Skip to content
← audric.ai

Security

beta

Security measures · responsible disclosure

CI / CD Pipeline

CI statusSecurity status

Every push runs lint, typecheck, CodeQL analysis, and dependency audit.

Security Measures

Non-Custodial

Your wallet is derived from your Google session via zkLogin (Mysten Labs Enoki). Private keys are never exposed to or stored by Audric.

Sponsored Transactions

All transaction gas fees are sponsored via Enoki. You never need to hold SUI for gas — transactions are built server-side and signed client-side.

Tiered Approval

Read-only tools execute automatically. Risky write operations (swaps, sends, borrows) require explicit user confirmation. Safe writes (deposits, repayments, staking) are auto-approved.

Ephemeral Sessions

zkLogin keys are short-lived and bound to a single Sui epoch (~24 hours). Session data is not persisted after you close the app.

Automated Scanning

GitHub Actions runs CodeQL static analysis and dependency audits on every push. Both the Audric app and the t2000 infrastructure are continuously scanned.

Open Source

All code is publicly auditable. Audric and t2000 infrastructure are both open source on GitHub.

Infrastructure Audit

Audric is built on t2000 infrastructure (SDK, engine, smart contracts) which has undergone a full-stack security review.

20 / 22 remediated2 deferred

No vulnerabilities enabling direct fund theft were found. All critical and high-severity findings have been remediated.

View full audit report →

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly. Do not open a public GitHub issue.

ReportGitHub Security Advisory →
ResponseAcknowledgment within 48 hours
Emailsecurity@t2000.ai