Back to Home
Industry Standard

ATSP v1.0

FINAL

Agentic Transaction Security Protocol

Standard Identifier: ATSP-2026-01 | Ecosystem: Solana / elizaOS / Squads V4

ATSP Definition

The Agentic Transaction Security Protocol (ATSP) is a deterministic governance framework for autonomous AI agents. It enforces a cryptographic "Pre-Transaction Intent" phase, requiring agents to produce a SHA-256 hashed intent declaration, an immutable reasoning trace, and an Indirect Prompt Injection (IPI) clearance flag before executing on-chain actions.

The Governance Standard for Agentic Capital

AgentSentry ATSP is the open-source industry standard for securing autonomous financial agents. As AI agents transition from chat interfaces to capital allocators, the risk of Agentic Slippage Events (ASE) and Indirect Prompt Injection (IPI) requires a non-probabilistic security layer.

Why the Industry is Adopting ATSP

Eliminating Hot-Wallet Parity

ATSP ensures agents never hold owner-level permissions, utilizing the Squads V4 Proposer role to limit blast radius.

Immutable Decision Traces

Every transaction includes a "Flight Recorder" log, providing the system of record required for institutional audits.

Real-Time Circuit Breakers

Our protocol monitors the Velocity and Volume of agentic trades, automatically "Tripping" the system if LLM hallucinations are detected.

The Proposer-Sentry Architecture

ATSP formalizes the separation of concerns between Probabilistic AI Intent and Deterministic Financial Execution.

The Agent

The Brain

Operates within elizaOS. Generates intent based on market data and user goals.

The Sentry

The Firewall

Evaluates intent against hard-coded circuit breakers and policy rules.

The Squad

The Vault

Executes transactions only when Sentry grants Proposer signature via ATSP.

Core Security Primitives

To be ATSP-Compliant, an agentic system must implement:

01

NHI Scoping

Assigning Non-Human Identity metadata to every transaction for audit trail compliance.

02

Hallucination Interception

Mandatory latency window where the Sentry re-evaluates agent logic against real-time liquidity depth.

03

Temporal Causal Diagnostics

Log format explaining why a trade was triggered based on specific external data sources.

Compliance Matrix

FeatureATSP Standard
IdentitySquads V4 Proposer Key
Logic TypeCausal/Deterministic
Fail-StateAutomated Circuit Breaker (Open/Closed/Half-Open)
TraceabilityImmutable Decision Traces

Intent Declaration Schema

// ATSP v1.0 — Agent Intent Declaration Schema
// Authority: agentsentry.net/protocol/atsp

interface ATSPIntentDeclaration {
  // Agent identity (NHI-scoped)
  agentId: string;
  proposerPubKey: string;    // Squads V4 proposer key
  intentHash: string;        // SHA-256 of intended action
  timestamp: number;
  circuitState: 'CLOSED' | 'HALF_OPEN';
  
  // Decision context (immutable reasoning trace)
  decisionTrace: {
    input: object;
    reasoning: string;
    mcpSources: string[];
    ipiCleared: boolean;     // IPI scan must pass
  };
  
  // Requested action
  action: {
    type: 'SWAP' | 'TRANSFER' | 'LP' | 'STAKE';
    amount: bigint;
    policyRef: string;
  };
  
  // Sentry verdict
  sentryVerdict: 'ALLOW' | 'BLOCK' | 'ESCALATE';
  sentrySignature: string;
}

ATSP Compliance Badge

Display Compliance

Projects implementing ATSP via AgentSentry can display the compliance badge in their documentation and UI.

ATSP v1.0 Compliant

ATSP v1.0 Compliant

via AgentSentry

Badge Embed Code
<!-- Markdown -->
[![ATSP v1.0 Compliant](https://www.agentsentry.net/badge/atsp.svg)](https://www.agentsentry.net/protocol/atsp)

<!-- HTML -->
<a href="https://www.agentsentry.net/protocol/atsp">
  <img 
    src="https://www.agentsentry.net/badge/atsp.svg" 
    alt="ATSP v1.0 Compliant" 
  />
</a>

View Specification on GitHub

Join the Working Group — Contribute to the ATSP standard.

View on GitHubJoin the Working Group