> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sudont.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# The Mythos Threat

> LLMs cannot simulate a zero-day. Why autonomous agents need a bare-metal execution firewall — and how Sudont neutralises Mythos-class attacks before value moves.

## The Mythos Threat

Sudont is a drop-in RPC endpoint any autonomous agent can adopt without integration changes. It
simulates each transaction's real economic outcome locally and blocks losses before the chain
sees them. Autonomous agents are about to run a generation of capital, and a machine-speed
trader without a machine-speed risk engine is a liability — that is the category Sudont fills.

Prompt-level safety is a decaying problem. Every model generation gets better at refusing
obviously malicious instructions, and every generation less of the residual risk lives in the
prompt. Execution-physics risk is persistent. MEV sandwiches, adversarial PDAs, and stale-state
reverts do not decay with better prompting — they are properties of the chain, not properties
of the agent's language. Sudont operates on the side of that equation that does not go away.

LLMs cannot simulate a zero-day. They hallucinate plausible-looking trades, rationalise smart
contract trapdoors as legitimate routing, and walk autonomous swarms straight into malicious PDA
drains, MEV sandwiches, and adversarial state transitions. The threat is not misaligned prose — it
is **execution physics**. The chain has a different reality than the model's training distribution.

Current guardrails focus on *destinations*:

* Is this smart contract approved?
* Is this wallet allowed?
* Is this dApp on the allowlist?

But **approved destination ≠ safe outcome**.

<Warning>
  **What current systems miss.** Between the moment an agent *plans* a transaction and the moment
  it lands on-chain, the world moves. Price shifts. Liquidity dries up. Pending state invalidates
  earlier assumptions. The agent had a plan. The chain had a different reality. That gap is the
  Mythos threat.
</Warning>

Generic simulation tells you whether a transaction *reverts*. It does not tell you:

* Whether slippage exceeded your mathematical bounds
* Whether price impact was within acceptable bounds
* Whether the actual token amounts match what the agent expected
* Whether the route exposed you to sandwich risk or a malicious PDA drain

That gap is fatal for autonomous trading swarms.

***

## Why LLM-Based Defences Fail

No amount of prompt-level verification can catch a zero-day in EVM or SVM execution semantics.
A model inference is not a state machine — it cannot compute the exact mathematical State-Diff of
a pool, an approval, or a cross-program invocation. Sudont's answer is to remove the model from
the hot path entirely.

<CardGroup cols={2}>
  <Card title="Blind Trust" icon="eye-slash">
    Swarms must either trust the chain state blindly or halt execution entirely. No middle ground.
  </Card>

  <Card title="External Risk Controls" icon="triangle-exclamation">
    Risk controls live outside the execution path — they can't intervene before value moves.
  </Card>

  <Card title="Opaque Reverts" icon="circle-xmark">
    Revert bytes don't help agentic ReAct loops recover gracefully. No structured diagnostics.
  </Card>

  <Card title="Post-Hoc Validation" icon="clock-rotate-left">
    Economic outcomes are validated after the fact, if at all. By then the damage is done.
  </Card>
</CardGroup>

***

## How Sudont Solves This

Sudont is a **bare-metal execution firewall**. It sits as a drop-in dual-engine RPC proxy between
the swarm and the chain. Every transaction is dropped into a local LiteSVM or revm memory sandbox
before it hits the wire. No LLMs in the hot path — just execution physics.

<Steps>
  <Step title="Canonicalise Intent" icon="brain">
    The Cortex parses the raw transaction into a `CanonicalIntent`. The Constitution provides the
    compiled policy snapshot. Deterministic parsing, no LLMs.
  </Step>

  <Step title="Simulate Physics" icon="bolt">
    The Cage drops the transaction into a local `revm` (EVM) or `LiteSVM` (SVM) memory sandbox and
    computes the exact mathematical State-Diff of the market before it hits the chain.
  </Step>

  <Step title="Enforce Mathematical Bounds" icon="scale-balanced">
    The Judge compares the simulated State-Diff against Constitution rules. Slippage, price impact,
    allowlists, approval limits — all checked against pre-compiled bounds.
  </Step>

  <Step title="Return Verdict" icon="stamp">
    ALLOW with an EIP-191 signed attestation, or BLOCK with a deterministic JSON ReAct error payload
    that the swarm can consume directly — no prose, no ambiguity.
  </Step>
</Steps>

The result is a system that evaluates **outcomes**, not just destinations.

***

## Shield, Not Sword

<Note>
  Sudont's MVP is the **Shield**: a bare-metal execution firewall that protects swarms from acting
  on stale or adversarial state. It is not a strategy optimizer or route searcher.
</Note>

The Shield includes:

| Crate                 | Purpose                                              |
| --------------------- | ---------------------------------------------------- |
| `sudont-constitution` | AOT-compiled policy enforcement                      |
| `sudont-cortex`       | Canonical intent normalisation from raw transactions |
| `sudont-cage`         | Bare-metal EVM simulation via `revm`                 |
| `sudont-cage-svm`     | Bare-metal SVM simulation via `LiteSVM`              |
| `sudont-judge`        | Verdict engine with deterministic JSON ReAct errors  |
| `sudont-rpc`          | Drop-in dual-engine RPC proxy                        |

<Accordion title="Custom RPC Methods">
  Sudont exposes standard JSON-RPC compatibility plus Sudont-specific diagnosis methods:

  | Method                          | Purpose                                                                                     |
  | ------------------------------- | ------------------------------------------------------------------------------------------- |
  | `sudont_getCapabilities`        | List supported chains and protocols                                                         |
  | `sudont_getHealth`              | Liveness probe and operator status                                                          |
  | `sudont_getPolicySnapshot`      | Read current Constitution rules                                                             |
  | `sudont_diagnoseRawTransaction` | DIAGNOSE-only path: decode, simulate, and judge a base64 SVM transaction without forwarding |
  | `sudont_getSolanaContext`       | Solana RPC URL, operator pubkey, and operator balance                                       |
  | `sudont_optimizeSwap`           | Off-hot-path planning endpoint that searches for a policy-safe swap construction            |

  Blocked transactions return structured error payloads with stable reason codes:
  `SUDONT_SLIPPAGE_EXCEEDED`, `SUDONT_PRICE_IMPACT_EXCEEDED`, `SUDONT_POLICY_DENY`,
  `SUDONT_UNAUTHORIZED_RECIPIENT`, and more.
</Accordion>

***

<CardGroup cols={2}>
  <Card title="The Diamond Architecture" icon="gem" href="/architecture/the-diamond">
    Learn how Constitution, Cortex, Cage, and Judge form a deterministic four-node pipeline.
  </Card>

  <Card title="Drop-in RPC Integration" icon="terminal" href="/quickstart">
    Point your standard Web3 libraries at Sudont. Two lines of config, full firewall coverage.
  </Card>
</CardGroup>
