// jelleo · agent-tooling exposure

press G then D again to dismiss
Hero · 3D network graph
three.js / WebGLRenderer · 21 real targets · k-NN edges raycaster.intersectObjects(nodes) · onPointerMove firePropagation() · single particle + flare/halo decay · brand motif
Background
pure CSS aurora + blobs + SVG-noise data URI · zero WebGL 2D canvas particles + idle code-rain · disabled on mobile
Live terminal
replays published cycles from the public manifest · 5-min TTL requestAnimationFrame typing · every line from the signed archive
Live data
/heartbeat.json · hourly · Ed25519-signed · age labels only /snapshot.json · 5-min cadence · cycles pane + graph join stats are baked real numbers · they do not fake-move
Scroll
gsap ScrollTrigger · section reveals · no pinning, no scroll-jack IntersectionObserver count-ups · fire once
Audio
WebAudio API · AudioContext · square+sine oscillators cursor-hover tick · scroll hum (60Hz drone)
$jelleo · AI-driven audit firm
$loading signed cycle archive · public receipts
$fetching latest heartbeat · hourly · Ed25519
$engine online · pipeline L0–L6
Last cycle
Findings recorded
Signed receipt
Statusaudited · signed
↩ esc · click outside
AI-driven audit firm · Solana · every commit

Solana never stops shipping.
We never stop auditing.

Every commit re-audited. Every confirmed bug class swept across every covered client. Signed proof you can verify yourself.

Operating
signed public cycle archive · /cycles/ hourly Ed25519 heartbeat · hash-chained 4 languages · Rust/Anchor · Move · Solidity · C attestation program live on Solana devnet 52-rule open standard · 30 machine-checkable pipeline L0–L6 · every finding empirically proven signed public cycle archive · /cycles/ hourly Ed25519 heartbeat · hash-chained 4 languages · Rust/Anchor · Move · Solidity · C attestation program live on Solana devnet 52-rule open standard · 30 machine-checkable pipeline L0–L6 · every finding empirically proven
0 Signed public cycles every one Ed25519-verifiable
0 Engine LOC · open source 133 src modules · Apache-2.0
0 Languages Rust/Anchor · Move · Solidity · C
0 Verification stages pipeline L0–L6 · fractional gates
0 Rules in the open standard 30 machine-checkable · MIT
0 Audited targets per the public snapshot feed
0 Findings recorded across all targets · public snapshot feed
0 Signed heartbeats · daily Ed25519 · hash-chained

Audits decay.
Coverage compounds.

A point-in-time audit is true at exactly one commit — everything you merge after it ships unaudited. Jelleo watches the repo and re-runs the full pipeline on every push. And when a bug class is confirmed anywhere, it is swept across every covered codebase: findings never stay siloed in one client's report.

/ 01 — commit lands

The watch daemon triggers a re-audit

Covered repos are polled for new commits. Every push triggers a diff-aware re-run of the pipeline — unchanged hypotheses are skipped, everything the diff touches is re-verified.

/ 02 — finding confirmed

Proven before it reaches you

A finding only surfaces after adversarial review, an executable proof-of-concept, and formal plus runtime verification. You receive demonstrated bugs, not speculation.

/ 03 — propagation

One bug found anywhere hardens everyone

The confirmed bug class auto-derives sibling hypotheses and its structural signature is swept across every covered codebase. Every client inherits every other client's findings.

Structural, not aspirational A human firm audits one codebase, once, at one commit — and its findings never leave that report. This loop is the part they cannot replicate.

Four pillars. One adaptive loop.

Detection feeds propagation; propagation feeds operator-gated fix bundles; every cycle lands in the signed attestation trail. All four run today — the engine source is public, so every pillar below links to code you can read.

P1
/ Pillar 01 — detect

Commit watch + mainnet shadow.

A watch daemon polls covered repos and re-runs the pipeline on every commit — diff-aware, so re-audits stay fast. A shadow monitor polls the live program 24/7: log patterns and account-state deltas raise an alert when an invariant is violated on mainnet. Catches the drift that point-in-time audits structurally cannot see.

Stack
commit watch diff-aware re-runs live RPC polling account-delta alerts
P2
/ Pillar 02 — propagate

Cross-client bug-class propagation.

When a finding is confirmed, in our own cycles or a public disclosure, the engine extracts the structural attack pattern, derives sibling hypotheses automatically, and sweeps the signature across every covered codebase. One bug found anywhere hardens everyone. This fires on the confirmed transition, not on a human remembering to check.

Stack
disclosure feed ingest structural extractor vector embeddings cross-protocol search
P3
/ Pillar 03 — disclose + fix

Operator-gated fix bundles.

Confirmed bug → candidate patch + writeup + proof-of-concept, verified by a five-gate chain: patch well-formed, PoC fails pre-patch, passes post-patch, the test suite passes, the exploit is neutralized. Nothing ships without operator-typed authorization — the engine never auto-opens PRs. Maintainers receive verified fix bundles, not raw findings.

Stack
patch authoring 5-gate verifier operator authorization signed bundles
P4
/ Pillar 04 — attest

Signed, rooted, on-chain.

Every cycle is Ed25519-signed with domain separation and Merkle-rooted, attesting which invariants were verified at which commit SHA. An hourly hash-chained heartbeat proves the loop is alive. The on-chain registry, a hardened Anchor program, is live on Solana devnet since 2026-05-29; mainnet deployment is deliberately gated behind an external audit of the program itself.

Stack
Anchor program · devnet Ed25519 signing Merkle roots · versioned schema signed heartbeat

From repo to signed report.

Ten stages between a repository and a signed report. Hypotheses are generated by systematic surface coverage, debated by adversarial reviewers, demonstrated by executable proofs-of-concept, checked formally and at runtime, and cross-checked on independent hosts before anything is disclosed.

/ L0

Spec-check

Code compared against its documented spec and invariants — deviations surface before hypothesis generation begins.

/ L1

Surface coverage

The complete hypothesis set generated by systematic surface coverage (structure, spec, sibling-diff, open-ended reasoning) — never a hand-capped list.

/ L1.5

Debate

Independent reviewers render a verdict per hypothesis; an adversarial challenger attacks the reasoning and resolves conflicts.

/ L1.6

Propagate + cold-verify

Phantom filtering and cluster dedup gate the candidates; confirmed patterns sweep across every covered codebase.

/ L2

Empirical PoC

An executable test authored per hypothesis, in the target's own language. A bug is not real here until it is demonstrated.

/ L2.5

Fire-triage

Every PoC fire is sorted strong / soft / false before it can move forward — noise dies here.

/ L3

Formal

Bounded model checking proves the invariant or produces a counterexample (Kani · CBMC · SMTChecker · Move Prover).

/ L4

Runtime

The compiled program exercised in an embedded VM or fuzzer — the witness state must be reachable through the public API (LiteSVM · AFL++ · forge · move test).

/ L5

Cross-check

Bit-identical PoC results reproduced on two independent hosts before any disclosure leaves the building.

/ L6

Mainnet shadow

After the report ships, the live program stays under 24/7 watch — log patterns and account-state deltas alert on violations.

Technical reference

The full methodology is published as a public reference document — four pillars, hypothesis scoping schema, propagation engine, severity rubric, lifecycle state machine, attestation, and reporting cadence.

Read the full methodology

The engine, on the record.

Every line below is replayed from hunt-cycle manifests published in the open engine repo — real hypotheses, real verdicts, real costs. The pane beside it lists the latest signed cycles from the live snapshot feed, refreshed every five minutes on the box that runs the loop.

Activity feed replayed verdicts from the public manifest
Latest signed cycles from /snapshot.json · 5-min cadence on the VPS

Watch the engine work.

A replay of a real published hunt cycle — the same tool-using agent session that produced a signed receipt in the archive, character for character. Nothing here is generated for the website.

engine replay · published cycle

What customers see.

Each customer gets a token-gated view of their own codebase: findings, signed receipts per cycle, propagation events, and live loop status. A demo view is open to everyone — it polls the same snapshot, manifest, and heartbeat feeds a paying customer sees.

Open demo · real data

The demo dashboard runs on the live production feeds — no sign-up, no synthetic rows. Findings, receipts, and propagation exactly as a customer sees them.

Open the live demo

Priced per line of code.

One exploit costs more than a decade of coverage, and re-hiring a firm for every release costs more than never stopping. We count in-scope program code only — never tests, comments, generated code, or dependencies.

/ Onboarding — one-time

$7 / LOC

The full first pass: every stage of the pipeline, L0 through L6, against your codebase at its current commit. Delivered as a signed HTML + PDF report with every finding demonstrated, not asserted.

/ Re-audit — annual

$5 / LOC / yr

Every commit re-audited from then on. Signed receipts per cycle, propagation coverage (every bug class we confirm anywhere is swept against your code), and mainnet shadow monitoring after every release.

The open standard The open-source Solana Security Standard is MIT-licensed and stays free — 52 rules you can run in CI today. Audits are not free, and we don't discount them.

Every audit becomes a signed public artifact.

Most firms publish a portfolio. We publish the archive: every cycle Ed25519-signed at generation, Merkle-rooted, and permanently verifiable — including the one we retracted, because retractions are public too. Disclosures go upstream first and stay embargoed until the fix ships.

Verify a receipt yourself no Jelleo service required · pin the pubkey once
$ audit-pipeline sign verify \
    --artifact hunt_report.html --sig hunt_report.html.sig
✓ signature valid · domain: report · signed at generation
Browse the full archive at /cycles/ — every cycle row links its report, its signature, and the public key. The retracted cycle stays in the table with a RETRACTED badge; an archive you can only add to is the point.

Every cycle. Signed and rooted.

Every report is Ed25519-signed with domain separation and Merkle-rooted under a versioned, reproducible schema. An hourly heartbeat chains each proof-of-running to the previous one. The on-chain registry is a hardened Anchor program, live on Solana devnet — mainnet follows an external audit of the program itself.

// anatomy of a real signed cycle open it ↗
39 signed cycles · newest on top · click a block to open its receipt
one block per signed cycle · oldest at the base · the red block is the public retraction
cycle 20260508-025038 engine sha 3c9c8490 findings rooted 101 merkle root 8673e88e44b1c57d…f8427e4a schema jelleo-cycle-merkle-v2 signature cycle.html.sig · Ed25519
0 Signed public cycles
0 Targets in the live snapshot
devnet Registry program · live
hourly Hash-chained heartbeat

The Solana Security Standard. The rules are free.

52 documented rules, 30 machine-checkable — distilled from disclosed exploits and our own audit cycles into an open MIT standard. Run it in CI, your editor, your AI assistant, or Semgrep. Every bug class we confirm in an audit feeds back into the standard: the open ruleset gets sharper with every paid audit.

30 seconds to first scan npx @jelleo/solana-security-standard scan . MIT · github.com/Copenhagen0x/solana-security-standard

Your code ships daily. So should your audit.

Priced per line of code. Signed, verifiable proof with every cycle. Start with the estimate.