Skip to content
TruCore logoTruCore

API Reference

ATF API

Public endpoints for deterministic simulation and receipt generation. Every response is reproducible and independently verifiable.

Base Endpoint

Production base URL:

https://api.trucore.xyz
  • The API is served behind a Caddy reverse proxy.
  • HTTPS is required for all requests.

POST /v1/simulate

Method

POST

Path

/v1/simulate

Alias

/api/simulate

Primary deterministic simulation endpoint. Accepts a preset or payload, evaluates it against the active policy, and returns a decision with a tamper-evident receipt.

Headers

Content-Type: application/json

Required.

X-Request-ID

Optional string. Used for correlation and passed through into the receipt. If omitted, the server generates one automatically.

Request Body

JSON Body
{
  "preset": "swap_small"
}
  • preset selects a deterministic test scenario.
  • Future versions may support explicit payloads alongside presets.

Example Response

200 OK
{
  "ok": true,
  "verified": true,
  "decision": "ALLOWED",
  "request_id": "req_1234567890",
  "content_hash": "0xabc123...",
  "timestamp": "2026-02-27T18:42:11Z"
}

Response Field Reference

ok

API success indicator. true when the request completed without errors.

verified

CLI verification result. true when using --verify and receipt integrity is confirmed.

decision

ALLOWED or BLOCKED. The deterministic policy outcome.

request_id

Correlation handle for this simulation request.

content_hash

Deterministic receipt fingerprint computed from the canonical response payload.

timestamp

ISO-8601 UTC timestamp when the decision was issued.

Determinism Guarantee

The same input combined with the same policy state always produces the same content_hash. This is by design. ATF responses are deterministic and reproducible, which enables independent verification workflows across environments and toolchains.

Error Handling

Error Response
{
  "ok": false,
  "error": "invalid_preset"
}
  • ok: false indicates the request failed.
  • error provides a machine-readable reason string.
  • request_id may still be included for correlation.

Next Steps

CLI Reference

Run simulations and verify receipts from the command line.

Verification

Learn what content_hash proves and how to use receipt verification in production.

Security

Review threat model, disclosure policy, and audit status.

Roadmap

See planned phases and upcoming capabilities.