CLI › Guides › Swap Permits
Swap Permit Parameters
A complete reference for the parameters that define a swap permit. Understand what each field does, which are required, and how override precedence works.
Parameter Glossary
These are the commonly used parameters when constructing a swap permit. All parameter names match the CLI flag and policy JSON schema.
| Parameter | Type | Usage | Description |
|---|---|---|---|
| inputMint | string | Required | Mint address of the token being sold (input side of the swap). |
| outputMint | string | Required | Mint address of the token being purchased (output side of the swap). |
| amount | number | Required | The amount of input tokens to swap, in the smallest unit (lamports or token decimals). |
| maxAmountIn | number | Commonly used | Upper bound on the input amount. Enforced by the policy engine as a hard ceiling. |
| minAmountOut | number | Commonly used | Minimum acceptable output. The swap is blocked if the expected output falls below this value. |
| slippageBps | number | Commonly used | Maximum slippage tolerance in basis points (1 bps = 0.01%). The policy engine blocks swaps exceeding this bound. |
| allowedPrograms | string[] | Commonly used | Allowlist of on-chain program IDs the swap may interact with (e.g. Jupiter aggregator). |
| ttlSeconds | number | Commonly used | Time-to-live for the permit in seconds. After expiry the permit is no longer valid. |
| nonce | string | Commonly used | Unique value for replay protection. Prevents the same permit from being evaluated twice. |
| profile | string | Commonly used | Named profile to use for this command. Determines wallet, RPC, and network context. |
| network | string | Commonly used | Target network: devnet or mainnet-beta. |
Safe Defaults Guidance
If you are unsure what values to use, these are reasonable starting points for devnet testing:
| Parameter | Suggested default | Notes |
|---|---|---|
| slippageBps | 50 | 0.5% slippage. Conservative for most pairs. |
| ttlSeconds | 120 | 2 minutes. Enough time to verify and send. |
| network | devnet | Always start on devnet. Switch to mainnet-beta only when ready. |
| amount | 1000000 | 1 token (assuming 6 decimals). Small enough to be safe for testing. |
Production deployments should set tighter slippage and shorter TTL values based on your specific use case and risk tolerance.
Override Precedence
When the same parameter is specified in multiple places, ATF resolves it from highest to lowest priority:
- CLI flags override everything. If you pass
--slippage-bps 25on the command line, that value is used regardless of policy or preset. - Policy JSON values override presets and profile config. Use a policy file for repeatable, version-controlled parameter sets.
- Preset defaults apply when no flag or policy specifies the parameter. Presets like
swap_smallbundle sensible values for common scenarios. - Profile config provides the baseline. Network, RPC endpoint, and wallet come from the active profile unless overridden.
Example: flag overrides preset slippage
npx @trucore/atf@1.5.1 simulate --preset swap_small --slippage-bps 25 --verifyIn this example, the preset provides all parameters except slippage. The explicit flag sets slippage to 25 bps instead of the preset default.
Redaction and No-Secrets Behavior
The ATF CLI never sends private keys, seed phrases, or API secrets to the ATF API. Wallet signing happens locally. RPC keys are used only for direct RPC calls and are never included in permit payloads or receipts.
CLI output redacts sensitive values by default. Wallet addresses are shown in abbreviated form (e.g. 5UBb...xYz3) and API keys are never echoed back.
Receipts are fully self-contained and contain no secrets. You can safely store, share, and audit receipts without exposing any private material.