NyxFoundation

NyxFoundation / speca

Public

SPECA: Specification-to-Checklist Agentic Auditing Framework

arxiv.orgabs2604.26495
19
2
100% credibility
Found May 04, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

SPECA is an AI framework that audits code against natural-language specifications by generating verifiable security properties and systematically checking implementations.

How It Works

1
🔍 Discover SPECA

You find SPECA on GitHub or read its research paper and get excited about a smart way to check if code follows important rules written in plain English.

2
📦 Set it up

You download SPECA to your computer and prepare it with simple tools so it's ready to help you audit software.

3
📋 Pick your specs and code

You choose the English documents describing what the software should do and point to the actual code you want to check against those rules.

4
🚀 Start the audit

You launch SPECA and it reads the rules, turns them into clear checklists, and carefully examines the code step by step.

5
💡 Spot the problems

SPECA highlights exactly where the code breaks the rules, with clear explanations and proof paths you can follow.

6
Review and fix

You look at the detailed findings, confirm the issues, and use them to make the software safer.

🎉 Safer software

Your code now matches the rules perfectly, catching bugs that others missed and giving you confidence in its security.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is speca?

SPECA is a Python agentic auditing framework that converts natural-language specifications into typed security checklists, then audits codebases via LLM-driven proof attempts. It targets spec-governed systems like protocol stacks or crypto libraries, catching invariant violations that code-pattern scanners miss—think speca me ajke for precise, speca te mbushur checklists. Users run phased pipelines via CLI (`uv run python scripts/run_phase.py`) or GitHub Actions, getting JSON outputs with traceable findings, severity ratings, and benchmarks.

Why is it gaining traction?

Unlike code-driven tools, SPECA anchors audits in specs for cross-implementation comparisons and spec-dependent detections, recovering all H/M/L bugs in a 366-submission Sherlock contest plus novel fixes. The reusable orchestrator handles parallelism, resumption, and budgets, while 3-gate reviews cut FPs to interpretable causes—specialized agentic auditing that feels structured, not speculative. Developers hook on the provenance chains tying findings to spec sections.

Who should use this?

Security auditors verifying Ethereum clients or consensus layers against EIPs. Protocol teams doing speca me mish reviews on multi-lang implementations (Go, Rust, Nim). Researchers benchmarking LLM auditors on RepoAudit C/C++ or custom speca me gjiz datasets.

Verdict

Grab it for specification-to-checklist workflows if specs drive your bugs—reproduce benchmarks easily. But 19 stars and 1.0% credibility signal research-grade maturity; docs shine via arXiv paper, but expect tweaks for production. (198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.