Agents — 7-Agent DeFi Security Suite

The seven agents

At a glance

Each agent is a deterministic Python "Mission" that writes structured artifacts to its own out/ folder. Three tracks, seven agents, one CLI.

Security I — Pre-deploy

Composition Auditor

Cross-repo seam analysis — maps edges between 6 Vyper repos, flags composition bugs invisible to single-contract fuzz tests.

Event-driven

Security II — Deploy gate

Deploy Verifier

Launch gate — proves on-chain bytecode == compiled source with 6-layer verification. Catches fat-fingered constructor args, wrong bytecode, EOA in value path.

Weekly drift baseline

Security III — Runtime

Watchtower

On-chain runtime monitor — diffs live state against persisted baseline. Alerts on unexpected owner change, new minter, fee bump, rewired pointer.

Minutes / hours

Security IV — Upgrade gate

DiffRisk

Redeploy upgrade gate — diffs storage layout, ABI, immutables between git refs. Prevents storage collision, ABI breakage, immutable mismatch on redeploy.

Event-driven

Security V — Economic

StressSim

Economic adversary — replays hostile markets against real bytecode in titanoboa. Catches undeployable CDPs, liquidatable pegs, bankrupt solvers.

Event-driven

Growth VI — Content

Herald

Editorial AI — LLM-powered content generation (Gemini 2.5 Flash) with human approval gate. Not deterministic — results vary, always gated.

~Daily

Meta VII — Rollup

Overseer

Meta-rollup — aggregates all agents into a single DASHBOARD.md digest. Never runs or fixes upstream agents — only reads and reports.

On-demand

Full-lifecycle coverage

Every phase, one agent assigned

Each agent owns a phase of the deployment lifecycle — from pre-deploy through runtime. No gaps, no overlap.

Pre-deploy

Composition Auditor

Cross-repo bugs invisible to single-contract fuzz tests — mapped across 6 Vyper repos.

Deploy gate

Deploy Verifier

Fat-fingered constructor args, wrong bytecode, EOA in value path — 6-layer bytecode verification.

Upgrade gate

DiffRisk

Storage collision, ABI breakage, immutable mismatch on redeploy — diffs any two git refs.

Runtime

Watchtower

Unexpected owner change, new minter, fee bump, rewired pointer — diffs live state against baseline.

Economic

StressSim

Undeployable CDP, liquidatable peg, bankrupt solver — replays hostile markets against real bytecode.

Growth

Herald

Content pipeline — LLM-generated, human-approved editorial output with full approval workflow.

Meta-rollup

Overseer

Blind spot across agents — stale/missing coverage is an alarm. Aggregates everything into one DASHBOARD.md digest.

Architecture

Why the monorepo works

The agents were built in isolation. Seven run.sh variants, three .env sources, duplicated state. The fix was a shared core and a registry.

Registry first, code second

registry.toml is the single source of truth — every agent's name, path, entry command, track, cadence, inputs, outputs. The CLI reads it. The Overseer reads it. The tests validate it. Adding an agent: one section in the TOML, one handler in the Overseer. Nothing else changes.

Thin CLI dispatcher

khomctl — reads registry.toml and execs the agent's entry point. No config in code, no hardcoded paths, no duplicated state across formats. khomctl list, khomctl run watchtower, khomctl run --track security, khomctl run --all.

Shared core kills duplication

core/env.py loads .env once. core/findings.py — one severity schema every agent normalizes into. core/addrbook.py loads deployments from one source. core/report.py — write_json() / write_md() with automatic out/ creation. Four files that replaced dozens of ad-hoc scripts.

Never green by omission

A missing artifact → NO-DATA (not PASS). An old clean result past its freshness window → STALE (not PASS). A corrupted file → UNKNOWN (not PASS). Silence is never read as "all clear." The Overseer's test_honesty.py verifies this property.

One screen, every agent

The Overseer dashboard

Before the meta-rollup, I ran agents individually and manually checked outputs. Now one command gives me every agent's status, last run, and open findings in a single digest.

khomctl status — DASHBOARD.md

🔵 5 security, 1 growth, 1 meta

✓ DeployVerifier: PASS @ block 11113450

✔ Watchtower: OK @ block 11113451

✔ Composition: 4 findings (4 verified) — 0 crit, 1 high, 1 med, 0 low, 2 info

✔ DiffRisk: SAFE on TARE-Stablecoin/CoilFeeRouter

✔ StressSim: PASS — 8 scenarios (0 fail, 1 marginal)

✔ Herald: OK — 2 approvals pending

Overseer: ALL CLEAR — 40 merged findings

New — fixed-price product

Need a custom AI agent?

$299Flat fee — single deterministic Python agent with CLI, tests, and docs. You describe what you need. I ship it in days.

Same discipline as the 7-agent suite, adapted to your stack. Monitoring, alerting, deploy verification, content generation, data extraction — whatever fits a deterministic Python agent.

Python agent with CLI entry point
Tests (pytest, green out of the box)
Documentation (README + inline)
One round of revisions
7-day follow-up support

What it could be: On-chain monitor · deploy verifier · content generator · data extractor · alert bot · custom reporter · price tracker · governance watcher

Book a call to scope your agent

This is a fixed-scope product — a single deterministic Python agent with CLI and tests. Complex multi-agent systems, production hosting, or ongoing maintenance are scoped separately.

Shipping DeFi that can't afford a bug?

My agent suite guards a live Sepolia stack. Yours could too — or I can build you a custom one.

Book a call

24h reply · fixed scope, fixed price $299 flat for a custom agent