We asked Web3 developers using Sherlock AI in their day-to-day workflow which parts of the product they reach for most.
Here are 5 worth trying this week:
1. Full codebase runs when you need a baseline
Teams run a full codebase review before major releases or audits, then treat that run as the reference point. In the UI it’s simply repo → branch → commit hash → start run, so results stay pinned to a single build.
2. PR audits on every change
The most common setup we heard: connect Sherlock AI to your repos so it reviews PR diffs automatically (or on a subset of PRs). You get security feedback tied to the exact change set, plus a PR summary that calls out what changed and what to watch for.
3. File-scoped runs for fast iteration
When you’re working in a tight area (one module, adapter, vault, or router), teams pick specific files instead of scanning the whole repo. It keeps attention on the surface area you’re actively changing while still pulling in nearby context as needed.
4. One-click context presets + “Request Security Review” for final confidence
Teams that scale usage set up context presets (shared docs, links, checklists) so any dev can load the right context in one click for a run. For the final pass, they hit “Request Security Review” so a Sherlock security researcher who already has context on that codebase can weigh in, and the team can mark items valid/invalid with notes for internal tracking.
5. Use built-in tests + issue Q&A to close loops faster
A pattern we heard a lot: open an issue, read the reasoning, then use the generated edge-case tests as the fastest way to verify the behavior. When something isn’t clear, teams use the issue chat to ask for a deeper explanation in the same run context that produced the finding.
