// jelleo · agent-tooling exposure

press G then D again to dismiss
Hero · 3D network graph
three.js / WebGLRenderer · 27 nodes · k-NN edges raycaster.intersectObjects(nodes) · onPointerMove propagationEvent() · GPU instanced particles · spline traversal
Background
fragment shader · domain-warped fbm · ~32 lines GLSL gl.drawArrays(TRIANGLE_STRIP, 0, 4) · uTime uniform · 60fps
Live terminal
deterministic loop · 6 audit-pipeline scripts · 32-72ms/char requestAnimationFrame · DOM mutation budget <0.4ms/frame
Live data systems
tickCounters() — every 30-90s, ±1-3 delta · flash class streamFeed() — every 9-14s, splice top/bottom · F7 pinned
Scroll cinematic
gsap.registerPlugin(ScrollTrigger) · pin: true on .live-ops .pillar-card timeline.from() stagger:0.18 · ease:'power3.out'
3D parallax tilt
vanilla JS · pointermove · transform: perspective(1200px) rotateXY CSS variables --lx --ly · radial-gradient light follows cursor
Audio
WebAudio API · AudioContext · square+sine oscillators cursor-hover tick · scroll hum (60Hz drone)
Variable font
Inter VF · font-variation-settings 'wght' 700 → 820 letter-spacing snap · 320ms ease-out
$// preview · loading funded-state mock
$connecting to jelleo-cluster-3 · 12 nodes (Y1)
$subscribing to mainnet · attestation registry (Y1)
$27 protocols online · 14 active hunts (Y1 target)
Last attestation
Hunts (7d)
Disclosures
Statusmonitored · live
↩ esc · click outside
Year-1 target · 27 protocols · 24/7 cluster

The autonomous immune system for Solana DeFi.

The underwriting layer for Solana DeFi. The funded plan: continuous shadow audit across the top 27 Solana DeFi protocols, counterfactual mainnet detection within seconds of slot finality, cross-protocol bug-class propagation in minutes, closed-loop Kani-verified fix bundles, and an on-chain attestation registry — all designed to be consumed as a live signal by insurers, partner protocols, and STRIDE evaluators. Today: the v0.1 hunt loop that produced F7.

Open live demo dashboard Request integration How it works
Y1 cluster · preview
14 active hunts cross-protocol propagation: drift-class → kamino PROT-23 oracle-skew · disclosed median detection 23s · median PoC 9m 38 attestations · 24h window jelleo-cluster-3 · 12 nodes · healthy PROT-12 liquidation-race · embargo · maintainer notified 8,420 attestations on mainnet · cumulative 14 active hunts cross-protocol propagation: drift-class → kamino PROT-23 oracle-skew · disclosed median detection 23s · median PoC 9m 38 attestations · 24h window jelleo-cluster-3 · 12 nodes · healthy PROT-12 liquidation-race · embargo · maintainer notified 8,420 attestations on mainnet · cumulative
Year-1 funded-state targets · preview
0 Protocols Y1 target · top of Solana DeFi
$0B TVL under monitoring sum of Y1 covered protocols
0 Disclosures · Y1 cumulative 41 high/critical · 78 medium · 65 low/info
0 On-chain attestations · Y1 cum. Solana mainnet · queryable · composable
23s Median detection invariant violation → flag
9m Median PoC flag → compiled cargo test
47m Median fix bundle PoC → Kani-verified PR-ready
0 Embedded customers · Y1 protocols paying for live coverage
02 — Coverage · funded-state preview

27 protocols. Always on.

At Year-1 exit on the funded plan, every protocol below is under continuous shadow audit — every commit triggers a re-run, every mainnet transaction runs through counterfactual divergence detection. Coverage scales linearly with cluster nodes (12 active, 24 provisioned at Year-1 exit). Today: Percolator only — see top-of-page banner.

Mango v4perps · margin
Drift Protocolperps · vaults
Jupiter Aggregatorrouting
Jupiter Perpsperps · LP
Kamino Lendlending
Kamino LiquidityCLMM
MarginFilending · isolated
Solendlending
MarinadeLST
SanctumLST router
PhoenixCLOB
MeteoraDLMM · vaults
RaydiumAMM · CP
Orca WhirlpoolsCLMM
Pyth Networkoracle
Switchboardoracle
Wormholebridge
Squads Protocolmultisig
Save Financelending v2
Hubble ProtocolCDP
Drift Vaultsstrategies
Lulo Financeyield router
Voltrvault aggregator
Adrasteastructured
Texture FinanceP2P · leveraged staking
Percolatorperps · F7 origin
TensorNFT exchange
Onboarding queue · Q3 Cypher · Helium Mobile · Jito · Hawksight · Ratio · Adrena · Carrot · Loopscale · Parcl
03 — The Product

Four pillars. One adaptive loop.

Four pillars. One adaptive loop. Real-time detection feeds cross-protocol propagation; propagation feeds closed-loop fix delivery; fix delivery feeds the on-chain attestation registry. Every cycle compounds the catalog. Numbers below are Year-1-exit funded-state targets — see preview banner up top for today's scope.

P1
/ Pillar 01 — detection · 27 active · Y1

Counterfactual mainnet detection.

For every transaction hitting a covered protocol, a parallel simulation runs against attack-pattern instrumented forks. When counterfactual state diverges from actual, the platform flags the transaction in real time, before the attack chain finalizes. Y1 target: 23-second median from violation event to flagged disclosure. Catches operational and state-mutation classes that point-in-time audits structurally cannot detect.

Stack
RPC subscription LiteSVM forked-state attack-pattern lib divergence detector
P2
/ Pillar 02 — propagation · 41 events · Y1

Cross-protocol bug-class propagation.

When a bug is disclosed anywhere — Immunefi, public PR, advisory, or one of our own cycles — the platform auto-extracts the structural attack pattern and searches every indexed protocol for the same class. Y1 target: 6.2-minute median from disclosure to cross-protocol candidate list. F7's pattern is the inaugural test case; multi-protocol propagation is the funded-state delta.

Stack
disclosure feed ingest structural extractor vector embeddings cross-protocol search
P3
/ Pillar 03 — fix delivery · 12.3 PRs/wk · Y1

Closed-loop fix bundle.

Confirmed bug → agent generates a candidate fix → Kani harness proves the fix preserves the invariants in the bug's neighborhood → full test suite runs → bundle (bug + fix + proof + tests) opens as a single PR. Y1 target: 47-minute median from PoC to PR-ready bundle. Maintainers receive verified fix proposals, not raw findings. v0.1 status: synth-kani scaffold runs; end-to-end automated PR-bundling is the funded delta.

Stack
fix-gen prompt loop Kani synthesizer cargo test runner PR bundler
P4
/ Pillar 04 — attestation · 8,420 on mainnet · Y1

On-chain attestation registry.

Every audit cycle publishes a cryptographically-signed Merkle root attesting which invariants were verified at which commit SHA. Funded delta: the registry deploys to Solana mainnet at day-180 post-external-audit (Anchor program ~500 LOC); once live, it is queryable, composable, and other protocols — lending, insurance, bridges — can require attestation as a precondition for interaction. ~0.0007 SOL gas per cycle. Apache-2.0.

Stack
Anchor program Ed25519 signing Merkle indexer public query API
04 — Methodology · funded-state preview

The same loop. Running 24/7 (Y1).

Four steps. The same pipeline that produced F7 in April 2026 — funded-state target: continuous run across 27 protocols, every commit triggers a re-scan, every disclosure feeds the catalog, library compounds with every cycle. Today: v0.1 hunt loop, 125-hyp library, Percolator only.

/ Step 01

Invariant catalog

Y1 target: 3,180 falsifiable claims across 27 protocols. Each entry: target file, line range, severity, conservation property. Library compounds with every confirmed cycle. Today: 125 across Percolator.

/ Step 02

Tool-using verification

Each hypothesis dispatched to a Claude agent with read_file, grep, find_function. Agent walks code paths, renders line-cited verdict. Y1 target: ~22K dispatches/day across the 27-protocol cluster (blended tier mix; 847/protocol average).

/ Step 03

Empirical confirmation

Verdicts that need empirical proof escalate. Agent writes a custom cargo test against engine helpers, compiles, runs, classifies PASS/FAIL. 9-minute median.

/ Step 04

Sibling derivation

Every confirmed finding feeds back into the catalog. The platform extracts the structural attack pattern and auto-derives N sibling hypotheses targeting the same class through different code paths. F7 alone produced a 12-hypothesis sibling library on day one. The catalog compounds with every disclosure.

Technical reference

The full methodology — four pillars, hypothesis scoping schema, propagation engine, severity rubric, lifecycle state machine, attestation, reporting cadence — is published as a public reference document.

Read the full methodology
05 — Live operations · funded-state preview

What this looks like at scale.

Year-1-exit cluster snapshot — what funded Jelleo runs continuously. 14 active hunts dispatched across 27 protocols. 6 fix bundles in maintainer review. Median time from invariant violation to flagged disclosure: 23 seconds. Median time to a Kani-verified PR-ready bundle: 47 minutes. Today: 1 protocol (Percolator), F7 disclosed, 125-hyp library — see banner above.

Activity feed live · streaming verdicts from public manifest
Alert queue F7 disclosed · additional findings propagating
F7 · Percolator uninsured-loss-residual · self-dealing siphon HIGH · 7.5 closed unmerged · regression suite landed on main · ~1mo
▸ Y1 funded-state operating shape · preview
Cluster · Y1 jelleo-cluster-3 · 12 / 24 nodes
Uptime target 99.97% · 142d window
Hunts / day · Y1 · cluster ~22K blended (847/protocol avg · 1,204 peak)
Fix-bundle PRs · Y1 12.3 / week
Compute spend · Y1 ~$680K / month · cluster
Attestation gas ~0.0007 SOL / cycle
05.5 — Surveillance · funded-state preview

Watching the cluster type.

Preview of the agent stream from jelleo-cluster-3, node-07 — what node-07 looks like at Year-1 exit, with 12 of these terminals running in parallel across the cluster. The architecture exists today; the parallelism scales with funding.

jelleo-cluster-3 / node-07 · live
05.7 — Customer dashboard · funded-state preview

What customers see. Single-tenant view.

Operators see the cluster-wide view above. Customers see only their own protocol — findings tied to their codebase, attestations published for their commits, alert routing tuned to their team. Below is a funded-state preview of what the Percolator dashboard will look like — not a live customer engagement.

Percolator perpetual DEX · engine + BPF wrapper · preview
● PREVIEW · MOCKED SHA 5940285 · invariants 1,487 / 1,500 (Y1 target) · last scan 47s ago (mock)
F7 Residual-conservation / insurance-siphon closed unmerged · regression on main 12 mo
PERC-23 Cross-tx liquidation-race during cursor-wrap reset embargo · 30d 3 d
PERC-31 advance_profit_warmup overflow on synthetic high-vol path fix-bundle · in review 8 d
PERC-44 Funding-rate rounding inconsistent between settlement paths fix-bundle · in review 14 d
Invocation rate
1,500 /day
Open findings
7
1 H · 4 M · 1 L · 1 I
Attestations · 24h
38
on Solana mainnet
Engagement billing
$5 /LOC/yr
Continuous Audit · billed per line of code
Above is a slice. Full view shows: filterable findings feed · click-to-expand verdicts · 6-cycle attestation registry with tx links · alert routing config · auto-emailed signed PDF report library. Token-gated — try with token demo. Open the customer portal
06 — Disclosures · funded-state preview

Public ledger. 184 cycles at Year-1 exit.

Every confirmed finding lands here once embargo lifts. Anonymized while open; named once the fix is on main. F7 — the inaugural disclosure — sits at the bottom of the table. Additional findings are currently propagating through the chain; this ledger updates as embargos lift. The 184-cycle target is what the funded version produces by Year 1.

ID Class Severity Status Age
F7 · Percolator uninsured-loss-residual · self-dealing siphon HIGH · 7.5 closed unmerged · regression on main ~1mo
F7 disclosed against aeyakovenko/percolator-prog#39 · regression suite landed on main even though the patch closed unmerged. Additional findings propagating through the chain. Year-1 target: 184 cycles producing the disclosure stream above. Severity follows CVSS 3.1.
07 — Attestation registry · funded-state preview

Every cycle. On-chain. Forever.

An Anchor program on Solana mainnet stores a cryptographically-signed Merkle root for every audit cycle. Other protocols can require an attestation as a precondition for interaction — composable security at the program level. At Year-1 exit: 8,420 attestations published. Today: registry under build, mainnet deployment at day 180 post-external-audit.

// attestation tower · Y1 preview preview
slot 312,847,219 target mango-v4 @ 7a3fef2 invariants verified31 / 31 PASS merkle root 0xb39fd2c8…e1ad99 signer Ed25519 · 4c7e…a8f1 tx 5KqPv2…wM3rT8 →
0 Attestations published
0 Distinct invariant classes
0 Targets indexed
100% Open-source query API
Built on the deepest layer of
Anthropic Claude Solana SVM Kani Verifier LiteSVM Rust · Anchor cargo test Ed25519 signing systemd Anthropic Claude Solana SVM Kani Verifier LiteSVM Rust · Anchor cargo test Ed25519 signing systemd
08 — Where Jelleo fits

STRIDE certifies. Jelleo provides the artifacts.

Context: STRIDE · Solana Foundation + Asymmetric Research · April 6, 2026

STRIDE is the right ecosystem-wide framework.
Jelleo is designed for the smart-contract integrity pillar.

STRIDESolana Trust, Resilience and Infrastructure for DeFi Enterprises — replaces one-off audits with continuous, foundation-funded protection across eight security pillars, including smart-contract integrity. Tier 1 ($10M+ TVL) protocols receive ongoing opsec and active threat monitoring funded by Solana Foundation grants. Tier 2 ($100M+ TVL) protocols additionally receive funded formal verification. Launched in the wake of the Drift ~$285M exploit.

Jelleo is built for the smart-contract integrity pillar. STRIDE evaluates against the framework; Jelleo produces the artifacts that could be presented for evaluation: autonomous tool-using agents that read the actual source, render line-cited verdicts, write Rust PoC tests that compile and run against the engine, and emit on-chain attestations. Year-1 OKR is to open an artifact-recognition channel with STRIDE assessors — no formal partnership today.

STRIDE was launched alongside SIRN (Solana Incident Response Network) — Asymmetric Research, OtterSec, Neodyme, Squads, ZeroShadow — for real-time ecosystem crisis response. Jelleo is not a member of either program; cited here as ecosystem context.

09 — Inaugural disclosure

F7 — cycle one.

What started here

F7 was cycle one. April 2026. The same tool-using agent pipeline that — at Year-1 exit on this funded-state plan — runs continuously across 27 protocols was, then, dispatched against a single target: Percolator's mainnet engine. It identified a self-dealing insurance-siphon class — the use_insurance_buffer helper shrinks the insurance counter without debiting the vault, letting the haircut residual grow by exactly the absorbed amount. In a self-trade scenario with bilateral attacker-controlled legs, the K/F-winning side IS the attacker — the grown residual is claimed through the attacker's own winning leg.

What landed

The maintainer closed PR #39 without merging the proposed vault-debit fix. The chosen defense path uses the engine's existing protections — bounded dt, bounded price movement, exact solvency-envelope validation, and the A1 regression suite. On April 28, the disclosure was formally mapped to existing test coverage: tests/test_a1_siphon_regression.rs was relabeled "A1 / PR39-F7 self-dealing insurance-siphon regression tests" and committed to main as a1afd2e. Maintainer verification: 4/4 wrapper paths pass with insurance_drop = 0; Kani harness proof_junior_profit_backing satisfies 2/2 cover properties.

What this becomes (funded Year 1)

F7 was the inaugural cycle. At Year-1 exit on the funded plan, the same loop runs across 27 protocols continuously — 184 disclosures cumulative, 8,420 attestations on mainnet — and the closed-loop fix-bundle pillar that grew out of F7's contested-disclosure friction ships every PR with a Kani-proven fix that demonstrates it preserves every other invariant before the maintainer ever sees it. (Today: 1 protocol monitored, 125-hyp library, 3 autonomous PoCs — see top of page.)

The permanent record

F7 stays on the disclosure ledger as a featured row. Cycle one. Same loop. Different scale.

10 — Open source

Every claim links to public code.

Apache-2.0. The platform source, the methodology repository, the attestation registry program, and the full inaugural Percolator audit are public. The infrastructure is composable — any protocol can fork it, any auditor can verify it, any program can read the registry.

/ 01 — Platform github.com/Copenhagen0x/audit-pipeline-cli / 02 — Methodology github.com/Copenhagen0x/audit-pipeline-cli / 03 — Case study github.com/Copenhagen0x/percolator-audit-2026-04 / 04 — F7 disclosure aeyakovenko/percolator-prog#39 / 05 — Live cycle archive jelleo.com/cycles · refreshes every minute / 06 — Empirical confirm session 2026-05-06 · 4 confirms: 1 fired (F7-class) + 1 attestation + 2 cannot_test

Embedded coverage
for protocols that ship daily.

Continuous shadow audit. Per-commit attestation. Maintainer-receivable fix bundles, Kani-verified before the PR opens. If your protocol moves fast enough that point-in-time audits go stale the day they're delivered — this is the layer underneath.

Request integration See the ledger