivered to your URL:
{
  "event": "ThreatReported",
  "data": {
    "malicious_package_id": "0x...",
    "walrus_blob_id": "..."
  },
  "timestamp": 1775909610023
}

POST /api/indexer

Force re-index all ThreatReported events from the blockchain.

curl -X POST https://vibeguardai.vercel.app/api/indexer

// Response:
{
  "success": true,
  "indexed": 5,
  "stats": {
    "total": 5,
    "byCategory": { "Intent Mismatch": 1, "Unknown": 4 }
  }
}

Threat Retrieval

GET /api/threat/[blobId]

Retrieve a full threat report from Walrus decentralized storage. Accepts an optional blobObjectId query parameter to verify the Blob NFT is still live on Sui before fetching.

# Without liveness check
GET /api/threat/:blobId

# With Blob NFT liveness gate (returns 410 if expired)
GET /api/threat/:blobId?blobObjectId=0x...

Response

{
  "metadata": {
    "title": "VibeGuard AI Threat Report",
    "publisher": "0x...",
    "category": "Security Signal",
    "timestamp": "2026-03-23T08:43:36.775Z"
  },
  "packageId": "0x...",
  "riskLevel": "RED",
  "headline": "Automated Detection: Honeypot/Malicious Contract",
  "reasons": [...],
  "reportedAt": "2026-03-23T08:43:36.775Z",
  "reportedBy": "vibeguard-automated-pipeline"
}

Code Examples

Example: cURL

curl -X POST https://vibeguardai.vercel.app/api/explain \
  -H "Content-Type: application/json" \
  -d '{
    "transactionBytes": "AAACAA...base64...",
    "network": "testnet",
    "userAddress": "0x1234...5678",
    "userIntent": "Claim free airdrop"
  }'

Replace with your actual base64 transaction bytes and wallet address.

Code Examples

Example: JavaScript

const response = await fetch('https://vibeguardai.vercel.app/api/explain', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    transactionBytes: 'AAACAA...base64...',
    network: 'testnet',
    userAddress: '0x1234...5678',
    userIntent: 'Claim free airdrop'
  })
});

const data = await response.json();
console.log(data.risk.riskLevel);
console.log(data.explanation.recommendedAction);

Infrastructure

Production Enclave

Threat analysis runs inside an AWS Nitro Enclave TEE. The enclave signs every threat payload with a registered Ed25519 keypair verified on-chain before registry commitment.

Endpoint: http://98.82.186.207:3000
Public Key: fca7f87123c37761226ea680dc2dc7d7dcf4378ee72cddde3094302b33685acd
Max Throughput: 218.98 req/s @ 50 concurrent
Avg Response Time: 226ms (stable under load)
Error Rate: 0.00% across all concurrency levels

Live proof transactions:

Enclave Registration — DyCyjEm6zc4AhmW6MquPAy72GjgLjJzokybjmUWj39Q2Atomic Threat Report — 6qBWeX62UUzxm6GromBfo6fwXsNNNYjh9WbzfTrJqYDk

Threat Engine

Adversarial Threat Detection

The enclave threat engine detects sophisticated attack patterns with 100% accuracy across all test cases.

INTENT_MISMATCH_HONEYPOT

User expects inflow but simulation shows outflow — classic airdrop scam

MULTI_RECIPIENT_DRAIN

Assets routed to 3+ unique recipients — multi-hop drain attack

DRAIN_FUNCTION

Dangerous Move functions: transfer_all, drain, sweep, approve_all, emergency_withdraw

UNEXPECTED_OUTFLOW

Unexpected asset outflow when user expects to receive

HIGH_GAS_BUDGET

Gas budget exceeds 500M MIST — indicator of complex exploit

Support

Need Help?

Questions about integration or found a bug?

GitHub IssuesView on npm