Agent-native Solana security infrastructure for evaluating protocol and code risk before agents deploy, integrate, trade, or move capital.
Sealevel Guard is an Anchor-first Solana audit system designed for machine
consumers. Instead of producing only a human-readable report, it aims to return
a structured risk brief that upstream agents can use to allow, warn, deny, or
escalate an action.
Note
Current status: stage 1, local skill-native workflow.
The implemented path is program address or local path -> source resolution -> specialist review -> risk brief.
Solana agents can already execute.
They can ship code, integrate protocols, route capital, and call payment or data services. What they still lack is a native security judgment layer before they act.
Sealevel Guard is being designed to fill that gap for:
- deployment agents deciding whether code is safe enough to ship,
- integration agents deciding whether a program is safe enough to depend on,
- treasury agents deciding whether capital should flow into a protocol,
- trading agents deciding whether a venue or execution path is too risky.
The goal is to turn Solana security review into a machine-readable decision primitive.
Sealevel Guard currently exists as a local trust gate for Solana agents. The intended operator flow is:
- install or load the skill into a host runtime such as
Claude Code - point an agent at a Solana
program addressor local Anchor path - let the local runtime execute the review
- receive a structured risk brief and report
Today, the product is best understood as:
- an Anchor-first security judgment layer for Solana agents,
- a local review capability that can be invoked from agent runtimes,
- and a machine-readable risk brief generator for agent decisions.
If the local agent workflow proves out, Sealevel Guard can later expand into a hosted, agent-facing service layer built around:
Quick Scan- lightweight intake and coarse triage
Quoted Audit- quoted review jobs priced by codebase complexity and scope
Risk Brief- structured output for downstream agents and automated decisions
That is future product surface built on top of the current agent workflow.
The initial scope is intentionally narrow: Anchor-first Solana audit workflows.
Planned audit skill areas:
- access control,
- PDA integrity,
- account constraints,
- CPI risk,
- token and vault invariants,
- governance and upgradeability risk.
Sealevel Guard currently supports one implemented execution path:
program address or local Anchor repo -> source bundle -> specialist review -> risk brief
- Node.js 20 or newer
- network access to a Solana RPC endpoint and verified-build metadata
- Claude Code if you want to run the product as intended from a local host runtime
- optional: Codex CLI if you want to experiment with a Codex-backed specialist runtime
Install:
npx skills add NewmanXBT/sealevel-guardRun review:
/sealevel-guard:sealevel-guard-review <program_address_or_local_path>By default Sealevel Guard writes review artifacts under:
artifacts/reviews/<target>/resolution.jsonartifacts/reviews/<target>/bundle-manifest.jsonartifacts/reviews/<target>/specialist-findings.jsonartifacts/reviews/<target>/judged-risk-brief.jsonartifacts/reviews/<target>/report.md
See How To Use for the full operator flow and runtime notes.
The core artifact is intended to be agent-readable:
{
"target": "repo_or_program",
"risk_score": 71,
"recommendation": "deny",
"ship_blocker": true,
"findings": [
{
"skill": "cpi-risk",
"severity": "high",
"confidence": 0.84,
"title": "Unvalidated CPI target",
"evidence": ["programs/vault/src/lib.rs:118"]
}
]
}This repository currently contains the stage 1 product framing and current agent-facing implementation for the project:
Sealevel Guard is not a generic crypto chatbot, a chain-agnostic Rust scanner, or a thin pay-per-request x402 demo.
Right now it is a local trust gate for Solana agents and operators. Over time, it can become security clearing infrastructure for the Solana agent economy: a system agents call before they deploy code, integrate programs, or route funds.