Developer Security Infrastructure
Protect every transaction, learn from execution history, and continuously improve how capital is deployed. Policy-enforced execution with built-in intelligence for bot developers and AI agents on Solana.
atf tradeWhen you run this: ATF evaluates a trade, shows the decision, and generates a receipt. No real transaction is submitted.
Four commands. From first trade to verified receipt.
Install globally with npm install -g @trucore/atf@1.5.1, or on macOS/Linux run without installing with npx @trucore/atf@1.5.1. Installation details →
1. Try a protected trade
atf tradeWhen you run this: ATF evaluates a trade, shows the decision, and generates a receipt. No real transaction is submitted.
2. Connect your API key
atf setupInteractive setup. No manual .env editing needed.
3. Diagnose your environment
atf doctorChecks config, RPC, wallet, and environment in one pass.
4. Verify and share a receipt
atf verify <receipt-id>Verify integrity. Share with human-readable text or bot-friendly output.
Demo mode
Real mode
atf setup)Each command produces dual-surface output: clear terminal messages for operators and structured JSON for automation.
One command tells you everything about your environment.
Run directly with npx.
Doctor
npx @trucore/atf@1.5.1 doctor --pretty{
"ok": true,
"profile": "devnet-burner",
"network": "devnet",
"rpc": { "provider": "helius", "latency_ms": 87 },
"wallet": { "present": true, "type": "burner", "pubkey": "9x…kP" },
"receipts": { "verify_ready": true },
"versions": { "cli": "1.5.1", "node": "20.x" }
}No secrets leaked. Private keys, API tokens, and RPC credentials are redacted from all output by default.
Doctor runs locally. Secrets are never uploaded.
Go from zero to a verified devnet setup in five commands. Burner mode switches your active profile to devnet so you never risk real keys.
First time
Run directly with npx. No install needed.
1. Create a devnet burner profile
npx @trucore/atf@1.5.1 profile create devnet-burner --network devnet2. Select the profile
npx @trucore/atf@1.5.1 profile select devnet-burner3. Enable burner mode
npx @trucore/atf@1.5.1 burner enable4. Verify setup
npx @trucore/atf@1.5.1 doctor --prettyUse again later
1. Select the profile
npx @trucore/atf@1.5.1 profile select devnet-burner2. Enable burner mode
npx @trucore/atf@1.5.1 burner enable3. Verify if needed
npx @trucore/atf@1.5.1 doctor --prettyIf you see Profile "devnet-burner" already exists., skip profile creation and jump to Use again later above.
Once burner mode is active, simulate and send a devnet transaction.
1. Sign and send a small transaction
npx @trucore/atf@1.5.1 tx sign --preset swap_small | npx @trucore/atf@1.5.1 tx send2. Verify the receipt
npx @trucore/atf@1.5.1 receipts verify --lastATF is Helius-first. Set your RPC endpoint through a named profile and secrets are never echoed to stdout.
Run directly with npx.
1. Create a production profile
npx @trucore/atf@1.5.1 profile create prod --network mainnet-beta2. Set your Helius RPC URL (stored securely, never printed)
npx @trucore/atf@1.5.1 profile config prod --rpc-url <YOUR_HELIUS_URL>3. Sanity check: ping the RPC
npx @trucore/atf@1.5.1 rpc ping --profile prodSecrets set via profile config are stored in your local profile directory and redacted from all CLI output. ATF never transmits private keys or API tokens over the network.
Every transaction passes through a deterministic pipeline. Nothing touches the chain until local verification succeeds.
The simulate step evaluates your transaction against active policy constraints and produces a receipt with a deterministic content_hash. Your client re-hashes the payload locally. If the digests match, the transaction is signed and submitted. If they diverge, execution is blocked before any funds move. This verify-then-send model means you never rely on server trust alone.
Verify receipts locally before signing.
ATF enforces policy inline with execution - not in batch, not offline. Every claim below is based on observed behavior from mainnet test matrices.
Typical SAFE routes observed under ~170k compute units across mainnet test matrices. Multi-hop routes increase compute and latency. RPC response time dominates total execution time.
Routes were evaluated across real conditions using RPC simulation on Solana mainnet-beta. The following characteristics were observed across 6 matrix runs and 55+ scout samples.
Observed Characteristics
Based on internal test matrices. Route composition is non-deterministic - actual CU may vary between calls.
Start with trade, setup, doctor, and verify. Advanced bot and operator commands are available when you need them.
tradeRun a protected trade (demo mode by default, no wallet needed)setupInteractive API key and config setupdoctorFull environment health checkverifyVerify and share a receiptwhoamiShow active profile and pubkeylsList all configured profilescompletionGenerate shell completions (bash/zsh/fish)profile createCreate a named profile for an environmentprofile selectSwitch active profileprofile configSet RPC URL, secrets, and networkconfig initInitialize ATF global configurationrpc pingVerify RPC connectivity and latencyburner enableSwitch active profile to devnettx signSign a transaction payloadtx sendSubmit a signed transaction to the networktx statusCheck confirmation status of a transactionpolicy validateValidate a policy YAML offlinebot protectWrap a bot transaction with ATF enforcementbot initScaffold a new bot config from a templatereceipts verifyVerify deterministic receipt integrity locallyreport savingsGenerate receipt-backed savings reportperps protectEnforce perps policy before order submissionperps explainShow human-readable perps intent analysisperps fixturesPrint canonical venue-specific test fixturesbootstrapSelf-integrate using a bootstrap recipeintegration-doctorDiagnose integration health and configurationDual-surface outputs: readable in terminal, reliable in automation. Built for production bots, AI agents, and custodians.
machine_summarysuggested_action and suggested_command fieldsATF never holds your private keys. Signing happens on your machine, in your environment. The platform enforces policy, not custody.
Every decision produces a content_hash computed from stable JSON serialization. Shareable, verifiable, and reproducible. Full auditability, zero ambiguity.
A hosted API key model is planned for v2 to support managed workflows and team-level access control. No dates. We ship only when security and verification guarantees are preserved.
Run a protected trade, connect your key, and verify your first receipt. Everything you need ships in the CLI.
Try a protected trade
npx @trucore/atf@1.5.1 tradeTry atf trade to see the full product loop: protect, receipt, verify. Demo mode works instantly. On macOS/Linux you can also use npx @trucore/atf@1.5.1 trade.
Get release notes and security updates. CLI versions are pinned and the changelog announces every upgrade.