SDK Reference — QorTrace Docs

7RV/C/F▓6EJA>G▒?ADGG6▒BK\4?0▒RM░TCCXW░?9&#RH@60GTQ1A█WPY▓35·AB\>6KJ▓▒H0B$A7G5V<K$T·░BC4/Q>XX>F@▒GU74CTP·>T&769#3▓6DP█\%>7<H79N/Y#HSH9V▒▓VD··RZ\░3QS6&░█@&T8H2WNXS&KEKUZ@483#W9▒>3<·33Q1N&E$▒VSZH<6XRC·K·*C>>V░▒&QU76YRA*3$E▒N7H&<·KJ?ZA/*9A▒$UX?0\W2░UH▓░▓AK4M2P98<M9%$▓3D45▒D%█1>C/GVP>2XYJ▒SK#C0$WRQ&8*1▓9U%80J<%3N@U?&R$DSW░B7RV/C/F▓6EJA>G▒?ADGG6▒BK\4?0▒RM░TCCXW░?9&#RH@60GTQ1A█WPY▓35·AB\>6KJ▓▒H0B$A7G5V<K$T·░BC4/Q>XX>F@▒GU74CTP·>T&769#3▓6DP█\%>7<H79N/Y#HSH9V▒▓VD··RZ\░3QS6&░█@&T8H2WNXS&KEKUZ@483#W9▒>3<·33Q1N&E$▒VSZH<6XRC·K·*C>>V░▒&QU76YRA*3$E▒N7H&<·KJ?ZA/*9A▒$UX?0\W2░UH▓░▓AK4M2P98<M9%$▓3D45▒D%█1>C/GVP>2XYJ▒SK#C0$WRQ&8*1▓9U%80J<%3N@U?&R$DSW░B

0111110010111011100110000000101111101011100100011011111010001000101101111001100001011000010001000110011000111110110000000110100101101010100100110101011100011101010011001110111010011001110000010001101100110010100111100110000001011100101100000000110101010011111100110011100100111000111011110111100010110100110011111110110001111100101110111001100000001011111010111001000110111110100010001011011110011000010110000100010001100110001111101100000001101001011010101001001101010111000111010100110011101110100110011100000100011011001100101001111001100000010111001011000000001101010100111111001100111001001110001110111101111000101101001100111111101100

Programmatic access to QorTrace for CI pipelines and automation.

Status: scaffold. Full SDK ships in v0.3 alongside the Aptos / Sui Move detector pack.

The QorTrace REST API is fully usable today; the SDKs below are thin wrappers that handle auth, retries, polling, and webhook signature verification for you.

Authentication

All API calls require a per-account API key (issuable from /account/settings/api-keys once shipped). Include it as Authorization: Bearer <key> on every request.

Python (`qortrace` — coming v0.3)

PYTHON

from qortrace import Client

qt = Client(api_key="qt_live_…")

# Submit an audit
audit = qt.audits.submit(
    project_name="Pulse DEX v2",
    chain="ethereum",
    source_url="https://github.com/example/pulse-dex-v2",
    tier="standard",
)
print(audit.id, audit.status)

# Poll until delivered
audit = qt.audits.wait(audit.id, timeout=600)
print(audit.security_score, audit.trust_score)

# Pull report
qt.audits.download_report(audit.id, path="./pulse-dex-v2.pdf")

TypeScript / JavaScript (`@qortrace/sdk` — coming v0.3)

import { QorTrace } from "@qortrace/sdk";

const qt = new QorTrace({ apiKey: process.env.QT_API_KEY });

const audit = await qt.audits.submit({
  projectName: "Pulse DEX v2",
  chain: "ethereum",
  sourceUrl: "https://github.com/example/pulse-dex-v2",
  tier: "deep_dive",
});

const final = await qt.audits.wait(audit.id);
console.log(final.securityScore, final.trustScore);

CI integration (today, no SDK needed)

YAML

# .github/workflows/audit.yml
- name: QorTrace audit
  run: |
    curl -X POST https://qortrace.com/api/audit/submit \
      -H "Authorization: Bearer $QT_API_KEY" \
      -H "Content-Type: application/json" \
      -d "{\"project_name\": \"${{ github.event.repository.name }}\", \
            \"source_url\": \"${{ github.event.repository.clone_url }}\", \
            \"chain\": \"ethereum\", \"tier\": \"standard\"}"

Webhooks

Configure delivery webhooks from /account/webhooks. Every event is HMAC-SHA256 signed; verify the X-QorTrace-Signature header against your endpoint secret.

Event types:

audit.delivered — final report ready.
audit.dispute_opened — a finding is being contested.
payment.succeeded / payment.failed — Stripe webhook mirror.

SDK ReferencY

Authentication

Python (qortrace — coming v0.3)

TypeScript / JavaScript (@qortrace/sdk — coming v0.3)

CI integration (today, no SDK needed)

Webhooks

Python (`qortrace` — coming v0.3)

TypeScript / JavaScript (`@qortrace/sdk` — coming v0.3)