Skip to main content
prflght
Runtime Enforcement · Solana

Enforcement
before every agent
execution on Solana

Agentic capital is already executing on-chain. Every existing guardrail is advisory. Agents can override them. prflght puts mandatory enforcement between intent and execution: simulation, policy checks, and on-chain attestation.

Request Early AccessView SDK
Non-custodial
Solana-native
On-chain verifiable
firewall · check
$ fw.check(draftTx)
[✓] simulation.........................ok
[✓] policy:slippage 0.3% < 1.0%ok
[✓] policy:notional $4,200 < $10kok
[✓] protocol:orca...................healthy
decision: ALLOW
attestation: a7f3c2e8b4d1...f09a · TTL 60s · Ed25519

Agentic capital has the rails. It has the agents. The one thing missing: mandatory enforcement before execution. Every guardrail today is advisory. Your agent builds a swap, a perp, a treasury transfer. Nothing mandatory stands between intent and execution. prflght changes that.

<100ms
Median check latency
3 layers
Simulation + policy + protocol health
60s TTL
Per attestation, on-chain enforced
How it works

Enforcement in three steps

01

Build

Your agent, vault, or treasury bot constructs a draft transaction: a swap, perp order, or stablecoin transfer. Nothing changes in how you build.

Any existing agent framework. Any wallet. Any execution flow.

02

Check

One SDK call. The risk engine simulates the transaction, evaluates your policies, and checks live protocol health.

Returns a cryptographically signed attestation in under 100ms.

03

Enforce

The on-chain program verifies the attestation before any instruction executes. Without a valid attestation, nothing executes.

Blocked transactions never reach the network.

On-chain program verifies Ed25519 attestation signature, TTL, policy hash, then lets remaining instructions execute.

Features

Everything the firewall needs

Off-chain risk engine + on-chain attestation + policy DSL + protocol health registry. The full enforcement stack.

Transaction Simulation

Risk layer 1

Full off-chain simulation before signing. Catch reverts, unexpected token outputs, and compute issues. Your agent never sends a transaction that would fail or succeed badly.

Policy Engine

Risk layer 2

Programmable, mandatory rules: slippage bounds, max notional, program allowlist and denylist. Not a dashboard. Not a suggestion. Enforcement your agent cannot bypass.

Protocol Health Registry

Risk layer 3

Don't let your agent trade on a degraded venue. Real-time health data for Orca, Drift, Kamino. Execution is automatically blocked when protocols enter anomalous state.

On-chain Attestation

Enforcement

Ed25519-signed, TTL-bound attestation verified by a Solana program before execution. Cryptographically unfakeable. Zero trust assumptions on the agent.

Why enforcement exists

What unguarded agents execute.

These are not edge cases. They are the default behavior of autonomous agents running without a mandatory enforcement layer.

01
The runaway agent

Agent receives a malformed signal and executes the same swap in a loop. Each individual transaction looks valid. No single tx violates anything.

Without enforcement

Swap protocols enforce per-tx slippage. Nothing enforces cumulative exposure across transactions.

max_daily_notional: $500k

Transaction 4 is blocked. Cumulative volume has hit the policy ceiling. The loop stops before the treasury is drained.

02
The oracle trap

Agent constructs a borrow instruction against USDC collateral. The oracle feeding the collateral price is 54 seconds stale — past the acceptable window.

Without enforcement

Lending protocols accept stale oracle data if it passes their own internal checks. The agent has no way to verify oracle freshness before submitting.

oracle_staleness_limit: 30s

Simulation detects the stale feed before the instruction is signed. The borrow is blocked. Agent waits for a fresh oracle update.

03
The degraded venue

Agent routes a $200k perp open through Drift. Drift is in degraded state — oracle latency is elevated, liquidation engine is lagging.

Without enforcement

The agent has no real-time visibility into protocol health. It submits anyway. Fill quality degrades, MEV exposure spikes, position opens at a worse price than simulated.

protocol_health: block_degraded

prflght's health registry flags Drift as degraded. Execution is blocked. Agent holds until the protocol recovers or reroutes.

SDK

Two lines to integrate

TypeScript SDK wraps the Firewall API. Drop it into your existing agent transaction flow.

agent.ts
TypeScript
// Install: npm install @prflght/sdk
import { Firewall } from '@prflght/sdk';

const fw = new Firewall({ apiKey: process.env.PRFLGHT_KEY });

// Check before every transaction
const { decision, attestation } = await fw.check(draftTxBase64)

if (decision === 'Allow') {
  const tx = fw.inject(draftTx, attestation)
  await sendAndConfirmTransaction(connection, tx)
}
// Blocked transactions never reach the network
firewall.check(tx)
→ decision + attestation
firewall.inject(tx, att)
→ signed tx with verification
Built for

Built for teams where agents are already live

Not for teams planning to add agents someday. For teams where autonomous execution is already happening. Enforcement is overdue.

Agent Treasury Teams

Your rebalancer doesn't ask for permission. Neither does your trading bot. prflght puts mandatory policy enforcement on every execution without slowing the agent down.

RebalancersTrading botsVaults

Smart Account Teams

Build agent permissions your users can actually trust. Programmable execution constraints with cryptographic enforcement, not UI warnings they can dismiss.

Smart walletsSession keysAgent permissions

DeFi Protocols

Agent-driven volume is growing. Accept it with confidence. On-chain verifiable attestations mean execution was policy-checked before it ever reached your protocol.

DEXsPerpsLending
Private beta

Request early access

We're working with the first teams to integrate prflght into live agent execution flows: swaps, perps, stablecoin transfers. If you're running autonomous DeFi on Solana, let's talk.

Request Early AccessView GitHub