feat: add Claude integration as alternative to OpenAI Codex

[susumutomita]

Summary

Add a new detector that uses Claude (via Claude Code CLI or Anthropic API) to analyze Solidity smart contracts for vulnerabilities.

• Claude Code CLI integration (free for MAX subscribers)
• Anthropic API fallback for programmatic access
• Configurable model selection (opus, sonnet, haiku)
• Per-contract and all-contracts analysis modes
• Optional logging of Claude's analysis

Usage

# Using Claude Code CLI (recommended)
slither . --detect claude --claude-use-code

# Using Anthropic API
ANTHROPIC_API_KEY=sk-... slither . --detect claude

Changes

• slither/detectors/functions/claude.py: Main detector implementation
• slither/utils/claude.py: Utility functions for Claude integration
• slither/__main__.py: Added Claude parser initialization
• slither/slither.py: Added Claude configuration attributes
• slither/utils/command_line.py: Added Claude default options
• slither/detectors/all_detectors.py: Added Claude detector import
• docs/src/detectors/Detector-Documentation.md: Documentation
• tests/unit/utils/test_claude.py: Unit tests with mocking

Test plan

• Unit tests pass (10 tests)
• Lint passes (10.00/10)
• Manual testing: detector finds reentrancy and access control issues in test contract

Note: E2E tests are not included as this detector requires external API calls which are non-deterministic and need credentials. This is consistent with the existing Codex detector which also lacks e2e tests.

[CLAassistant]

All committers have signed the CLA.

[smonicas]

Hi, thanks for the PR, however we think that using an LLM to find vulnerabilities with a simple prompt is not the way to go for Slither at least at the moment. We are also removing the codex detector #2853

[susumutomita]

Thank you for reviewing and for the feedback. I understand that relying on an LLM with a simple prompt to find vulnerabilities is not aligned with Slither’s current direction, and that the Codex detector is being removed.

This PR was intended as an optional, auxiliary feature—not a replacement for static analysis—aimed at supporting tasks like explaining findings and assisting with triaging potential false positives. That said, I respect the decision to close given the project’s current priorities.

If, in the future, integration is reconsidered in a limited scope, I’d be happy to help draft a specification or prototype along lines such as:

• Reproducibility via structured prompts and outputs (e.g., JSON)
• Using rule‑based detections as inputs to generate explanations or reduce false positives
• A mock layer and offline testing strategy that avoids external API dependencies

Thanks again for the guidance. I can keep the branch and experimental code available if that’s useful.