Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sudont.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Most firewalls do one thing: block. Sudont does something fundamentally different — when a transaction is fatal, it fires a deterministic JSON ReAct error straight back into the swarm’s reasoning loop.
The swarm does not read prose. It reads a stable rule_id, a machine-readable simulated_reality, and an actionable_feedback token. The firewall stays out of the agent’s reasoning; the agent stays out of the firewall’s physics.
The Judge blocks the trade. The RPC proxy returns a structured JSON-RPC error. The swarm’s agentic ReAct loop consumes the payload, recalculates its route, and resubmits. No human prose is generated, parsed, or trusted anywhere in the hot path.

The Four Verdicts

Every transaction that passes through the Diamond receives one of four verdicts from the Judge:
VerdictTriggerOutcome
ALLOWCanonical intent matches State-Diff, within Constitution boundsEIP-191 signed approval artifact
DENYState-Diff violates bounds, or Constitution hard-violatedDeterministic JSON ReAct error
INTERROGATEMedium-risk signal detectedJSON ReAct error — swarm recalculates
DIAGNOSEDiagnosis-only request (no forwarding)Full diagnosis envelope; never broadcasts
INTERROGATE is not a soft block. It is an active signal to the swarm’s ReAct loop. The Judge does not wait — it immediately emits a deterministic JSON error and the RPC proxy returns it inline with the failed call.

The Feedback Loop

Swarm Submits Request

The autonomous agent submits a transaction or approval request through the Sudont drop-in RPC proxy.

Diamond Pipeline Evaluates

The request passes through Constitution → Cortex/Cage → Judge. The Judge identifies a fatal violation or a medium-risk signal and emits a verdict.

Judge Emits JSON ReAct Error

The payload carries a stable rule_id, the simulated_reality observed in the sandbox, and an actionable_feedback token the swarm consumes directly. Examples:
  • rule_id: "MAX_SLIPPAGE_EXCEEDED", actionable_feedback: "RECALCULATE_ROUTE_OR_SIZE"
  • rule_id: "UNLISTED_DESTINATION", actionable_feedback: "PROVIDE_ALLOWLISTED_ADDRESS"

Swarm Recalculates

The agentic ReAct loop reads the token, adjusts its parameters, and resubmits with a new route or size. No prose parsing required.

Verification

The resubmitted transaction re-enters the Diamond. If compliant, it is approved and signed. If not, a fresh JSON error is emitted — each block is self-contained and terminal for its own attempt.

When the Firewall Fires

The Cortex enriches every transaction with computed flags before the Judge evaluates it. The Judge queries the Constitution’s compiled policy rules to classify risk.
SignalWhy It’s Fatal
Unbounded token approval (MAX_UINT256)Swarm may be granting unbounded access to a spender
Unverified spender addressConstitution does not recognise the counterparty
Non-allowlisted contract destinationSwarm may be interacting with an unknown protocol
Malicious PDA drain in simulated State-DiffBare-metal simulation caught a trapdoor the LLM missed
These signals are defined in the compiled policy rules alongside the allow/deny logic — not hardcoded in code. Adding a new risk heuristic is a policy change, not a code change.

JSON ReAct Error Payload

Every block ships a stable JSON-RPC error. The swarm parses exactly one structure — it never encounters prose, suggestions, or ambiguity.
Deterministic JSON ReAct Error
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32010,
    "message": "Sudont policy violation",
    "data": {
      "sudont": {
        "violations": [
          {
            "rule_id": "MAX_SLIPPAGE_EXCEEDED",
            "simulated_reality": "99.9% loss due to malicious PDA drain",
            "actionable_feedback": "RECALCULATE_ROUTE_OR_SIZE"
          }
        ],
        "latency_us": 122
      }
    }
  }
}
See ReAct Error Payload for the full schema, every rule_id, and the full set of actionable_feedback tokens.

What the Firewall Cannot Do

The Judge is deliberately constrained:

Cannot Generate Prose

Sudont never emits natural-language explanations in the hot path. Every block is a stable token.

Cannot Sign

Only the approval path produces a signed artefact. Blocked transactions never touch the keystore.

Cannot Modify Policy

The Constitution’s bounds are read-only during evaluation. Policy is immutable mid-flow.

Cannot Loop Indefinitely

Each submission is evaluated once. Resubmissions are fresh transactions — no implicit retry.

Drop-in RPC Integration

Point your standard Web3 libraries at Sudont and consume the JSON ReAct errors directly in your agentic ReAct loop — no custom SDK required.