Concepts

Policy Model

Policies encode non-negotiable constraints. Agents can propose intent, but ATF decides whether the action fits the approved envelope.

Policy primitives

Allowlists, limit execution to explicitly approved protocols, methods, and asset pairs.
Spend limits, cap notional exposure per transaction and per rolling window.
Slippage bounds, enforce maximum deviation from expected execution price.
Cooldowns, require a minimum wait period between high-risk operations.

Fail-closed behavior

If any check is missing, malformed, expired, or non-compliant, ATF rejects the action. The default outcome is deny, not allow.

Example policy JSON

{
  "policyId": "pol_live_treasury_v1",
  "protocolAllowlists": ["jupiter", "orca", "raydium", "solend", "marginfi", "kamino"],
  "spendLimits": {
    "perTransactionUsd": 2500,
    "perHourUsd": 10000
  },
  "slippage": {
    "maxBps": 50
  },
  "cooldowns": {
    "swap.execute": 30,
    "lend.repay": 15
  },
  "defaultDecision": "deny"
}