Skip to content
TruCore logoTruCore

Quickstart

Quickstart

One install, one command. You will see a decision and a verifiable receipt.

Install the CLI

Run directly with npx. No install needed.

Run a protected trade

npx @trucore/atf@1.5.1 trade

Run your first protected trade

atf trade

When you run this: ATF evaluates a trade, shows the decision, and generates a receipt. No real transaction is submitted.

Demo mode vs Real mode

Demo mode

  • No wallet required
  • No on-chain execution
  • Simulated protected trade

Real mode

  • Requires setup (atf setup)
  • Executes on Solana mainnet
  • Enforced by ATF policy

Next steps

Enable real trades

atf setup

Check readiness

atf doctor

Verify proof

atf verify <receipt-id>

What you're building

A fail-closed execution boundary where autonomous actions proceed only when policy checks and permit constraints pass.

For a full enforcement breakdown, read ATF Architecture & Enforcement Model.

API authentication

Send your partner key using the x-api-key header when calling /api/simulate. Keys are issued and managed by TruCore, and revoked keys return 401 invalid_api_key.

Already have a key? Open your portal to view your keys and usage.

API simulate request

curl -sS https://trucore.xyz/api/simulate \
  -H "content-type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{
    "action": "swap",
    "token_in": "SOL",
    "token_out": "USDC",
    "amount": 10,
    "max_slippage_bps": 100,
    "ttl_seconds": 60
  }'

Rate limits

Public simulator calls use a lower quota. Partner-key traffic uses the Partner Sandbox quota and exposes live quota headers for debugging.

  • Without key, 30 requests per minute per IP.
  • With valid key, 120 requests per minute per key.
  • Response headers: X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset.

Flow

1. Define policy

Declare protocol scope and hard limits before the agent acts.

policy = createPolicy({
  protocols: ["jupiter", "orca", "raydium", "solend", "marginfi", "kamino"],
  maxSpendUsd: 5000,
  maxSlippageBps: 50
})

2. Issue permit

Mint a scoped, time-bound permit tied to one intent domain.

permit = issuePermit({
  policyId: policy.id,
  scope: "swap.execute",
  ttlSeconds: 60
})

3. Validate transaction

Simulate and enforce constraints before any on-chain submission.

validation = validateTransaction({
  tx,
  permit,
  policy
})

if (!validation.ok) reject(validation.reason)

4. Record receipt

Persist a tamper-evident result for compliance and incident response.

recordReceipt({
  txHash,
  policyDigest: policy.hash,
  decision: validation.ok ? "approved" : "rejected"
})

Protect a real bot intent

Ready to go beyond the simulator? Follow the First Protected Trade guide for the full protect → receipt → verify flow using HTTP, Python, TypeScript, CLI, or OpenClaw.

Category reference

Need the canonical definition? Read Agent Transaction Firewall.