What we build
Security and invariants
Each item links to the open-source proof artifact that backs the claim.
- Invariant test suites for your protocol stateful · CI-runnable clean + planted twin per class We express the safety rules your protocol should enforce as machine-checkable invariants, build a clean reference contract where each property holds, and a planted-bug twin where it fires. Both legs run in CI on every push. The suite covers access-control, conservation, governance-state, and AMM reserve classes out of the existing reference library; new classes authored for your protocol's specific invariants. You get the harness, the twin pair per class, and a proof register: what each invariant asserts, what the planted twin violated, and what the CI run confirmed. Proof: cf-invariants (Cairo/Starknet, 12-class matrix, Voyager-verified) cf-invariants-anchor cf-invariants-jito cf-invariants-pyth (Solana/Anchor real-protocol harnesses, all CI green)
- Exploit-to-invariant references and post-incident analysis EVM · Cairo · Move · Solana post-incident CI-asserted We take a published exploit and express the broken rule as a machine-checkable property. You get a runnable reference where the invariant holds on the pre-exploit code structure and a planted-bug twin that replicates the break class: the exact CI discipline that would have caught it pre-deploy. For post-incident work: we document the exploit class, derive the invariant, and deliver a CI-verified reference your team can run and extend. A machine-checkable expression of the rule the protocol broke, CI-runnable and forkable. Proof: Exploit→Invariant Atlas (seven real hacks across Cairo, Move, Solana, EVM; clean and planted twin per case, CI-asserted) cf-invariants-verus-bridge-conservation (Verus bridge conservation invariant derived from the 2026-05-18 exploit)
- CI security harnesses wired into your pipeline Foundry · Echidna · Medusa Crucible · snforge CI scorecards on every push We build and wire a stateful-fuzz harness for your existing contracts into your CI pipeline. Foundry, Echidna, Medusa on EVM; Crucible on Solana/Anchor; snforge on Cairo/Starknet. You get a scored scorecard committed on every push, invariant classes seeded for your protocol's surface, and a planted-bug twin per class that confirms the harness catches the class before the clean code ships. Not a runtime monitor; a pre-deploy CI discipline. Proof: chimera-template-pack (Foundry + Recon Chimera scaffold, pre-wired Echidna/Medusa, CI scorecards on every push) hyperevm-safety (six HyperCore-boundary invariants, CI-runnable property tests for HyperEVM lending protocols)
- New-VM and new-protocol invariant authoring, fast Cairo · Solana · EVM · HyperEVM specialization-velocity A new chain, a new VM, a specialized harness, CI-verified: in days rather than months. We onboard to a new VM by studying the execution model, selecting the right fuzzer, authoring the invariant layer on top of it, and shipping a CI-green first harness. The existing suite covers Cairo/Starknet, Solana/Anchor, EVM/Foundry, and HyperEVM; each chain was added with a CI-verified harness in the same fast pattern. Contact to discuss coverage for your chain. Proof: the public project family spans Cairo (snforge), Solana/Anchor (Crucible), and HyperEVM (Foundry/Chimera). The Solana suite was authored from the Cairo baseline in one working session. github.com/caliperforge
AI-safety evals
Evaluation harnesses for AI systems
We build evaluation harnesses for AI systems using the same planted-twin discipline as the smart-contract work. A language-conditioned detection-rate eval, a regression harness, or a ground-truth benchmark built from planted-bug twins. The eval harness measures where an AI system's accuracy degrades and surfaces the failure mode in a reproducible, CI-runnable form.
Scope: eval harness design and build; planted-bug ground truth generation; detection-rate measurement across language, model, or domain conditions. We deliver a harness and a proof register, same format as the contract work. Not a standalone AI audit service.
Proof: apart-global-south-lost-in-translation: language-conditioned detection-rate eval, EN / ES / PT / CS, Atlas planted-bug twins as ground truth. Apart Global South track submission. Research artifact and eval harness.
How we engage
Bounded scope. Fixed deliverable. CI-verified.
Every engagement is scoped up front with a fixed deliverable agreed before build starts. We do not take open-ended retainers. The deliverable is a CI-verified artifact with a written proof register.
- Scope Bounded. Invariant classes, CI target, and deliverable scope agreed before build starts.
- Deliverable CI-green harness, clean and planted-twin pair, proof register. Reproduced in a cold environment before handoff.
- Principal Michael Moffett, operator of record, KYC-able, named on every artifact.
- AI-augmentation Disclosed on every artifact. Full policy at caliperforge.com/ai-disclosure.
- White-label Available for security tooling and invariant work. Michael Moffett named principal on the artifact; client is the client-facing principal.
Not a substitute for a formal audit. The invariant harness is one layer in a defense-in-depth pre-deploy pipeline. Where a client needs a formal audit, we name that line and refer.
Contact
Reach out to scope.
All engagements are scoped per project. Contact to discuss which deliverable fits your pipeline or to start scoping.
- Direct michael@caliperforge.com
- Team team@caliperforge.com
- GitHub github.com/caliperforge