Plasma

Smart contracts. No shortcuts.

End-to-end pipeline

From creation to on-chain deployment, every step is secured and verified.

Plasma takes your Solidity project through six stages — each one verified before the next can proceed. No blind trust. No skipped checks.

📝 Create Initialize a Foundry project with OpenZeppelin starter contracts and security-first defaults.

⚙️ Compile Standard JSON via solc with deterministic build fingerprints for every artifact.

🔍 Audit AI-powered reentrancy analysis bound to the exact build fingerprint. No stale results.

🔧 Fix Minimal diffs for each finding. Review and approve before any file changes.

🚧 Gate Deployment blocks when critical or high findings are unresolved. Enforced at the function level.

🚀 Deploy Local Anvil or Sepolia via external wallet. Only audited bytecode gets broadcast.

AI security audit

A copilot trained for Solidity, not generic code.

Plasma's Security Copilot is focused on smart contract vulnerability classes — starting with reentrancy. Every finding is structured, actionable, and locked to the exact build that produced it.

Detection scope

Reentrancy analysis

Audits external calls before state updates, missing nonReentrant modifiers, and cross-function reentrancy paths. Each finding includes the exploit path and a concrete fix.

Output format

Structured findings

Machine-readable JSON with severity, file, line, description, exploit path, and suggested fix. Malformed responses are rejected — no false passes.

Trust mechanism

Fingerprint-bound results

Every audit is locked to a deterministic build fingerprint derived from source, dependencies, compiler version, optimizer settings, EVM parameters, and generated bytecode. If any of these change, the audit is immediately marked stale — so you never deploy against outdated results.

Deployment gate

The final checkpoint cannot be skipped.

Plasma blocks deployment inside the IDE when the exact contract build has unresolved critical or high-risk findings. The gate is not a button state — it is enforced in the deploy function itself.

Enforcement

Function-level gate

Before broadcasting, the deploy function recomputes the fingerprint, confirms deployment bytecode matches the audited artifact, and rejects any build with unresolved critical or high findings.

Freshness

Auto-stale detection

Any change to source, dependencies, compiler settings, optimizer, or EVM parameters immediately invalidates the prior audit. The status shifts to Stale and the gate locks again.

Compile failed Audit required Blocked Stale Ready for local Ready for Sepolia

Compile failed · Audit required · Blocked · Stale · Ready

Deployment

Ship with confidence. Only the audited bytecode.

Deploy to local Anvil or Sepolia through a secure wallet flow. Mainnet is disabled. The exact audited artifact is what gets broadcast — nothing else.

Local

Anvil

Deploy to http://127.0.0.1:8545 with ethers v6. Shows address, transaction hash, and gas used. Clear messaging when Anvil is unavailable.

Testnet

Sepolia — safe wallet

Connect via an external wallet — never paste a private key. The prepared transaction is signed by your wallet and broadcast to Sepolia. Etherscan link included.

Safety

Mainnet disabled

Mainnet deployment is not available in Plasma. The gate architecture prevents unsafe production deployment without proper safeguards in place.

Technology

Built on proven foundations. Specialized for security.

Plasma is a branded fork of OpenCode — inheriting its battle-tested agent runtime, session system, permissions model, and tool APIs — with a security layer purpose-built for Solidity development.

Compiler

solc Standard JSON Multi-version support with deterministic build fingerprints

AI Model

Claude (default) Via OpenCode's provider layer — not a separate API client

Workspace

Foundry-style contracts/ test/ script/ lib/ with plasma.json

Networks

Anvil + Sepolia Local and testnet. Mainnet disabled.

Audit Scope

Reentrancy External calls, missing guards, cross-function paths

Runtime

OpenCode fork Preserved agent runtime, sessions, permissions, tool APIs

Get started

Your smart contracts deserve more than a text editor.

Security-first Solidity development. AI-powered audits. Deployment gates that actually block.

Download Plasma View on GitHub