Docs Execution True Agents

True Agents

Non-custodial autonomous trading agents on Solana — recurring, event-driven, and AI-natural-language strategies executed from a per-user session wallet under a signed permit.

What this is

True Agents is the autonomous trading service. A user describes a strategy in plain language (“DCA $50 of SOL every Monday”, “buy AAPLX if it drops 5%”, “sell 25% of my BONK if BTC breaks $80k”), the platform parses it into a structured strategy, and an isolated session wallet executes the trades on Solana under a signed permit that strictly bounds what the agent can do.

The agent service is non-custodial. The user’s primary wallet keeps custody. The session wallet is a per-agent ephemeral keypair that holds only the funds the user has chosen to put in scope, and every execution is gated by the permit the user signed at activation.

Strategy types

Every agent has a StrategyType that determines its trigger logic.

StrategyFires when
RecurringA schedule elapses (minutely, hourly, daily, weekly, monthly).
Price targetAn asset crosses a specific USD/EUR price.
Price moveAn asset moves a percentage over a window (e.g., SOL drops 5% in 24h).
RelativeOne asset outperforms another by a percentage (e.g., SOL/BTC).
Social sentimentX/Reddit bullishness crosses a threshold, or a watched account posts.
Macro eventAn economic indicator publishes (VIX, DXY, FOMC, CPI, earnings).
On-chain eventRaydium graduations, whale moves, liquidation cascades.
Cross-assetWatch one asset to trade another.

Supported assets

ClassWhat’s tradable
CryptoEvery Jupiter-supported Solana asset, including SPL memecoins.
xStocksTokenized US equities (AAPLX, NVDAX, TSLAX, …) issued by Backed Finance and routed through Jupiter SPL pools.
RWAOn-chain real-world assets (Ondo USDY, OUSG, …).
StablecoinsUSDC, USDT, PYUSD as quote assets.

How it works

01
Draft
User prompt is parsed by Claude Haiku 4.5 into a structured CreateAgentSchema. The draft is stored but holds no funds.
02
Preview
Server returns a plain-English summary, the assets in scope, the per-execution cap, and a risk score.
03
Activate
User signs a Permit with assetWhitelist, maxAmountPerExecutionUsd, expiresAt. Server provisions a session wallet (keypair encrypted via KMS envelope), collects a 0.02 SOL activation fee, and arms the strategy.
04
Trigger
Scheduler ticks every 60s for recurring agents using FOR UPDATE SKIP LOCKED. Watcher ticks every 5s for price/event triggers against the Price Engine WebSocket.
05
Execute
Permit bounds re-checked, route built (Jupiter for crypto, xStocks rail for tokenized equities), transaction signed by the session wallet, gas paid by the Umbrella fee-payer wallet.
06
Settle
Trade and PnL written to executions and agent_positions. Activity event broadcast over the SSE stream.

Built-in exits

Every agent can carry up to 10 take-profit rungs, a stop-loss, and a trailing stop. The exit ladder is configured at activation and re-validated against the permit on each fill.

{
  "ladder": [
    { "pct": 25, "atProfitPct": 10 },
    { "pct": 25, "atProfitPct": 25 },
    { "pct": 50, "atProfitPct": 50 }
  ],
  "stopLoss": { "atLossPct": 15 },
  "trailingStop": { "trailPct": 8 }
}

Rules and limits

  • Max 20 active agents per user.
  • Max 500 executions / 24h per user.
  • Recurring interval ≥ 5 minutes. Sub-5m schedules are rejected at validation.
  • Slippage ≤ 500 bps hard cap, lower per liquidity tier.
  • High-risk confirmation. Any single action above 10% of wallet equity or above $10,000 USD requires confirmHighRisk: true at create time.
  • Activation fee. 0.02 SOL transferred from the session wallet to the Umbrella wallet at activation. Sybil-resistance, not revenue.
  • Cooldown. Per-trigger cooldown (0–1440 minutes) persists in trigger_state across restarts so the same condition does not double-fire.
The session wallet only ever holds what the user funded

The user funds the session wallet directly with the budget for that strategy. The Umbrella wallet pays SOL gas, never asset balances. If the agent is paused, stopped, or compromised, only the funds in the session wallet are at risk — never the user’s primary wallet.

Safety rails

  • Per-user KMS-encrypted session wallets. The private key is sealed by AWS KMS and decrypted only inside the executor for the duration of a signing call.
  • Two-stage permit check. Stage 1 validates expiry and assetWhitelist before any network I/O. Stage 2 re-validates the USD amount against maxAmountPerExecutionUsd after price resolution but before signing.
  • Anomaly detection. Fail-closed monitor halts an agent if it exceeds trades-per-hour, USD outflow rate, or attempts to send funds to a destination other than the user’s vault.
  • Vault trade log. Every on-chain transaction the executor signs is appended to an auditable log for forensics.
  • Low-balance flags. The executor sets a lowBalance flag on the execution row when the session wallet or Umbrella fee-payer is running low and surfaces it on the SSE stream.
For Developers

REST API

POST /api/agents/parse-prompt

Body: { promptText, walletAddress }. Returns a structured draft agent the user can preview and activate.

POST /api/agents/

Body: CreateAgentSchema. Persists a draft. No session wallet is provisioned at this point.

POST /api/agents/preview

Body: draft id or full draft. Returns a human summary, the asset list, the per-execution cap, and a risk score.

POST /api/agents/{id}/activate

Body: { permit, signature }. Verifies the Ed25519 signature of the permit against the user’s primary wallet, provisions and KMS-encrypts a session keypair, collects the activation fee, transitions the agent to active.

GET /api/agents/
PATCH /api/agents/{id}
DELETE /api/agents/{id}

PATCH only mutates name and guardrails. To change asset whitelist or cap, the user must stop the agent and sign a new permit.

Public, no-auth endpoints

GET /api/agents/public/{id}
GET /api/agents/public/xstocks/registry

MCP tools

The same surface is exposed as MCP tools so a Claude/Cursor/Continue session can create, list, and toggle agents on behalf of the user (still requires the user to sign the permit at activation):

agents.create   { promptText, walletAddress, ... }
agents.list     { walletAddress, status?, assetClass? }
agents.toggle   { id, action: 'pause' | 'resume' | 'stop', walletAddress }

SSE stream

See Realtime API for the agent execution event stream (executed, errored, next_run_changed, trigger_armed, completed).

Safety, limits, failure modes

  • Permit drift. A permit cannot be edited after signing. Edits require a new permit and a new signature. There is no “raise the cap once” path.
  • Slippage breaches. If a route can only fill above the slippage cap, the execution errors with SLIPPAGE_EXCEEDED and is retried at the next cycle, not partially filled.
  • Oracle-stale guard. If the Price Engine returns a stale-flagged quote on the asset under evaluation, the trigger is treated as not met and the execution is skipped — never fired against an unverifiable price.
  • Anomaly halts are sticky. Resuming a halted agent requires user action; the system will not auto-resume.

See also

  • Agentic Trading — the SAE middleware that wraps every execution.
  • Realtime API — the SSE/WebSocket surface that streams agent events to clients.
  • Authentication — how the permit signature is verified.
  • Price Engine — the quote source the watcher and executor read.
Last updated: