SafeLens

Offline transaction verifier for Safe multisig wallets with ERC-7730 clear signing.

Generator · Desktop App · CLI

What it does

SafeLens generates and verifies evidence packages for Gnosis Safe multisig transactions. Paste a Safe transaction URL into the generator, download the evidence.json, then verify signatures and hashes offline using the desktop app or CLI.

• Generate an evidence.json package from any Safe transaction URL
• Verify signatures, hashes, enriched proofs, and local transaction replay checks with zero network access
• Clear signing via built-in and ERC-7730 interpreters for human-readable transaction details
• Consensus checks via embedded Helios verifier for beacon-mode consensus proofs

Trust model

The desktop verifier ships with a CSP that restricts connect-src to Tauri IPC only (ipc: http://ipc.localhost), with no external network origins and no shell-open capability. It cannot make network requests during verification. All crypto runs locally using bundled libraries. See TRUST_ASSUMPTIONS.md for the full model.

Independent verification stack

SafeLens is one verifier in a multi-tool workflow, not a single source of truth.

• Tool 1: Independent Safe hash verifiers (for example safe-tx-hashes-util) validate digest expectations.
• Tool 2: Hardware wallet screen validates the hash shown at signing time.
• Tool 3: Foundry or local node simulation validates execution expectations.
• Tool 4: SafeLens validates offline package integrity, signatures, and optional proofs.

For high-value operations, use at least two independent tools and compare outputs.

Project docs

• Security policy: SECURITY.md
• Contributing guidelines: CONTRIBUTING.md
• Build verification: VERIFY.md
• Release integrity checks: RELEASE_INTEGRITY.md
• Auditor packet: docs/audit/AUDITOR_PACKET.md

Architecture and runbooks

• Dependency audit: DEPENDENCIES.md
• Docs index: docs/README.md
• Interpreter precedence contract: docs/architecture/interpretation-precedence.md
• Verification source contract: docs/architecture/verification-source-contract.md
• On-chain verification UI contract: docs/architecture/onchain-verification-ui.md
• ERC-7730 bundle update runbook: docs/runbooks/erc7730-bundle-update.md
• Simulation replay benchmark runbook: docs/runbooks/simulation-replay-benchmark.md

Verification coverage

• self-verified: Safe tx hash recomputation and supported signature recovery.
• proof-verified: on-chain Safe policy proof verification (eth_getProof artifacts).
• rpc-sourced (simulation): local replay can validate consistency against witness inputs, but replay world-state accounts are not yet fully state-root proven.
• consensus-verified-beacon: beacon consensus proofs verified by desktop via Helios.
• consensus-verified-opstack / consensus-verified-linea: deterministic envelope checks with explicit non-equivalence to beacon light-client finality.

The generator/CLI can attach optional onchainPolicyProof, simulation, and consensusProof sections. Desktop/CLI verify consume these sections when present.

Simulation replay note: witness-only replay currently supports CALL (operation=0) paths. DELEGATECALL (operation=1) packages remain partial and keep packaged simulation effects.

Desktop vs CLI

• Desktop: full verification path, including local simulation replay (revm) and consensus-proof verification.
• CLI: verifies hashes/signatures/proofs from the package, but does not run the desktop replay/consensus verifier path.

Replay benchmark

Run the desktop replay benchmark harness (manual/ignored test) to capture p50/p95 latency:

cargo test --manifest-path apps/desktop/src-tauri/Cargo.toml benchmark_replay_latency_profiles -- --ignored --nocapture

See docs/runbooks/simulation-replay-benchmark.md for interpretation guidance.

Quick start

Generate an evidence package at safelens.lfg.rs, or via CLI:

bun --cwd packages/cli dev analyze "https://app.safe.global/transactions/tx?..." --out evidence.json

Verify offline:

bun --cwd packages/cli dev verify --file evidence.json

Screenshots

Desktop App

Transaction Details

ERC-7730 Clear Signing Interpreters

CLI

Transaction Interpretation

Verification

Generator

Evidence Package

Development

Project structure, setup, and build instructions

Structure

Path	Description
apps/generator	Next.js webapp, creates and exports evidence.json
apps/desktop	Tauri + Vite desktop app, verifies evidence offline
packages/core	Shared validation, hashing, signature verification, warnings
packages/cli	CLI wrapper over core logic

Setup

Requires Bun.

bun install

Run

bun run dev          # generator at localhost:3000
bun run dev:tauri    # desktop app (full Tauri shell)
bun run dev:desktop  # desktop frontend only (no Tauri)

Build

bun run build        # generator + desktop frontend assets
bun run build:tauri  # full desktop distributable

CI Parity Check

bun run verify:ci    # lint + type-check + JS tests + Rust fmt/clippy/tests + build

Settings

Settings are JSON (address book and contract registry).

• CLI: ~/.safelens/settings.json
• Desktop: app data folder

bun --cwd packages/cli dev settings init   # initialize settings
bun --cwd packages/cli dev sources         # show verification sources

Generator environment flags:

• NEXT_PUBLIC_ENABLE_LINEA_CONSENSUS=1 enables experimental Linea consensus envelope generation in apps/generator.
• Default behavior leaves this disabled, emitting explicit partial-support reasons in package export metadata.

Cleanup

rm -rf apps/generator/.next apps/desktop/src-tauri/target apps/desktop/src-tauri/.tauri apps/desktop/src-tauri/Cargo.lock .opencode