Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sudont.xyz/llms.txt

Use this file to discover all available pages before exploring further.

The Mythos Threat

Sudont is a drop-in RPC endpoint any autonomous agent can adopt without integration changes. It simulates each transaction’s real economic outcome locally and blocks losses before the chain sees them. Autonomous agents are about to run a generation of capital, and a machine-speed trader without a machine-speed risk engine is a liability — that is the category Sudont fills. Prompt-level safety is a decaying problem. Every model generation gets better at refusing obviously malicious instructions, and every generation less of the residual risk lives in the prompt. Execution-physics risk is persistent. MEV sandwiches, adversarial PDAs, and stale-state reverts do not decay with better prompting — they are properties of the chain, not properties of the agent’s language. Sudont operates on the side of that equation that does not go away. LLMs cannot simulate a zero-day. They hallucinate plausible-looking trades, rationalise smart contract trapdoors as legitimate routing, and walk autonomous swarms straight into malicious PDA drains, MEV sandwiches, and adversarial state transitions. The threat is not misaligned prose — it is execution physics. The chain has a different reality than the model’s training distribution. Current guardrails focus on destinations:
  • Is this smart contract approved?
  • Is this wallet allowed?
  • Is this dApp on the allowlist?
But approved destination ≠ safe outcome.
What current systems miss. Between the moment an agent plans a transaction and the moment it lands on-chain, the world moves. Price shifts. Liquidity dries up. Pending state invalidates earlier assumptions. The agent had a plan. The chain had a different reality. That gap is the Mythos threat.
Generic simulation tells you whether a transaction reverts. It does not tell you:
  • Whether slippage exceeded your mathematical bounds
  • Whether price impact was within acceptable bounds
  • Whether the actual token amounts match what the agent expected
  • Whether the route exposed you to sandwich risk or a malicious PDA drain
That gap is fatal for autonomous trading swarms.

Why LLM-Based Defences Fail

No amount of prompt-level verification can catch a zero-day in EVM or SVM execution semantics. A model inference is not a state machine — it cannot compute the exact mathematical State-Diff of a pool, an approval, or a cross-program invocation. Sudont’s answer is to remove the model from the hot path entirely.

Blind Trust

Swarms must either trust the chain state blindly or halt execution entirely. No middle ground.

External Risk Controls

Risk controls live outside the execution path — they can’t intervene before value moves.

Opaque Reverts

Revert bytes don’t help agentic ReAct loops recover gracefully. No structured diagnostics.

Post-Hoc Validation

Economic outcomes are validated after the fact, if at all. By then the damage is done.

How Sudont Solves This

Sudont is a bare-metal execution firewall. It sits as a drop-in dual-engine RPC proxy between the swarm and the chain. Every transaction is dropped into a local LiteSVM or revm memory sandbox before it hits the wire. No LLMs in the hot path — just execution physics.

Canonicalise Intent

The Cortex parses the raw transaction into a CanonicalIntent. The Constitution provides the compiled policy snapshot. Deterministic parsing, no LLMs.

Simulate Physics

The Cage drops the transaction into a local revm (EVM) or LiteSVM (SVM) memory sandbox and computes the exact mathematical State-Diff of the market before it hits the chain.

Enforce Mathematical Bounds

The Judge compares the simulated State-Diff against Constitution rules. Slippage, price impact, allowlists, approval limits — all checked against pre-compiled bounds.

Return Verdict

ALLOW with an EIP-191 signed attestation, or BLOCK with a deterministic JSON ReAct error payload that the swarm can consume directly — no prose, no ambiguity.
The result is a system that evaluates outcomes, not just destinations.

Shield, Not Sword

Sudont’s MVP is the Shield: a bare-metal execution firewall that protects swarms from acting on stale or adversarial state. It is not a strategy optimizer or route searcher.
The Shield includes:
CratePurpose
sudont-constitutionAOT-compiled policy enforcement
sudont-cortexCanonical intent normalisation from raw transactions
sudont-cageBare-metal EVM simulation via revm
sudont-cage-svmBare-metal SVM simulation via LiteSVM
sudont-judgeVerdict engine with deterministic JSON ReAct errors
sudont-rpcDrop-in dual-engine RPC proxy
Sudont exposes standard JSON-RPC compatibility plus Sudont-specific diagnosis methods:
MethodPurpose
sudont_getCapabilitiesList supported chains and protocols
sudont_getHealthLiveness probe and operator status
sudont_getPolicySnapshotRead current Constitution rules
sudont_diagnoseRawTransactionDIAGNOSE-only path: decode, simulate, and judge a base64 SVM transaction without forwarding
sudont_getSolanaContextSolana RPC URL, operator pubkey, and operator balance
sudont_optimizeSwapOff-hot-path planning endpoint that searches for a policy-safe swap construction
Blocked transactions return structured error payloads with stable reason codes: SUDONT_SLIPPAGE_EXCEEDED, SUDONT_PRICE_IMPACT_EXCEEDED, SUDONT_POLICY_DENY, SUDONT_UNAUTHORIZED_RECIPIENT, and more.

The Diamond Architecture

Learn how Constitution, Cortex, Cage, and Judge form a deterministic four-node pipeline.

Drop-in RPC Integration

Point your standard Web3 libraries at Sudont. Two lines of config, full firewall coverage.