Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.prflght.xyz/llms.txt

Use this file to discover all available pages before exploring further.

POST /check is the core Prflght endpoint. Submit a serialized Solana transaction and your agent’s wallet public key, and Prflght will simulate it against a live RPC, evaluate it against your agent’s policy, verify the health of any DeFi protocols involved, and — if everything passes — return signed ed25519 attestation instructions you must prepend to the transaction before sending it on-chain.

Endpoint

POST https://api.prflght.xyz/check

Authentication

Pass your agent’s wallet public key as the agentId field in the request body. Prflght uses this to look up the policy that governs the transaction.

Request body

tx
string
required
Base64-encoded serialized Solana VersionedTransaction. Serialize the transaction using transaction.serialize() and then encode with Buffer.from(...).toString('base64') before sending.
agentId
string
required
Your agent’s wallet public key as a base58 string. This identifies which policy Prflght evaluates the transaction against.

Request example

{
  "tx": "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQAHDg...",
  "agentId": "4sGjMW1sUnHuiSFRhCAUt3pCkTaLRF1rBDUBGfVXvBb3"
}

Response fields

Prflght returns one of two decision shapes: allow or deny.

Allow response

decision
string
required
"allow" — the transaction passed simulation, policy evaluation, and protocol health checks.
policyHash
string
required
Hex string identifying the exact policy version that was evaluated. Use this for audit trails and to verify you’re running against the expected policy.
expiry
number
required
Unix timestamp (seconds) after which the attestation is no longer valid. You must submit the transaction on-chain before this time.
attestationIxs
array
required
List of instruction objects to prepend to your transaction before submitting. Each instruction has the following shape:

Deny response

decision
string
required
"deny" — the transaction was blocked.
reason
string
required
Human-readable explanation of why the transaction was denied. For example: "notional exceeds policy max_notional_usdc (10000)".

Response examples

{
  "decision": "allow",
  "policyHash": "a3f9c12e8b4d7a0156ef23c9814bdf2e99c0a71d3b55f8e241d36a07c4e89f12",
  "expiry": 1713000000,
  "attestationIxs": [
    {
      "programId": "PrfLGHT11111111111111111111111111111111111111",
      "accounts": [
        { "pubkey": "4sGjMW1sUnHuiSFRhCAUt3pCkTaLRF1rBDUBGfVXvBb3", "isSigner": false, "isWritable": false }
      ],
      "data": "AjKx9mFp..."
    }
  ]
}
You must prepend every instruction in attestationIxs to your transaction before submitting it on-chain. The Prflght on-chain program verifies the attestation as a prerequisite to execution — if the attestation instructions are missing or placed after your other instructions, the transaction will be rejected at the program level.
Transactions are denied for one of three reasons: a policy violation (e.g. notional limit, disallowed program, or slippage cap exceeded), a protocol health check failure (venue health score below your policy threshold), or a simulation failure (the transaction would revert on-chain). The reason field in a deny response tells you which condition triggered the block.