Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.prflght.xyz/llms.txt

Use this file to discover all available pages before exploring further.

The @prflght/sdk package is the lowest-level way to integrate Prflght into your agent. You call firewall.check() before sending any transaction, receive attestation instructions on allow, and catch FirewallDenyError on deny. Every other Prflght integration is built on top of this SDK.

Installation

npm install @prflght/sdk

Initialization

Create a Firewall instance once at startup and reuse it for every transaction check. You need two values:
  • apiUrl — the Prflght API base URL: https://api.prflght.xyz
  • agentId — your agent’s Solana wallet public key as a base58 string
import { Firewall, FirewallDenyError } from '@prflght/sdk'

const firewall = new Firewall({
  apiUrl: 'https://api.prflght.xyz',
  agentId: agentKeypair.publicKey.toString(),
})

The check() method

Call firewall.check() before sending any transaction. Pass the transaction as a base64-encoded serialized VersionedTransaction. On allow, check() returns an object with an instructions array — these are attestation instructions you must prepend to your transaction before submitting it on-chain. On deny, check() throws a FirewallDenyError with a .reason string describing why the transaction was blocked.
You must prepend the returned attestation instructions to your transaction before sending. The Prflght on-chain program verifies the attestation at execution time — submitting without them will cause the transaction to fail.

Full example

import { Firewall, FirewallDenyError } from '@prflght/sdk'

const firewall = new Firewall({
  apiUrl: 'https://api.prflght.xyz',
  agentId: agentKeypair.publicKey.toString(),
})

// Before sending any transaction:
try {
  const result = await firewall.check(txBase64)
  // result.instructions = attestation ixs to prepend to your tx
  const finalTx = buildTxWithIxs([...result.instructions, ...yourIxs])
  await sendAndConfirm(finalTx)
} catch (err) {
  if (err instanceof FirewallDenyError) {
    console.error('Blocked:', err.reason) // e.g. "notional exceeds policy limit"
  }
}
To serialize a VersionedTransaction to base64, use:
const txBase64 = Buffer.from(tx.serialize()).toString('base64')
Make sure you serialize the transaction after signing but before calling check().

Error handling

FirewallDenyError is thrown whenever Prflght blocks a transaction. Catch it separately from other errors so you can handle policy denials without masking unexpected failures.
PropertyTypeDescription
err.reasonstringHuman-readable explanation of why the transaction was denied
Common reason strings include:
  • "notional exceeds policy limit" — the transaction value exceeds your agent’s configured spending cap
  • "program not in allowlist" — the transaction calls a Solana program your policy does not permit
  • "slippage exceeds policy limit" — the swap slippage tolerance is above your configured threshold
  • "protocol health check failed" — the DeFi protocol involved has TVL below your minimum health threshold
try {
  const result = await firewall.check(txBase64)
  // proceed
} catch (err) {
  if (err instanceof FirewallDenyError) {
    // Handle policy denial — log, alert, or skip the transaction
    console.error('Transaction blocked by Prflght:', err.reason)
  } else {
    // Re-throw unexpected errors
    throw err
  }
}