Although most users interact with HiAUDIT through their IDE, the agent also works as a standalone command-line tool.
Smart contract analysis
# Solidity analysis
hiauditagent run --scope src/
# Solana / Anchor analysis (auto-detected from Anchor.toml or Cargo.toml)
hiauditagent run --scope programs/
# Solana analysis with explicit chain override
hiauditagent run --scope programs/ --chain solana
# List all Solana detectors
hiauditagent detectors --chain solanaWeb application analysis
The web application subcommand is web2:
# Web application analysis
hiauditagent web2 --scope src/
# With taint analysis and OWASP scoring
hiauditagent web2 --scope src/ --taint --owasp --framework express
# Filtered to a specific language
hiauditagent web2 --scope src/ --language Python --min-severity MediumWeb application CLI options
| Flag | Description |
|---|---|
--scope | Paths to analyze (files or directories). |
--exclude | Paths to exclude. |
--min-severity | Minimum severity: Critical, High, Medium, Low, Info. |
--language | Filter to a specific language (TypeScript, Python, Java, etc.). |
--taint | Include taint analysis (source-to-sink data flow tracking). |
--owasp | Include OWASP Top 10 2025 compliance analysis. |
--framework | Web framework for taint analysis (express, django, flask, spring, etc.). |
--exclude-detectors | Detector IDs to skip. |
--format | Output format. |
--output | Write report to a file. |
MCP commands
# Register HiAUDIT with all detected AI tools
hiauditagent mcp add
# Run the MCP server (normally launched by your editor, not by hand)
hiauditagent mcp serveFor editor setup, see Connect to your IDE.