Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.prflght.xyz/llms.txt

Use this file to discover all available pages before exploring further.

A policy defines what your agent is and isn’t allowed to do on-chain. Policies are stored in the Prflght database, scoped per agent wallet, and evaluated on every transaction before it reaches the chain. Without a policy, Prflght denies all transactions by default.

Managing policies

You can create and update policies in two ways:
  • Dashboard — use the policy editor at app.prflght.xyz to configure rules with a visual interface and save them to your agent.
  • Admin API — manage policies programmatically via the admin API, useful for automated deployments and CI/CD workflows.
If no policy is configured for an agent, Prflght denies all transactions by default. Always set a policy before your agent begins sending transactions.

Policy structure

Policies are stored as JSON in the database. The example below shows every supported field: 
{
  "version": 1,
  "agent": "<agent_wallet_pubkey>",
  "allowed_programs": [
    "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4"
  ],
  "max_notional_usdc": 10000,
  "max_slippage_bps": 50,
  "daily_transfer_limit_usdc": 50000,
  "pause_on_protocol_tvl_drop": {
    "drift": 0.15
  },
  "deny_if_protocol_health_below": 60
}

Field reference

Type: integer Required: yes Example: 1The policy schema version. Always set this to 1. Future schema changes will increment this value, and Prflght will validate accordingly.
Type: array of strings (base58 public keys) Required: yes Example: ["JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4"]An allowlist of Solana program addresses your agent is permitted to invoke. Any transaction that calls a program not on this list is denied. Add the address of every program your agent legitimately needs to interact with — for example, Jupiter v6, Orca Whirlpools, or your own deployed programs.
Type: number Required: yes Example: 10000The maximum per-transaction notional value in USDC. Prflght calculates the notional value of the transaction and denies it if the value exceeds this limit. Set this to the largest single transaction your agent legitimately needs to execute.
Type: integer (basis points) Required: yes Example: 50 (= 0.5%)The maximum slippage tolerance in basis points that your agent is allowed to set on a swap. Transactions where the configured slippage exceeds this limit are denied. 100 basis points equals 1%.
Type: number Required: no Example: 50000A rolling 24-hour cap on total USDC transferred across all transactions from this agent. Once cumulative transfers reach this limit within any 24-hour window, further transfer transactions are denied until the window resets.
Type: object (protocol ID → fractional drop) Required: no Example: { "drift": 0.15 }A map of protocol IDs to fractional TVL drop thresholds. If a protocol’s TVL drops by more than the specified fraction within the monitoring window, Prflght pauses the agent — blocking all transactions until the TVL recovers or you manually unpause. A value of 0.15 means a 15% drop triggers the pause.
Type: integer (0–100) Required: no Example: 60A health score threshold. Any transaction involving a protocol whose current health score is below this value is denied. Health scores are computed from live TVL data from DeFiLlama. See Protocol Health for details on how scores are calculated.
Start with conservative limits — a low max_notional_usdc, a tight max_slippage_bps, and a short daily_transfer_limit_usdc — and loosen them as you observe your agent’s real transaction patterns. It’s much easier to raise limits than to recover from an agent that was too permissive.