Verify Ethereum state from a smartwatch.
A 12kB light client that runs on Cortex-M. Sub-second finality checks. No trusted RPC.
- ×Risk rules and trading logic share the same reasoning loop.
- ×Under pressure, agents rationalize past their own limits.
- ×The cop and the criminal are the same process.
- ✓Circuit spawns as a separate sub-agent with its own context.
- ✓Independent mandate: enforce the policy, nothing else.
- ✓One import. No shared state with the agent it's policing.
separate context · violations revert · breaches emit on-chain events
You don't need full state if you batch-verify Merkle Patricia proofs against a sync-committee-signed header. The verifier is small. The cryptography is small. The hard part is proof transport — and a typed MPT proof fits in a single CoAP frame.
Streams sync-committee-signed beacon headers to subscribed devices over CoAP/UDP. Handles fork choice; devices don't.
Resolves device queries (`storage_at(addr, slot, block)`) to compact MPT proofs. Stateless, horizontally scalable, no consensus role.
Pure Rust no_std crate. ~12kB flash, ~2kB RAM. Verifies BLS12-381 aggregate signatures, header chain, and MPT proof for one slot per call.
- BLS12-381 pairing in no_std
- Verifier passes Goerli historical replay end-to-end
- CoAP proof transport spec v1
- Cortex-M4 reference implementation
- External cryptographic review
- Public audit
- Mainnet relay launch
- RISC-V port
Give your agent a cop it can't fire.
Early access by strategy type. Tell us what you're running.