Verdict explainer

Qwen3-1.7B · @qvac/sdk

Personal-history RAG

bge-small · 384-d

v0.1 · Built on @qvac/sdk

Stop the drainerbefore you sign.

A local AI co-pilot that reviews every Solana signature on-device. Nothing leaves your machine.

Apple SiliconDownload for Mac x64 · portableDownload for Win

02Why local AI

The reviewer that doesn'tleak the transaction.

Cloud screening sees every signature you'd want it to protect. Argus runs the entire review pipeline — decode, simulate, intel lookup, RAG, explainer LLM — on your device through the official QVAC SDK.

$2.1BStolen by Solana drainers in 2024

REDOCR · Brand · impersonation · History

Refuse to engage — brand impersonation

Screenshot impersonates Magic Eden (real domain magiceden.io).

OCR found 1 blocked domain: magic-edenn.io (Phantom-flagged typo-squat of magiceden.io).
Brand-impersonation: screenshot mentions magic eden but the URL is magic-edenn.io, not magiceden.io.
Personal history matched 0 similar approved reviews; treat this as unusual for your wallet.

YELLOWSimulation · Intel · History

Review — unlimited SPL approval

spl-approve to a delegate Argus has not seen on this wallet.

Simulation passed (1 instruction).
spl-approve: unlimited delegate authority to 9xQe…2bWk on USDC.
Local scam-intel checked 1 program; no blocklist matches.
Personal history found no close match across 47 prior reviews; treat this as unusual for your wallet.

GREENSimulation · Intel · History · match

Approve — Jupiter v6 swap

Routine SOL → USDC, recipient is your own wallet.

Simulation passed (1 instruction).
Jupiter v6 route: -0.50 SOL, +71.24 USDC to your wallet.
Local scam-intel checked 1 program; no blocklist matches.
Personal history matched 4 similar approved reviews.

03Pipeline

Five on-device signals,one cited verdict.

Decode → simulate → intel → screenshot OCR → personal-history RAG. The QVAC-powered explainer turns the deterministic facts into plain English; every citation is something your machine can verify.

12345678

verdict "argus.review" {

level = "YELLOW"

summary = "Novel"

}

cite "history.rag" {

# 0 of 47 prior tx

}

Decode & explain

Qwen3-1.7B (via @qvac/sdk) rewrites the deterministic decode into plain English. The model never adds facts — every claim has a citation.

Cross-reference

35 wallet/program/mint entries from Mandiant CLINKSINK + SolanaFM, plus 2,247 domains from the Phantom blocklist scrape, plus BGE-embedded personal history — all converging on a single severity.

`magic-edenn.io`0.91 sim
resource `wallet_adapter`ocr
action `approve_all`diff

Read the screenshot

Drag in a Telegram or dApp screenshot. Tesseract OCR extracts URLs and brand mentions; brand-impersonation cross-reference catches typo-squat phishing kits.

04Stack

One SDK.
One pipeline.

Five of six SDK capabilities on the call path: LLM, embeddings, OCR, transcription, and text-to-speech all run through @qvac/sdk on device. Plus WDK for Solana key derivation, signing, and broadcast. Every output feeds the verdict or one of its citations.

@qvac/sdk · completion
Verdict-explainer LLM (Qwen3-1.7B). Plain-English rewrite of decoded facts; structured JSON output validated by zod.
src/main/verdict/explainer.ts
@qvac/sdk · embed
Personal-history RAG over your prior signed/blocked reviews. bge-small-en-v1.5, cosine, 384-d.
src/main/llm/embedder.ts
@qvac/sdk · ocr
EasyOCR pipeline (CRAFT detector + Latin recognizer) over screenshot bytes. Returns URLs + brand mentions for the impersonation cross-reference.
src/main/ocr/extractor.ts
@qvac/sdk · transcribe
Voice command — say 'approve' or 'block' on the queued review. MediaRecorder → @qvac/transcription-whispercpp → keyword match.
src/main/ipc/handlers/voice.ts
@qvac/sdk · textToSpeech
Verdict readback through the renderer's AudioContext. Chatterbox q4f16, multilingual.
src/renderer/components/verdict/read-aloud.tsx

05Threats

The drainer
playbook, decoded.

Each pattern below is a deterministic test fixture in the repo. Argus catches every one before submission and explains it in plain English.

Known-bad recipient

Transfer or approval to an address in the local scam-intel corpus (Mandiant CLINKSINK + SolanaFM seeds).

Unlimited SPL approval

`Approve` granting unbounded delegate authority to a program your wallet has never interacted with.

Authority hijack

`setAuthority` flipping mint or freeze authority on an account you own.

Simulation rejection

Solana simulator rejects the transaction — Argus will not sign anything that won't even simulate.

Typo-squat URL

Screenshot URL is one Levenshtein edit away from a canonical Solana dApp (magicedem.io, jupx.ag, …).

Brand impersonation

Screenshot mentions a canonical brand without surfacing its real domain — phishing dressed up as Phantom, Magic Eden, etc.

Local intelligence,zero exfiltration.

Install Argus, generate a fresh seed, and review your next signature with a stack you fully own — every model on the call path runs through the official QVAC SDK on your device.