Agent Guardrails Protocol
Agent Guardrails is an on-chain policy layer for AI agents operating on Solana. It sits between autonomous agents and the blockchain, enforcing allow-lists, spending budgets, and a real-time AI kill switch so that operators never lose control of their deployed agents.
The protocol intercepts every agent transaction through a single entry point (guarded_execute), validates it against three layers of defense, and can freeze a compromised agent on-chain in under 3 seconds. Funds live in a program-derived address controlled by the policy — never in the agent keypair — so even a fully compromised agent cannot drain its treasury.
Three Layers of Defense
- Layer 1: Program Allow-Listing— Only whitelisted programs (Jupiter, Marinade, Drift, etc.) can be called via CPI. Any instruction targeting an unknown program is rejected on-chain before execution.
- Layer 2: Spending Budgets— Per-transaction caps and rolling daily budgets enforced on-chain. The
SpendTrackerPDA tallies every outflow and rejects transactions that would exceed limits. - Layer 3: AI Kill Switch (Guardian Agent)— An off-chain monitoring pipeline analyzes every transaction for behavioral anomalies. When the Guardian Agent detects a threat, it signs a
pause_agentinstruction that freezes the agent on-chain immediately.
Repository Structure
| Directory | Description |
|---|---|
program/ | Anchor 0.30.1 Solana program — on-chain policy enforcement, guarded execution, and pause/resume instructions |
server/ | Express API + worker pipeline — webhook ingestion, Guardian Agent judge, incident reporting, SSE push |
dashboard/ | Next.js 14 frontend — real-time monitoring interface with live activity feeds, spend gauges, and incident timelines |
sdk/ | TypeScript client and IDL — source of truth, synced to server and dashboard via build script |
Who It's For
- Autonomous agent operators— individuals or teams deploying AI agents for trading, yield farming, or portfolio rebalancing who need guardrails around what those agents can do.
- Institutional operators (DAOs, funds)— organizations that require policy enforcement, audit trails, and multisig escalation before any high-value agent action.
- AI-native protocols (Jupiter, Marinade, Drift)— protocols that want to offer agent-friendly integrations with built-in safety guarantees for their users.
Built With
- Solana — high-throughput L1 for sub-second finality
- Anchor 0.30.1 — Solana program framework for account validation and CPI
- Helius — real-time webhooks for transaction monitoring and enhanced RPC
- Squads v4 — multisig escalation for high-severity incidents
- Guardian Agent — LLM-powered anomaly detection and behavioral analysis
- Neon Postgres — serverless Postgres for transaction history and incident storage
This project was built for the Solana Frontier Hackathon.
Quick Links
- Quick Start — get up and running in 5 minutes
- Architecture — system topology and data flow
- SDK Reference — TypeScript client API
- Program Reference — on-chain instructions and accounts
- API Reference — server REST endpoints and SSE events
- Demo Walkthrough — 3-minute live demo script