Enforcement

DEX Guardrails

Deterministic enforcement for every DEX swap. Slippage caps, protocol allowlists, unverified route deny, and mint controls. Every decision produces a verifiable receipt.

Slippage caps

Every swap request includes a max_slippage_bps value. ATF checks this against the policy-configured ceiling before the operation reaches the DEX. If the requested slippage exceeds the cap, the operation is denied.

swap:
  max_slippage_bps: 100   # 1% max slippage
  min_out_check: true     # enforce minimum output amount

Slippage is checked pre-flight. If the swap would exceed the configured bound at settlement, the transaction is not submitted.

DEX allowlists

Only explicitly approved DEX venues can process swap operations. Any route that touches an unapproved program is denied.

swap:
  dex_allowlist:
    - jupiter
    - orca
    - raydium
  deny_unlisted_dex: true

Jupiter, Orca, and Raydium are the supported DEX paths in ATF v1. Additional venues will be added as adapters are validated and audited.

Unverified route deny

When deny_unverified_routes is enabled, ATF rejects any swap route that includes an intermediate hop through an unverified or unknown program. This prevents routing through potentially compromised or malicious contracts.

swap:
  deny_unverified_routes: true

Mint allow/deny lists

Control which token mints an agent can interact with. You can run in allowlist mode (only listed mints are accepted) or denylist mode (listed mints are blocked).

swap:
  mint_allowlist:
    - So11111111111111111111111111111111111111112  # SOL
    - EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v # USDC
  mint_denylist:
    - <known_scam_mint_address>

If both lists are configured, the allowlist takes precedence. A mint must appear on the allowlist and not appear on the denylist.

Deterministic receipts

Every DEX guardrail evaluation produces a cryptographic receipt. The receipt includes the policy version, the decision (allow/deny), the reason code, and a content hash that can be independently recomputed.

Receipt is generated for every evaluation, not just denials.
Content hash is deterministic: same input always produces the same hash.
Receipts are tamper-evident and auditable post-trade.

CLI quickstart

Run directly with npx

npx @trucore/atf@1.5.1 simulate --preset swap_small --verify

Run a swap simulation through the ATF CLI:

# Simulate a swap with slippage check
npx @trucore/atf@v1.5.1 simulate --preset swap_small --verify

# Simulate with custom JSON
npx @trucore/atf@v1.5.1 simulate --json '{
  "action": "swap",
  "token_in": "SOL",
  "token_out": "USDC",
  "amount": 10,
  "max_slippage_bps": 100,
  "ttl_seconds": 60
}'

Use --verify to confirm the receipt hash matches the expected output.

Example policy (YAML)

swap:
  enabled: true
  dex_allowlist:
    - jupiter
    - orca
    - raydium
  deny_unlisted_dex: true
  deny_unverified_routes: true
  max_slippage_bps: 100
  min_out_check: true
  mint_allowlist:
    - So11111111111111111111111111111111111111112
    - EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v
  mint_denylist: []

Next steps

Perps Enforcement — leverage caps, venue gates, and operation allowlists for perpetual futures.
Policy Model — full reference for all policy primitives.
ATF CLI — complete command reference.
Receipts Explorer — view example receipts and verify content hashes.