All versions
v0.4.0Outdated — latest is v1.1.02026-05-19

Credits Pricing, Aleo & Plonky3 Coverage, Better Reports

A credits-based scan budget you control, new Aleo/Leo and Plonky3 framework coverage, redesigned PDF-friendly reports, file coverage in the scan UI, and improved Circom scanning.

This release shifts how scans are billed (you set a credit budget at launch time and we cap your bill at what you chose), expands coverage to Aleo/Leo and Plonky3 circuits, redesigns the scan report, surfaces file coverage in the scan UI, adds scan counters to the project dashboard, gives you finer control over notifications, and improves Circom scanning.

Credits-based pricing

Scans are now billed in credits, with a budget you set upfront and a bill capped at what you chose.

  • Pick a budget at launch: the scan launch page has a credit slider from 100 up to 100,000 credits, plus a manual entry box. The last value you picked is remembered per project, and the page surfaces a hint to bump the cap when past scans have run close to or over their budget.
  • We absorb overruns: if a scan ends up costing more than your budget, you are not charged for the overage. The scan page shows an "On the house" message for the amount we covered.
  • See where each credit went: the scan page includes a Credit Budget card with total budget, total spent, percentage used, a per-flow breakdown of which parts of the scan are expensive, and a hint when you used most of your budget.
  • Monthly refill on subscription: Pro and Max plans deposit credits into your project's balance every billing cycle (35,000/month on Pro, 60,000/month on Max). Unused credits roll over and pool with anything you've bought in bundles.
  • Credit bundles: the Add Credits dialog on the project Plan page offers bundles (1,000 / 2,500 / 5,000 / 10,000 credits) instead of fixed scan packs. Credits never expire.
  • Reserved credits: the Plan page shows reserved credits broken out from your balance so you know exactly what is available for new scans.

Choose your scan type

When more than one scan is available, the launch page lets you pick which one to run from a Scan type selector, and remembers your choice per project. Each scan can require its own minimum credit budget.

New Framework Coverage: Aleo/Leo and Plonky3

We are expanding the set of zero-knowledge frameworks we can scan:

  • Aleo / Leo: zkao can now analyze Aleo programs written in Leo, including the compiled Aleo instructions in build/. Leo code blocks in findings also render with proper syntax highlighting in reports.
  • Plonky3 AIR: zkao can now audit Plonky3 AIR circuits.

These join existing coverage for Circom, gnark, and Jellyfish.

Redesigned Scan Reports

Scan reports have a refreshed layout designed to read well on screen and print cleanly to PDF:

  • Section table of contents with back-to-top links
  • zkao branding in the header, with the CLI version that produced the report
  • Print-friendly styles for clean PDF export
  • Agent Activity section now groups steps by flow and shows them in the correct order

File Coverage in the Scan UI

The scan page now shows which files were analyzed during a scan. A new coverage panel lists files with coverage badges and a collapsible tree view, so you can quickly see what was covered and what was skipped.

Project Dashboard Improvements

Each repository card on the project dashboard now shows a "scans on HEAD" counter, making it easy to tell at a glance which repos already have analysis on their latest commit.

Notification Preferences

You can now filter notifications by scan ownership, so you only get emailed about the scans you actually care about (your own scans, scans on your projects, or all scans).

Circom Scanning Improvements

Improved triaging of Circom findings for more accurate severity classification. Enhanced codebase navigation so the scanner can follow cross-file references and identify deeper bugs.

README Badge

Projects on paid plans can now embed a "zkao | monitored" badge in their GitHub README. The badge is available from the project dashboard and comes with copyable Markdown and HTML snippets. Free plan projects do not display the badge.

Other Changes

  • The scan page now groups findings by triage outcome: confirmed findings lead the list, with skipped and false-positive findings collected into their own sections at the end
  • Removed the auto-scan feature: scans are now always started explicitly from the launch page
  • Scan presets renamed for clarity: the standard scan is now ZKAO Pro and the continuous deep scan is ZKAO Max
  • Scan result emails now sort findings by severity, so the most important issues are at the top
  • The activity log now records project role changes, and stops double-logging when an invitation is accepted
  • Cancelling a scan now cleanly cancels any in-flight flow executions
  • Reliability improvements across long-running analysis runs (browser pooling, inactivity watchdog, depth-aware concurrency)