About TxGuardian
A Solana browser extension that checks every signing request in your browser before your wallet's prompt appears. The verdict engine ships in the extension itself — your transactions never reach our server. Deterministic rules decide what's risky; an optional AI translator (your Gemini key) makes the verdict legible in seconds.
The problem
Solana wallet drainers steal funds even when the wallet preview looks safe. The signing UI shows "no balance change" while the underlying instruction stream authorizes a token approval, an account ownership transfer, or a transfer to an attacker-controlled address. Users can't tell the difference at a glance — and they shouldn't have to.
Who it's for
Architecture
EXTENSION (the product — bundles the entire engine) ┌────────────────────────────────────────────────────────────────┐ │ page.ts (MAIN world) │ │ intercepts signTransaction → serializes → postMessage │ │ ↓ │ │ service worker │ │ runs @txguardian/sdk locally: │ │ Parser (legacy + v0 + ALT + Token-2022) │ │ Decoder (instruction summaries; memo stripped) │ │ Simulator (your RPC — sigVerify=false) │ │ Registry (your RPC — drainer + verified feeds) │ │ Rules (deterministic — source of truth) │ │ Scorer (severity → 0–100 → recommendation) │ │ ┌─ optional: Translator (Google Gemini · YOUR key) ────┐ │ │ │ TxGuardian server NEVER involved in the LLM call │ │ │ └─────────────────────────────────────────────────────────┘ │ │ ↓ │ │ Shadow-DOM modal · user decides · wallet has the final say │ └────────────────────────────────────────────────────────────────┘ WEB SITE (demo + docs — optional) ┌────────────────────────────────────────────────────────────────┐ │ /scan, /playground ──→ POST /api/analyze (same engine, │ │ hosted convenience for users without a personal RPC + key) │ └────────────────────────────────────────────────────────────────┘
The deterministic engine decides risk. The LLM only writes the prose explanation — it can't raise, lower, or invent flags, and the recommendation is enum-locked to the engine's verdict. The extension bundle is reproducible against the source (SHA256 published next to the download). The AI step uses your own Gemini key and goes directly to Google.
On-chain program (devnet)
Source under programs/txguardian-registry. Anchor 0.32, Rust. Five instructions: initialize, submit (permissionless), attest (admin), revoke (admin), update_admin.
Scope
The browser extension is the product. Everything else is how you reach the same engine without installing it: a public web demo at /scan for one-off analysis (the only place our server runs the engine), a TypeScript SDK for integrators that want pre-sign checks embedded in their own wallet or dApp code, and the Anchor program on devnet that supplies the on-chain drainer + verified-program feeds.
Known limitations
- Devnet only. The on-chain registry runs on devnet. Mainnet deployment requires multisig governance and a curated initial entry set.
- Single-keypair admin. The registry is currently controlled by one keypair. The
update_admininstruction supports rotation to a multisig. - No coverage of in-wallet flows. Phantom's built-in Send / Swap / Stake happen inside Phantom's sandbox and cannot be intercepted by any browser extension. Same constraint every wallet-safety extension hits.
- Mobile not yet covered. Browser extensions do not run in mobile in-app browsers. A Solana Mobile app would close this gap.
- TOCTOU detection schema-only. The
TOCTOU_PATTERNflag is part of the result schema but generic runtime detection requires per-program decoders that don't exist yet.