Firewall for agents
moving onchain money.
Not advisory. Enforced.
Agent keeps its wallet. prflght intercepts every transaction, simulates it, checks policy, and attests on-chain - or blocks it before it leaves.
"You might delegate an agent to manage staking rewards — only to find your funds rerouted to an obscure yield vault you've never heard of. You didn't sign that transaction — but you technically authorized it. These aren't edge cases. They're realities."
Every guardrail today is advisory. The check is not a warning. It is enforcement.
Build. Check.
Enforce. In that order.
Heavy logic runs off-chain: simulation, policy eval, protocol health. On-chain enforcement is minimal and tamper-proof. The agent's wallet is never touched.
Build
Your agent, vault, or treasury bot constructs a draft transaction — swap, perp, borrow. Nothing changes in how you build. Any wallet, any framework.
elizaOS · SAK · customCheck
One SDK call: firewall.check(tx). Risk engine parses program IDs, simulates, evaluates your policy, validates protocol health — returns a signed attestation.
p95 < 500msEnforce
Two instructions are prepended to the transaction. The on-chain program verifies the Ed25519 signature. Wrong program, bad slippage, unhealthy venue — never reaches the chain.
Ed25519 · TTL 60sEvery layer mandatory.
Every layer verifiable.
The complex logic runs off-chain. The ed25519 signature guarantees it ran. On-chain, the program checks only what needs tamper-proof state.
Simulate before signing.
Full off-chain execution preview. Catch reverts, unexpected token outputs, and compute blowups — before the agent ever broadcasts.
Programmable rules.
Per-agent rules configured in the dashboard. Slippage, notional size, allowed programs, venue allowlist — enforced off-chain and guaranteed by the attestation.
Cryptographically unfakeable.
Ed25519 signature. TTL-bound. Policy-hashed. Verified by a Solana program before a single instruction executes.
12 venues. Live TVL signals.
Orca, Drift, Kamino, Raydium, Jupiter, Marginfi, Solend, Marinade, Jito, Meteora, Phoenix, Mango. A 30%+ TVL drop in 1h scores below threshold — agents blocked automatically.
Stale feeds blocked.
Per-policy staleness windows. If the collateral oracle is older than your threshold, the instruction does not get a signature.
These are not
edge cases.
Default behavior of autonomous agents running without a mandatory enforcement layer. Every scenario below is possible today on any agent framework.
The runaway agent
Malformed signal. Agent loops the same $200k swap. Each transaction is individually valid.
DEXes enforce per-tx slippage. Nothing enforces cumulative exposure.
Transaction 4 blocked at the policy ceiling. Loop halts before treasury drain.
The oracle trap
Borrow against USDC collateral. Price feed is 54 seconds stale — past the acceptable window.
Lending protocols accept stale feeds if their own checks pass. Agent has no signal.
Simulation flags stale feed. Borrow never signed. Agent waits for fresh oracle update.
The degraded venue
$200k perp open routed through Drift during oracle latency spike and lagging liquidations.
Agent has no real-time protocol-health telemetry. Fill degrades, MEV exposure spikes.
Health registry marks Drift degraded. Execution blocked. Agent holds or reroutes.
Two lines.
One guarantee.
TypeScript SDK. Drop it in before your signer — done.
1// Install: npm install @prflght/sdk
2import { Firewall } from '@prflght/sdk';
3
4const fw = new Firewall({ apiKey, agentId });
5
6// Throws FirewallDenyError on deny.
7const result = await fw.check(draftTxBase64);
8
9// inject() converts attestation → @solana/kit instructions.
10const tx = buildTransaction([
11 ...fw.inject(result.instructions),
12 ...draftIxs,
13]);
14
15await sendAndConfirmTransaction(connection, tx);
16// Blocked transactions never reach the network.Embedded once.
Never removed.
Critical infra that gets embedded at the signing layer and stays. Like Chainalysis for compliance or Twilio for comms — the value compounds with every transaction processed.
Wallet infrastructure
Turnkey, Privy, Dynamic — you manage signing keys for agents. Your customers are already asking about spending controls. prflght sits between agent logic and the signing step, offered as a built-in safety option.
Agent frameworks
elizaOS plugin or Solana Agent Kit middleware — one integration puts enforcement on every agent built on your framework. No per-action opt-in. No changes to how agents are built.
Teams with agents in production
Your trading bot doesn't ask permission. Neither does your rebalancer. prflght puts mandatory policy enforcement on every execution without changing how your agent is built or deployed.
Every transaction.
Every check. In flight.
Live decisions across real Solana DeFi protocols. Every allowed attestation adds to the dataset. Every blocked transaction is a policy enforced, not a warning surfaced after the fact.
Start in 3 lines
of code.
Connect a wallet, get an API key, and add prflght to your agent in minutes. Free tier: 10K checks/month. For wallet infra and enterprise integrations, reach out directly.