T3MP3ST is now adapted as a Solana-native multi-agent harness for on-chain trading-security review, read-only RPC evidence, transaction decoding, local/testnet simulation planning, x402-aware service gates, and defensive agent operations.
The package still exposes the historical t3mp3st and tempest CLI names for
compatibility, but the default domain model is Solana-first: programs, accounts,
mints, wallets, RPC endpoints, transaction intents, signer boundaries, PDA/CPI
surfaces, SPL Token, Token-2022, and simulation-before-signing gates.
- Reframed the docs as a Solana trading-security command center: read-only RPC evidence, transaction decoding, route review, quote drift, wallet-prompt safety, simulation gates, and receipt-required signing.
- Rebuilt the docs homepage at docs/index.html with a Solana trading dashboard, risk gates, and links into the new operating model.
- Replaced legacy benchmark/security pages with trading-specific references: AI red-team techniques, simulation bench, wall forensics, integrity ledger, and baseline rules.
- Updated the companion Phoenix perpetuals terminal UI in
/Users/8bit/Perp-Dex-Trading-Bot-main/src/uiso the strategy selector and Trend/Maker/Offset Maker dashboards use Phoenix, Vulcan, Solana, paper/live mode, FIFO order book, account risk, and receipt-gate language. - Mapped the Phoenix documentation index into the README so operators can jump from T3MP3ST review gates to Vulcan CLI setup, strategy loops, Phoenix risk pages, and Rise SDK integration docs.
- Preserved the safety floor: no private keys or seed phrases, no autonomous swaps/transfers/votes/mints/burns/authority changes, no market manipulation, and no buy/sell/hold advice.
Phoenix perpetual futures are live Solana mainnet markets. Vulcan is the agent- and human-friendly CLI surface for Phoenix, with structured JSON output, strategy runners, and a local MCP server. Treat it as a companion operator tool, not as an unguarded execution backend.
Use T3MP3ST for review gates:
- Scope the market, wallet, trader account, RPC endpoint, and action class.
- Read market/account state and decode transaction intent.
- Require paper mode or local/devnet fixtures for agent rehearsal.
- Require simulation and human receipts before live signing or value movement.
- Attach command output, transaction signatures, fills, funding, and PnL to evidence only after redaction.
Install and verify Vulcan separately:
curl -fsSL https://github.com/Ellipsis-Labs/vulcan-cli/releases/latest/download/install.sh | sh
vulcan version
vulcan setup
vulcan status -o jsonAgent-safe defaults:
vulcan mcp
vulcan agent install --target codex
vulcan agent health
vulcan agent mcp diagnose --target codex --scope userLive-capable mode is intentionally explicit:
export VULCAN_WALLET_NAME=my-wallet
export VULCAN_WALLET_PASSWORD=your-password
vulcan mcp --allow-dangerousDo not put live-capable MCP config behind unattended agent access unless wallet permissions, paper/live mode, confirmations, receipts, and operator monitoring are all in place.
Phoenix docs to keep beside the console:
- Vulcan CLI
- Vulcan installation
- Vulcan command reference
- Vulcan strategies
- Phoenix account health
- Phoenix order types
- Phoenix FIFO order book
- Rise SDK orders
- Phoenix REST/WebSocket best practices
Read these first:
Default posture is read-only. The harness does not need private keys or seed phrases. It does not sign, submit, trade, launch, vote, transfer, or move value without explicit human receipts and a prior simulation plan.
- Solana target types:
solana_programsolana_accountsolana_tokensolana_walletsolana_validatorsolana_rpcsolana_transaction
- Solana helpers:
- public-key validation
- cluster normalization
- explorer links
- Solana target factories
- deterministic receipt hashes
- read-only JSON-RPC helper
- Arsenal tools:
solana_address_validatesolana_rpc_healthsolana_account_lookupsolana_program_audit_plansolana_transaction_dry_run_plan
- Planning/runtime routing:
solana_onchainmission family- Solana workflow preset
- Solana prompt pack
- Solana runbook
- Solana resource packs
- RoE gates for signing, value movement, authority changes, and governance
- Catalog-only Solana tools:
- Solana CLI
- SPL Token CLI
- Anchor CLI
- Codama
- LiteSVM
- Surfpool
The catalog-only tools are intentionally not generic executable adapters yet. They can submit transactions or depend on project-local harnesses, so they stay documented until narrow no-submit templates are implemented.
npm install
npm run typecheck
npm run test:solana
npm testStart the local API and War Room:
npm run server
# UI: http://127.0.0.1:3333/ui/Solana defaults:
export T3MP3ST_SOLANA_CLUSTER=devnet
export T3MP3ST_SOLANA_RPC_URL=https://api.devnet.solana.com
export T3MP3ST_SOLANA_WS_URL=wss://api.devnet.solana.com
export T3MP3ST_SOLANA_COMMITMENT=confirmedimport {
createSolanaProgramTarget,
createSolanaMissionReceipt,
isSolanaAddress,
} from 't3mp3st';
const programId = '11111111111111111111111111111111';
if (isSolanaAddress(programId)) {
const target = createSolanaProgramTarget(programId, 'devnet');
const receipt = createSolanaMissionReceipt({
missionId: 'mission-solana-review',
action: 'read-only-program-review',
target: target.address,
reason: 'Scope-approved read-only Solana review',
});
console.log(target, receipt);
}- Confirm written authorization, cluster, RPC endpoint, and public-key scope.
- Validate addresses and classify program/account/mint/wallet/RPC targets.
- Read account metadata without copying raw account data into evidence.
- Review local Anchor/Pinocchio/native source or IDL when available.
- Generate the Solana audit route: signers, writable accounts, PDAs, CPIs, token authorities, Token-2022 extensions, compute budget, priority fees.
- Build a dry-run plan before any state-changing hypothesis.
- Simulate locally/devnet and capture logs, account diffs, units consumed, and falsifiers.
- Require a human receipt before any wallet prompt or irreversible action.
Preferred stack for future Solana expansion:
@solana/kitfor new client/RPC/transaction code.- Wallet Standard and framework-kit patterns for UI wallet discovery.
- Anchor for normal program iteration; Pinocchio for compute-sensitive programs.
- Codama for typed client generation.
- LiteSVM/Mollusk for fast tests; Surfpool for realistic cluster-state tests.
Use this only on assets you own or have explicit permission to assess. Mainnet operations are read-only unless a mission contract and approval receipt say otherwise. Never provide private keys or seed phrases to the harness.
AGPL-3.0-or-later. See LICENSE.