--------------------------------------------------------------------------------
title: "FirePan Platform Overview"
description: "AI-powered smart contract security platform providing continuous vulnerability scanning, autonomous auditing, and security monitoring for EVM chains."
last_updated: "2026-03-30"
source: "https://firepan.com"
--------------------------------------------------------------------------------

# FirePan Platform Overview

FirePan is an AI-powered smart contract security platform that transforms traditional one-off audits into continuous, automated security monitoring. The core engine is Hound, an autonomous AI auditor that analyzes Solidity and Vyper codebases for vulnerabilities using pattern matching, LLM-verified analysis, and knowledge graph construction.

## Mission

Make onchain security continuous, affordable, and default. FirePan replaces expensive, infrequent manual audits with always-on threat detection for smart contracts.

## Core Capabilities

- **Surface Scanning** — Fast pattern-based analysis with optional LLM verification. Identifies common vulnerability classes in minutes.
- **Deep Auditing (Hound AI)** — Autonomous multi-iteration audit agent that builds a knowledge graph of the codebase, generates and tests security hypotheses, then produces curated findings with severity re-ranking and semantic deduplication.
- **CI/CD Integration** — Automated scan-on-push via GitHub App. PR comments with scan results.
- **Dashboard** — Real-time view of scan history, risk scores, findings, and audit reports at app.firepan.com.

## Agent Integration

For detailed agent instructions (endpoints, auth flow, error handling, response schemas), see: https://firepan.com/SKILL.md

---

--------------------------------------------------------------------------------
title: "Getting Started"
description: "How to sign up for FirePan and run your first smart contract security scan."
last_updated: "2026-03-30"
source: "https://app.firepan.com"
--------------------------------------------------------------------------------

# Getting Started

## Step 1: Create an Account

1. Navigate to https://app.firepan.com
2. Click **Sign Up** — GitHub login is recommended (it also grants FirePan access to scan your repositories)
3. Verify your email (required for paid endpoints)

## Step 2: Add a Repository

1. From the Dashboard, navigate to **Repositories**
2. Click **Add Repository** and select a GitHub repo
3. FirePan queues an initial surface scan automatically

## Step 3: Run a Scan

- **Surface Scan** — Fast pattern-based analysis with optional LLM verification. Good for triage and CI/CD.
- **Deep Audit** — Comprehensive autonomous audit with knowledge graph construction and AI-generated findings. Use before mainnet deployment or for high-value protocols.

## Step 4: Review Findings

Each scan produces:
- A **risk score** and **risk level** (Critical, High, Medium, Low, Minimal)
- A categorized list of **findings** with severity, location, and description
- A **summary** describing the overall security posture

## Step 5: Get Your API Token

Navigate to **Settings > Profile** at https://app.firepan.com/settings/profile to copy your bearer token for API and agent access.

---

--------------------------------------------------------------------------------
title: "API Reference"
description: "FirePan REST API for programmatic access to scans, audits, and results."
last_updated: "2026-03-30"
source: "https://api.firepan.com"
--------------------------------------------------------------------------------

# API Reference

## Base URL

```
https://api.firepan.com
```

## Authentication

Include your bearer token in the `Authorization` header:

```
Authorization: Bearer <token>
```

Get your token from https://app.firepan.com/settings/profile

Tenants with an active trial or paid Stripe subscription can use all paid endpoints with just the Bearer token — no x402 payment headers needed.

## Endpoints

### Free Surface Scan

```http
POST /surface/scan
Content-Type: application/json

{
  "target": "https://github.com/OpenZeppelin/openzeppelin-contracts"
}
```

No authentication required. Returns risk score, findings, quality metrics, and summary.

### Paid Full Surface Scan

```http
POST /surface/scan/full
Content-Type: application/json
Authorization: Bearer <token>
Idempotency-Key: <uuid>

{
  "repo_url": "https://github.com/OpenZeppelin/openzeppelin-contracts"
}
```

Price: $0.50 via x402 (free with trial/subscription). Returns detailed findings with enhanced analysis.

### Start Deep Audit

```http
POST /audits/start
Content-Type: application/json
Authorization: Bearer <token>
Idempotency-Key: <uuid>

{
  "repo_url": "https://github.com/OpenZeppelin/openzeppelin-contracts",
  "mode": "sweep",
  "time_limit_minutes": 120
}
```

Price: $5.00 via x402 (free with trial/subscription). Returns `session_id` and `websocket_url` for live progress. The audit runs asynchronously.

### Poll Audit Status

```http
GET /audits/{session_id}/status
Authorization: Bearer <token>
```

Returns `status`, `progress`, `findings_count`, `error_message`, `started_at`, `completed_at`.

### Current Subscription

```http
GET /subscriptions/current
Authorization: Bearer <token>
```

Returns current plan, billing status, and usage.

### Repositories

```http
GET /repositories
Authorization: Bearer <token>

POST /repositories
Content-Type: application/json
Authorization: Bearer <token>

{
  "repo_url": "https://github.com/org/repo"
}
```

### Repository Scans

```http
GET /repositories/{id}/scans
Authorization: Bearer <token>
```

Returns scan history for a repository.

### Findings

```http
GET /findings?project_id={id}
Authorization: Bearer <token>
```

Returns combined findings from surface scans and deep audits.

## x402 Payment Flow

For tenants without a trial or subscription, paid endpoints return `402 Payment Required` with an `X-Payment-Requirements` header. The agent must:

1. Read `X-Payment-Requirements` from the 402 response
2. Create the x402 payment payload (USDC on Base)
3. Retry the same request with an `X-PAYMENT` header containing the payment JSON

Tenants with active trials or paid subscriptions skip this entirely.

## Error Codes

- `401 Unauthorized` — Missing or invalid bearer token
- `403 Forbidden` / `email_not_verified` — Email not yet verified
- `402 Payment Required` — x402 payment needed (trial/subscription users never see this)
- `409 Conflict` — Idempotency key reused with different body
- `429 Too Many Requests` — Rate limited, retry with backoff
- `5xx` — Transient infrastructure error, retry with backoff

---

--------------------------------------------------------------------------------
title: "Pricing & Plans"
description: "FirePan subscription plans and pricing."
last_updated: "2026-03-30"
source: "https://firepan.com/#products"
--------------------------------------------------------------------------------

# Pricing & Plans

FirePan offers monthly and annual billing. Annual billing saves 20%.

## Starter — $299/month ($239/month billed annually)

For individual developers and small projects.

## Professional — $1,199/month ($959/month billed annually)

For growing teams with multiple smart contract projects.

## Enterprise — $2,999/month ($2,399/month billed annually)

For organizations requiring comprehensive security coverage.

## Boutique Audits — Custom Pricing

Combines FirePan's AI-powered analysis with expert human review. Contact sales at https://firepan.com/contact

## Agent Payments (x402)

AI agents can pay per-call using USDC on Base via the x402 protocol:
- Surface scan (full): $0.50
- Deep audit: $5.00

## Billing Notes

- Payments processed via Stripe (subscriptions) or x402 (agent pay-per-call)
- New signups get a trial with scan and audit access
- Plan limits reset at the start of each billing cycle
- Upgrade or downgrade at any time from Dashboard > Billing

---

--------------------------------------------------------------------------------
title: "Supported Contracts"
description: "Languages and chains supported by FirePan."
last_updated: "2026-03-30"
--------------------------------------------------------------------------------

# Supported Contracts

**Languages**: Solidity (`.sol`), Vyper (`.vy`)

**EVM Chains**: Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, BNB Chain, and any EVM-compatible chain.

FirePan analyzes source code — it does not require on-chain deployment. Point it at a GitHub repository containing Solidity or Vyper contracts.

Contract discovery focuses on: repo root, `contracts/`, `src/`, `lib/`.

---

--------------------------------------------------------------------------------
title: "Security Glossary"
description: "Key security terms used throughout the FirePan platform."
last_updated: "2026-03-30"
--------------------------------------------------------------------------------

# Security Glossary

**Reentrancy** — A vulnerability where an external contract is called before internal state is updated, allowing the external contract to re-enter the original function and drain funds.

**Flash Loan Attack** — An attack that exploits uncollateralized loans that must be borrowed and repaid within a single transaction, used to manipulate prices or governance.

**Oracle Manipulation** — Exploiting a price feed or data oracle to provide incorrect values to a smart contract, enabling profitable but malicious transactions.

**Access Control Flaw** — Missing or incorrect authorization checks that allow unauthorized users to call restricted functions.

**Integer Overflow/Underflow** — Arithmetic that exceeds the maximum or minimum value of a variable type. Mitigated in Solidity 0.8+ by default.

**Delegatecall Misuse** — Incorrect use of delegatecall that can allow an attacker to overwrite storage or execute arbitrary code in the calling contract's context.

**Front-running** — An attack where an observer of the mempool submits a transaction with higher gas to execute ahead of a pending transaction.

**Surface Scan** — FirePan's fast pattern-based analysis mode with optional LLM verification.

**Deep Audit** — FirePan's comprehensive autonomous audit mode using the Hound AI agent with knowledge graph construction and semantic deduplication.

**Hound** — FirePan's proprietary AI security analysis engine.

**Risk Score** — A numeric score reflecting a repository's vulnerability exposure based on scan findings.

**Assessment Level** — Deep audit severity rating: CRITICAL, HIGH, MODERATE, LOW, or MINIMAL.

---

--------------------------------------------------------------------------------
title: "FAQ"
description: "Frequently asked questions about FirePan."
last_updated: "2026-03-30"
--------------------------------------------------------------------------------

# FAQ

## What blockchains and languages does FirePan support?

FirePan supports Solidity and Vyper smart contracts targeting EVM-compatible chains including Ethereum, Polygon, Arbitrum, Optimism, Base, Avalanche, and BNB Chain.

## What is the difference between Surface Scan and Deep Audit?

Surface Scan uses pattern matching with optional LLM verification for fast triage — ideal for CI/CD. Deep Audit runs an autonomous AI agent that builds a knowledge graph, generates security hypotheses, and produces curated findings with severity re-ranking. Deep Audits take longer but provide much deeper analysis.

## How long does a Deep Audit take?

Varies with codebase size. Typical Deep Audits complete in 15–120 minutes. You can monitor progress via the WebSocket URL or status polling endpoint.

## Can I use FirePan without connecting GitHub?

Yes. The free surface scan accepts any public GitHub URL directly via the API. GitHub App integration is needed for scan-on-push and PR comment features.

## Is my source code safe?

FirePan processes source code in an isolated analysis environment. Source code is not shared with third parties. See the Privacy Policy at https://firepan.com/privacy-policy

## Can FirePan replace a manual audit?

FirePan significantly reduces the cost and time of security reviews. However, for high-value protocols or regulatory requirements, consider combining FirePan with a boutique human audit. Contact sales at https://firepan.com/contact

## How do AI agents use FirePan?

Agents can call FirePan's API directly. The free surface scan requires no auth. Paid endpoints accept a Bearer JWT token. Agents for tenants with active trials or subscriptions skip x402 payment and just use the Bearer token. See https://firepan.com/SKILL.md for full agent instructions.

## How do I get support?

- Email: support@firepan.com
- Docs: https://docs.firepan.com
- GitHub: https://github.com/firepan-labs

---

--------------------------------------------------------------------------------
title: "Company Information"
description: "About FirePan, Inc."
last_updated: "2026-03-30"
source: "https://firepan.com/about"
--------------------------------------------------------------------------------

# About FirePan

**FirePan, Inc.** is a Delaware C-corporation founded in 2025. The company builds AI-powered smart contract security infrastructure for Web3 protocols, DeFi applications, and blockchain developers.

## Contact

- Website: https://firepan.com
- App: https://app.firepan.com
- Docs: https://docs.firepan.com
- Support: support@firepan.com
- GitHub: https://github.com/firepan-labs
- Sales: https://firepan.com/contact

## Legal

- Terms of Service: https://firepan.com/terms
- Privacy Policy: https://firepan.com/privacy-policy

FirePan provides AI-powered security analysis and monitoring services for smart contracts. Security assessments are point-in-time analyses and should be part of a comprehensive security program. FirePan does not guarantee the security of any analyzed contract.

© 2026 FirePan, Inc. All rights reserved.