Security Readiness Reports
Security readiness reports are focused pre-audit handoff surfaces for Web3 projects. They help a user turn an assistant security readiness brief into a reviewer-ready page with evidence coverage, missing proof, and next actions.
The route format is:
/app/crypto/:slug/readiness
Example:
/app/crypto/monad/readiness
When To Use This Route
Use the readiness route when the next workflow is not "score the project again" but "prepare the project for someone else to review."
Typical use cases:
- a founder wants to understand what evidence is missing before fundraising
- an investor wants a compact pre-review handoff
- a reviewer wants the current Vartovii evidence and gaps in one place
- a partner wants to see whether security, token, and public evidence are documented enough for a deeper conversation
What The Report Includes
The readiness report reuses the current project intelligence payload instead of creating a separate audit engine.
| Section | Purpose |
|---|---|
| Project context | Identifies the current project, stage, score, and evidence state. |
| Evidence coverage | Shows which evidence areas are ready, low, or missing. |
| Security posture | Summarizes available audit/security provenance without claiming audit replacement. |
| Missing proof | Lists gaps that should be closed before a public or paid review. |
| Next actions | Provides concrete follow-up work such as attaching audit links, confirming contract addresses, or preparing a reviewer packet. |
| Copy controls | Lets a user copy the report link or a concise reviewer handoff summary. |
| Reviewer packet | Packages scope, visible evidence, missing inputs, and non-audit boundaries for an external reviewer. |
Assistant Entry Point
The readiness route can be opened from two places:
- the crypto project profile action bar through the
READINESSaction - the assistant workspace after a security readiness brief
For a direct project profile, open:
/app/crypto/:slug
Then use the READINESS action near the project search and report controls.
The assistant entry point is:
/app/assistant
From there, a user can run a security readiness brief for a crypto project. If the assistant has enough project context, it can also hand off into the dedicated readiness route.
This flow keeps the conversation and the report surface connected:
- Ask the assistant to prepare a security readiness brief.
- Review the generated evidence gaps and next actions.
- Open the readiness report route for the same project.
- Copy the report link or handoff summary for a reviewer.
Reviewer Packet
The readiness route includes a reviewer packet block for situations where the next step is an external review conversation.
The packet is intentionally scoped:
- Scope - pre-audit readiness review based on the current Vartovii project evidence.
- Evidence - Trust Score, project stage, visible signals, source gaps, and missing proof.
- Required reviewer inputs - verified contract/source links, audit scope, remediation status, admin-control evidence, disclosure contact, and incident-response ownership.
- Boundary - the packet is not a formal smart contract audit, investment advice, legal advice, or a guarantee that vulnerabilities do not exist.
Use the copy control when you need to send a concise review packet to a founder, investor, partner, or security reviewer without exporting a PDF.
What It Does Not Do
The readiness route does not:
- perform a formal smart contract audit
- verify every contract or deployment address
- guarantee that a project is secure
- provide investment, legal, tax, or incident-response advice
- replace a professional auditor, counsel, or due-diligence team
It is a structured readiness layer based on available Vartovii data and visible source evidence.
Good Readiness Inputs
A stronger readiness report usually needs:
- project name, slug, and ticker
- canonical website and social links
- verified contract or deployment addresses
- official audit links or public security documentation
- current tokenomics or unlock documentation
- fundraising or backer context where relevant
- public source evidence that can be reviewed again later
If these inputs are missing, the report should make the gap visible instead of filling it with inferred certainty.