Architecture
The Agent Transaction Firewall sits between an autonomous agent and the network. Every transaction intent is evaluated against configurable policies before execution, and every outcome produces a verifiable receipt. Agents can integrate via the hosted MCP endpoint, REST API, CLI, or OpenClaw plugin.
A transaction moves through the following stages before it reaches the network.
01Agent / Bot
Initiates a transaction intent
02Build transaction intent
Constructs the unsigned payload
03ATF protect endpoint
Submits intent for policy evaluation
04Policy evaluation
Rules engine checks against active policies
05Approved transaction
Transaction proceeds only if all policies pass
06Execution receipt
Deterministic receipt is generated and stored
07Verification
Receipt can be independently verified
Agents submit a structured transaction intent - not a raw signed transaction. ATF validates the intent before any signing occurs, meaning malformed or policy-violating transactions never reach the network. The protect endpoint accepts the intent, evaluates it, and returns an approval or rejection with a deterministic reason code.
Policies are declarative YAML rules that define what an agent is allowed to do. The evaluation engine checks every intent against active policies in sequence. Policies can enforce constraints on token allowlists, slippage bounds, maximum notional value, target programs, and more. Evaluation is deterministic - the same intent and policy set always produce the same result.
Every evaluated transaction - approved or rejected - produces an execution receipt. Receipts include the original intent, the policy version that was applied, the evaluation result, and a SHA-256 content hash. Receipts are immutable once generated and can be stored, exported, or anchored on-chain for long-term auditability.
Any party with access to a receipt can independently verify it. Verification recomputes the content hash from the receipt payload and compares it against the stored hash. If the hashes match, the receipt has not been tampered with. This provides a zero-trust verification model that does not depend on the ATF service being online at verification time.
