Protect your AI agents from runaway spend.
Tripwire is an on-chain insurance layer for autonomous agents. Set hard spend limits, get paid out automatically when an agent goes off-rails, and keep your fleet accountable without rewriting any of its logic.
Introduction
Every week an AI agent somewhere drains a treasury. Long-running loops, compromised API keys, a tool that calls itself — the failure modes are many and the outcome is the same: a wallet empties, an invoice arrives, nobody is watching.
Tripwire sits in front of your agent's wallet and enforces a policy you define: maximum spend per hour, per transaction, per tool, per recipient. When the agent tries to breach that limit, the transaction is held; if a breach slips through, the underwriting pool pays you out.
Quickstart
Most teams are covered in under ten minutes. You'll need a Solana wallet with signing permission over your agent's treasury and at least 50 $COVER to stake.
-
Create an account
Sign up at tripwireagent.xyz/signup and connect the wallet that controls your agent's treasury.
-
Define a policy
Pick your spend ceilings: per-tx, per-hour, per-day. Optional allowlists for recipients and programs.
-
Stake $COVER
Deposit $COVER to activate the policy. The stake backs your payout and earns yield while idle.
-
Route traffic
Point your agent's RPC at the Tripwire endpoint, or drop the SDK into your codebase. No logic changes required.
How it works
Tripwire is not a wrapper around your agent — it's a transaction gate that sits between the agent's signer and the chain. Three things happen on every transaction:
1. Simulation
Every tx is simulated against your policy before it's broadcast. Breaches are held in a pending queue for up to 60s.
2. Enforcement
If the simulation violates a hard limit, the tx is rejected. Soft limits trigger a webhook so you can decide.
3. Settlement
If a breach clears anyway (e.g. during a downtime bypass), the $COVER pool auto-pays the insured amount.
4. Attestation
Every enforced tx gets a signed attestation on-chain. Audit trail lives in one queryable ledger.
Policies
A policy is a signed JSON object that declares the rules for an agent's wallet. Store it alongside your agent config — Tripwire enforces the same rules regardless of which client writes the transaction.
{
"agent_id": "ag_8fnZ4qpL",
"wallet": "DYw8jQGHt5...9kPa",
"limits": {
"per_tx_usd": 50,
"per_hour_usd": 250,
"per_day_usd": 1500
},
"allow_programs": ["Jupiter", "Raydium"],
"payout_recipient": "HrAx2pR...aLp7",
"coverage_usd": 5000
}On-chain limits
Limits are denominated in USD and computed at the time of simulation using the Pyth price feed. You can set:
- Per-transaction cap — rejects any single tx above the value
- Hourly / daily / weekly — rolling windows, reset at sliding boundaries
- Program allowlists — only interact with named Solana programs
- Recipient blocklists — block specific counterparties
$COVER staking
Tripwire is underwritten by the $COVER token pool. To activate a policy you deposit $COVER equal to 2% of your coverage amount. In exchange:
- Your policy is backed up to the full coverage amount
- The stake earns base yield from pool fees (currently ~6.8% APR)
- Unused stake is withdrawable after a 48-hour cooldown
Claims & payouts
Most payouts are automatic. When Tripwire's attestor detects a confirmed breach, a payout transaction is signed by the pool and sent to your payout_recipient within one block.
Disputed claims (edge cases, partial breaches) go to the DAO review queue and settle within 72 hours.
JavaScript SDK
The SDK wraps any signer with policy enforcement. It works with @solana/web3.js keypairs, wallet adapters, and remote signers.
// npm install @tripwire/sdk
import { TripwireSigner } from "@tripwire/sdk";
import { Keypair } from "@solana/web3.js";
const signer = new TripwireSigner({
keypair: Keypair.fromSecretKey(process.env.AGENT_KEY),
apiKey: process.env.TRIPWIRE_API_KEY,
agentId: "ag_8fnZ4qpL",
});
// use it anywhere you'd use a normal signer
const sig = await signer.sendTransaction(tx);Webhooks
Tripwire posts to your webhook URL whenever a policy event fires. Events are signed with an HMAC header (X-Tripwire-Signature) derived from your webhook secret.
| Event | Triggered when |
|---|---|
tx.held | A tx is held pending review |
tx.rejected | A tx violates a hard limit |
limit.soft_hit | Soft limit reached, tx still passed |
payout.sent | Insurance payout confirmed on-chain |
policy.updated | Policy JSON changed |
POST /your-webhook HTTP/1.1
X-Tripwire-Signature: t=1713589200,v1=3a8b...
{
"event": "tx.rejected",
"agent_id": "ag_8fnZ4qpL",
"tx_hash": "5gQR...Zx2",
"reason": "per_tx_usd exceeded",
"amount_usd": 82.14
}CLI
The CLI is useful for scripting and CI — you can apply policies from JSON files, tail event streams, and simulate transactions locally.
# install
npm install -g @tripwire/cli
# authenticate
tripwire login
# apply a policy file
tripwire policy apply ./agent-policy.json
# tail events in real time
tripwire events tail --agent ag_8fnZ4qpLREST API
Base URL: https://api.tripwireagent.xyz/v1. Authenticate with a bearer token — issued per-project under Settings → API keys.
| Method | Path | Purpose |
|---|---|---|
POST | /policies | Create a new policy |
GET | /policies/:id | Read an existing policy |
PATCH | /policies/:id | Update limits or allowlists |
GET | /events | Paginated event history |
POST | /simulate | Simulate a tx against the policy |
Errors
The API uses conventional HTTP codes. Body is always JSON with code, message, and optional details.
| Code | Meaning |
|---|---|
400 | Invalid policy or malformed body |
401 | Missing or invalid API key |
402 | Insufficient $COVER stake |
409 | Policy conflict — agent already has an active policy |
429 | Rate limited — 100 req/min per project |
5xx | Retry with exponential backoff |
FAQ
Does Tripwire custody my funds?
No. Your agent's wallet stays under your signer. Tripwire only simulates and gates transactions — it never holds the principal.
What happens if Tripwire goes down?
Policies fall back to fail-closed or fail-open based on your config. Fail-closed stops the agent entirely; fail-open lets it pass through with event logging only.
Can I use Tripwire without $COVER?
You can run in monitor-only mode for free — you get the attestations and events but no payout coverage. Staking $COVER unlocks the insurance layer.
How are limits priced in USD?
At simulation time the tx is priced using Pyth. For non-Pyth assets (long-tail SPL) we fall back to Jupiter quote prices with a 2% safety margin.
Is this audited?
Yes — Ottersec reviewed the underwriting program in February 2026. The audit report is on our GitHub.