Skip to content
TruCore logoTruCore

Enforcement

Perps Enforcement

ATF enforces deterministic constraints on perpetual futures operations across multiple venues. Each adapter is feature-gated, OFF by default, and fail-closed on unknown operations.

What it enforces

Every perps operation is checked against the active policy before execution. The following constraints are evaluated deterministically:

  • Venue allowlist — only explicitly enabled venues can process perps operations. All others are denied.
  • Market allowlist — restrict which perpetual markets an agent can interact with (e.g. SOL-PERP, BTC-PERP).
  • Leverage caps — maximum leverage per market. Operations exceeding the cap are rejected.
  • Notional limits — cap the total notional value per order to prevent outsized exposure.
  • Operation allowlist — only known operation types (open, close, modify) are permitted. Unknown types are denied immediately.

Feature gating

All perps adapters are OFF by default. You must explicitly enable each venue with an environment flag. If the flag is not set, every operation targeting that venue is denied. This is intentional: fail-closed means no surprises.

# Enable venue adapters individually
ATF_ENABLE_HYPERLIQUID_POLICY=1
ATF_ENABLE_DRIFT_POLICY=1
ATF_ENABLE_MANGO_POLICY=1

When a flag is unset or set to 0, the adapter is fully disabled. The ATF runtime will not evaluate any perps policy for that venue.

Supported venues

VenueChainTypeEnv flag
HyperliquidL1 (own chain)PerpsATF_ENABLE_HYPERLIQUID_POLICY
Drift v2SolanaPerpsATF_ENABLE_DRIFT_POLICY
Mango v4SolanaPerpsATF_ENABLE_MANGO_POLICY

Fail-closed behavior

If any of the following conditions are true, the operation is denied:

  • The venue adapter is not enabled (env flag unset or set to 0).
  • The market is not on the allowed markets list.
  • Requested leverage exceeds the configured cap.
  • Notional value exceeds the configured limit.
  • The operation type is unknown or not in the operation allowlist.
  • Any required field is missing or malformed.

The default outcome is always deny. ATF does not fall back to a permissive mode.

CLI quickstart

Install the CLI

npm install -g @trucore/atf@1.5.1

Or run without installing: npx @trucore/atf@1.5.1 <command>

The ATF CLI includes perps-specific commands. Install the CLI pinned to the current release:

npx @trucore/atf@v1.5.1 perps fixtures

Generate fixture data for a supported venue, then run protect and explain:

# Load fixtures for Drift v2
npx @trucore/atf@v1.5.1 perps fixtures --venue drift

# Protect: evaluate a perps operation against policy
echo '<ExecutionRequest JSON>' | npx @trucore/atf@v1.5.1 perps protect --stdin

# Explain: get a human-readable breakdown of the decision
echo '<ExecutionRequest JSON>' | npx @trucore/atf@v1.5.1 perps explain --stdin

Each command produces a deterministic receipt. Use --verify to confirm the receipt hash matches the expected output.

Example policy (YAML)

perps:
  enabled: true
  venues:
    - drift_v2
    - mango_v4
    - hyperliquid
  markets:
    - SOL-PERP
    - BTC-PERP
    - ETH-PERP
  perps_leverage_max: 5
  perps_notional_max_usd: 50000
  allowed_operations:
    - open
    - close
    - modify

Next steps

  • Policy Model — full reference for all policy primitives.
  • DEX Guardrails — slippage caps, allowlists, and mint controls for spot DEX operations.
  • ATF CLI — complete command reference.
  • Live Demo — try a perps simulation in the browser.