The Diamond Architecture

Overview

Sudont enforces a four-node decision architecture called The Diamond. Every transaction an AI agent wants to execute must pass through all four nodes before any value moves on-chain.

          "Intent + Physics + Policy = Verdict"

                  ┌───────────────────────┐
                  │   THE CONSTITUTION    │  ← Layer 1: THE LAW
                  │   user-defined policy │
                  └───────────┬───────────┘
                              │
               ┌──────────────┴──────────────┐
               │                             │
        ┌──────▼──────┐               ┌──────▼──────┐
        │ THE CORTEX  │               │  THE CAGE   │  ← Layer 2: THE BODY
        │ intent      │               │  physics    │
        │ extraction  │               │  simulation │
        └──────┬──────┘               └──────┬──────┘
               │                             │
               └──────────────┬──────────────┘
                              │
                  ┌───────────▼───────────┐
                  │     THE JUDGE         │  ← Layer 3: THE VERDICT
                  │  ALLOW · DENY         │
                  │  DIAGNOSE_ONLY        │
                  └───────────────────────┘

The Diamond is a fan-out / fan-in shape: it fans out from a single policy source (Constitution) into two parallel verification paths (Cortex and Cage), then converges at a single verdict (Judge). No single node can approve or reject alone.

The Judge requires both the Cortex’s intent analysis and the Cage’s simulation results to produce any verdict. When the Judge returns an INTERROGATE verdict, the flow loops back through the Cortex for a structured challenge round. See The Interrogation Protocol.

The Triangle of Truth

The Diamond enforces what we call the Triangle of Truth — a transaction is only approved when all three vertices align.

Intent

What the agent claims it wants to do — extracted by the Cortex. Deterministic, no LLM.

Physics

What would actually happen on-chain right now — computed by the Cage via revm or LiteSVM.

Policy

What the operator has defined as acceptable — enforced by the Constitution. JSON/YAML authored.

The Four Layers

Layer 1: The Constitution — THE LAW

“The law that governs what is acceptable before a transaction leaves the system.”

Rust crate: sudont-constitutionThe Constitution is the top of the Diamond. It defines rules that every transaction is evaluated against. Operators author policy in JSON or YAML; the Constitution compiles this into an immutable policy object used throughout the hot path.

Constitution Policy Fields

Field	Purpose
`chain_allowlist`	Permitted chain IDs
`protocol_allowlist`	Permitted protocol identifiers (e.g. `uniswap_v3`, `aerodrome`)
`target_allowlist`	Permitted router/contract addresses
`token_allowlist` / `token_denylist`	Per-token permissions
`max_trade_size`	Absolute size cap in base units
`max_slippage_bps`	Slippage tolerance in basis points
`max_price_impact_bps`	Price impact cap
`min_liquidity`	Minimum pool liquidity threshold
`private_route_required`	Force private mempool egress
`fail_closed`	Reject any transaction with uncertain state

The PolicySnapshot struct in sudont-types captures the compiled policy at a point in time. All policy decisions are deterministic and auditable.

Layer 2a: The Cortex — INTENT

“Intent normalization — what is the agent actually trying to do?”

Rust crate: sudont-cortexThe Cortex parses raw signed transactions, unsigned tx requests, and typed trade requests, then normalizes them into a CanonicalIntent.

CanonicalIntent

pub struct CanonicalIntent {
    pub vm_type: VmType,       // Evm or Svm — routes to the correct Cage
    pub from: Address,
    pub to: Option<Address>,
    pub value: U256,
    pub data: Bytes,
    pub nonce: u64,
    pub gas_limit: u64,
    // Swap-specific (optional)
    pub token_in: Option<Address>,
    pub token_out: Option<Address>,
    pub amount: Option<U256>,
    pub slippage_bps: Option<U256>,
}

The Cortex is deterministic — no LLM is in the hot path. Unknown fields are preserved as explicit nulls; the Cortex never hallucinates intent it cannot infer.

Layer 2b: The Cage — PHYSICS

“Deterministic physics — what would actually happen if this transaction executed now?”

Rust crates: sudont-cage (EVM), sudont-cage-svm (SVM)The Cage simulates the exact on-chain execution of the transaction against current state. Both cages implement the SimulationEngine trait:

SimulationEngine Trait

pub trait SimulationEngine: Send + Sync {
    fn simulate(&self, intent: &CanonicalIntent) -> Result<SimOutcome, String>;
}

SimOutcome

pub struct SimOutcome {
    pub success: bool,
    pub exit_reason: String,
    pub logs: Vec<SimLog>,
    pub asset_changes: Vec<AssetChange>,
    pub state_diff: Vec<StateDiff>,
}

This unified interface allows the Judge to work identically regardless of VM type.

Layer 3: The Judge — VERDICT

“The verdict engine — does intent match physics, and does physics satisfy policy?”

Rust crate: sudont-judgeThe Judge receives the CanonicalIntent from Cortex, the SimOutcome from Cage, and the compiled PolicySnapshot from Constitution, then produces one of three verdicts:

Verdict	When	Output
APPROVE	Intent matches physics, within Constitution limits	EIP-191 signed `ExecutionAttestation`
BLOCK	Intent ≠ physics, or Constitution hard-violated	Stable reason code + human-readable headline
INTERROGATE	Medium-risk signal detected	Loops back to Cortex for challenge round

Verdict Enum

pub enum Verdict {
    Approved(ExecutionAttestation),
    Rejected(ReasonCode),
    Vetoed(String),
}

Reason codes are stable and machine-readable: SUDONT_SLIPPAGE_EXCEEDED, SUDONT_PRICE_IMPACT_EXCEEDED, SUDONT_POLICY_DENY, SUDONT_UNSUPPORTED_TARGET, SUDONT_UNKNOWN_STATE, SUDONT_INTENT_OUTCOME_MISMATCH.

The Interrogation Loop

When the Judge returns INTERROGATE, the Diamond’s linear flow becomes a loop:

Judge → INTERROGATE → Cortex (challenge) → Agent (self-correct) → Diamond (re-enter) → Judge

The Cortex issues a structured, actionable challenge. The agent self-corrects and resubmits. If the correction satisfies the Constitution, the Judge approves. If not, the block is final. Every challenge round produces an immutable adversarial record.

See The Interrogation Protocol for the complete flow, trigger conditions, and audit schema.

Overview

Architecture

​Overview

​The Triangle of Truth

Intent

Physics

Policy

​The Four Layers

​The Interrogation Loop

Overview

The Triangle of Truth

The Four Layers

The Interrogation Loop