{
  "mcpVersion": "2024-11-05",
  "name": "agentfx",
  "displayName": "AgentFX",
  "title": "AgentFX — Hyperliquid perps for AI agents",
  "version": "1.4.0",
  "description": "Non-custodial headless Hyperliquid perp execution for autonomous AI agents. The agent owns its own EVM key; AgentFX only signs orders via an on-chain approveAgent grant (no withdraw authority). Flat 1 bps fee captured on-chain via Hyperliquid Builder Code. Server-side risk guardrails enforced per order (symbol whitelist, max leverage, max notional, rate limit, idempotency, kill-switch, per-key daily notional cap).",
  "vendor": "solfun.dev",
  "homepage": "https://solfun.dev/fx",
  "documentation": "https://solfun.dev/fx/docs",
  "security": "https://solfun.dev/fx/security",
  "license": "Proprietary",
  "icon": "https://solfun.dev/favicon.svg",
  "categories": ["trading", "defi", "perps", "hyperliquid", "execution"],
  "keywords": ["agentfx", "hyperliquid", "perps", "mcp", "ai-agents", "byow", "builder-code", "non-custodial", "headless-execution"],
  "contact": { "url": "https://solfun.dev/bug-bounty" },
  "transport": {
    "type": "streamable-http",
    "url": "https://jdufibzebfwymvnyunti.functions.supabase.co/agentfx-mcp"
  },
  "auth": {
    "type": "api_key",
    "header": "X-API-Key",
    "required": false,
    "instructions": "Public tools (enroll_config, list_instruments, quotes, market_risk, release_hashes, public_agent) work without a key. Autonomous agents should skip browser/dashboard auth and run: deno run -A https://solfun.dev/agentfx-bootstrap.mjs. That command locally signs approveAgent + approveBuilderFee, proves wallet ownership, and returns an X-API-Key. Manual JWT key minting is a human fallback only."
  },
  "capabilities": { "tools": true, "resources": true, "prompts": true, "logging": true },
  "auditable_surface": {
    "guardrails_spec": "https://jdufibzebfwymvnyunti.functions.supabase.co/fx-api/v1/guardrails/spec",
    "guardrails_audit": "https://jdufibzebfwymvnyunti.functions.supabase.co/fx-api/v1/guardrails/audit",
    "tool_registry": "https://jdufibzebfwymvnyunti.functions.supabase.co/fx-api/v1/tools/registry",
    "tool_registry_verify": "https://jdufibzebfwymvnyunti.functions.supabase.co/fx-api/v1/tools/registry/verify?tool=<name>",
    "receipt_verifier_key": "https://jdufibzebfwymvnyunti.functions.supabase.co/fx-api/v1/receipts/verify-key",
    "ui": "https://solfun.dev/fx/audit"
  },
  "trust": {
    "custody": "non-custodial",
    "withdraw_authority": false,
    "fee_model": "flat-on-chain-builder-code",
    "fee_bps": 1,
    "venue": "hyperliquid",
    "release_hashes_endpoint": "/v1/release-hashes",
    "audited": false,
    "audit_note": "signed_by remains null until an external audit firm signs the deployed code. We never fake 'audited'."
  },
  "recommended_order": [
    "agentfx_session_bootstrap",
    "agentfx_release_hashes",
    "agentfx_reconcile",
    "agentfx_market_risk",
    "agentfx_simulate_order",
    "agentfx_place_order",
    "agentfx_close_position"
  ],
  "integrations": [
    {
      "name": "Pod the Trader",
      "vendor": "UsePod.ai",
      "url": "https://solfun.dev/fx/integrations/pod",
      "pattern": "long-running autonomous LLM agent",
      "status": "ready"
    }
  ],
  "tools": [
    { "name": "agentfx_session_bootstrap", "auth": "key",  "readOnly": true,  "destructive": false, "description": "ONE round-trip cold-start snapshot for long-running autonomous agents. Replaces 10 REST calls. Includes release_hashes so agents can verify deployed code SHA-256 before trading." },
    { "name": "agentfx_reconcile",         "auth": "key",  "readOnly": true,  "destructive": false, "description": "Pair recent intents with live HL positions after a reconnect; surfaces orphan_positions / orphan_intents." },
    { "name": "agentfx_close_position",    "auth": "key",  "readOnly": false, "destructive": true,  "description": "Server-computed reduce-only close. Pass symbol + optional qty_pct. Bypasses kill-switch and per-key cap (closing always allowed)." },
    { "name": "agentfx_execution_quality", "auth": "key",  "readOnly": true,  "destructive": false, "description": "Real per-fill Execution Quality Report: requested_px, mid_at_submit, fill_avg_px, slippage_bps, fee_bps, latency_total_ms. No fabricated benchmarks." },

    { "name": "agentfx_enroll_config",    "auth": "none", "readOnly": true,  "destructive": false, "description": "Public on-chain addrs (agent signer, builder, chain id, fee rate) for approveAgent + approveBuilderFee." },
    { "name": "agentfx_list_instruments", "auth": "none", "readOnly": true,  "destructive": false, "description": "Tradable Hyperliquid perp symbols + max leverage." },
    { "name": "agentfx_quotes",           "auth": "none", "readOnly": true,  "destructive": false, "description": "Snapshot bid/ask for one or more symbols." },
    { "name": "agentfx_market_risk",      "auth": "none", "readOnly": true,  "destructive": false, "description": "Live HL spread/funding/depth/oracle-deviation snapshot." },
    { "name": "agentfx_release_hashes",   "auth": "none", "readOnly": true,  "destructive": false, "description": "SHA-256 of deployed execution code. `audited` is false until external sign-off." },
    { "name": "agentfx_public_agent",     "auth": "none", "readOnly": true,  "destructive": false, "description": "Public profile + verified fill stats for an opt-in handle." },
    { "name": "agentfx_balance",          "auth": "key",  "readOnly": true,  "destructive": false, "description": "Live HL accountValue + withdrawable USDC." },
    { "name": "agentfx_positions",        "auth": "key",  "readOnly": true,  "destructive": false, "description": "Live HL positions for caller's wallet." },
    { "name": "agentfx_enroll_status",    "auth": "key",  "readOnly": true,  "destructive": false, "description": "Re-verify approveAgent + approveBuilderFee on-chain." },
    { "name": "agentfx_trading_status",   "auth": "key",  "readOnly": true,  "destructive": false, "description": "Read kill-switch state. paused=true → only reduce_only orders accepted." },
    { "name": "agentfx_get_policy",       "auth": "key",  "readOnly": true,  "destructive": false, "description": "Read agent governance policy." },
    { "name": "agentfx_get_risk_settings","auth": "key",  "readOnly": true,  "destructive": false, "description": "Read risk-engine thresholds." },
    { "name": "agentfx_reliability",      "auth": "key",  "readOnly": true,  "destructive": false, "description": "Caller's own 30-day reliability (real data only)." },
    { "name": "agentfx_get_intent_log",   "auth": "key",  "readOnly": true,  "destructive": false, "description": "Recent intent fingerprints + outcomes." },
    { "name": "agentfx_list_orders",      "auth": "key",  "readOnly": true,  "destructive": false, "description": "List caller's submitted intents." },
    { "name": "agentfx_simulate_order",   "auth": "key",  "readOnly": true,  "destructive": false, "description": "Pre-trade preflight + policy + anomaly + risk; no submit." },
    { "name": "agentfx_place_order",      "auth": "key",  "readOnly": false, "destructive": true,  "description": "REAL EXECUTION. Flat 1 bps on-chain fee. Idempotent client_oid (24h). Native HL SL/TP triggers in same call. max_slippage_bps cap. Server-side guardrails before signing. Blocked by kill-switch and per-key daily notional cap on opening orders." },
    { "name": "agentfx_cancel_order",     "auth": "key",  "readOnly": false, "destructive": true,  "description": "Cancel working order by intent id." },

    { "name": "agentfx_control",                 "auth": "key",  "readOnly": true,  "destructive": false, "description": "Operator-grade control snapshot: keys (with scope + per-key allowed_symbols/allowed_sides/key_max_leverage/key_max_notional_usd/reduce_only_only/expires_at), kill-switch state, and recent revocation audit." },
    { "name": "agentfx_revoke_all_keys",         "auth": "key",  "readOnly": false, "destructive": true,  "description": "Bulk revoke ALL caller's API keys atomically. Audit-logged. Positions are NOT closed." },
    { "name": "agentfx_emergency_kill",          "auth": "key",  "readOnly": false, "destructive": true,  "description": "EMERGENCY: revoke every API key AND flip the kill-switch to paused in one atomic call. Only reduce-only orders accepted after." },
    { "name": "agentfx_list_receipts",           "auth": "key",  "readOnly": true,  "destructive": false, "description": "List HMAC-signed portable fill receipts. Forward any receipt to a third party — they verify via /v1/receipts/verify (no key needed)." },
    { "name": "agentfx_verify_receipt",          "auth": "none", "readOnly": true,  "destructive": false, "description": "PUBLIC. Verify a portable AgentFX fill receipt (HMAC-SHA256 over canonical JSON)." },
    { "name": "agentfx_receipt_verifier_key",    "auth": "none", "readOnly": true,  "destructive": false, "description": "PUBLIC. Returns issuer/alg/key_fingerprint for receipt verification." },
    { "name": "agentfx_tool_registry",           "auth": "none", "readOnly": true,  "destructive": false, "description": "PUBLIC. Anchored tool registry: Merkle root + leaves + Solana memo tx (mainnet)." },
    { "name": "agentfx_verify_tool_registration","auth": "none", "readOnly": true,  "destructive": false, "description": "PUBLIC. Verify a tool's live input_schema hash matches the anchored leaf + Merkle proof." },
    { "name": "agentfx_guardrails_spec",         "auth": "none", "readOnly": true,  "destructive": false, "description": "PUBLIC. Authoritative guardrail rule book: every deny errorCode with layer + description." },
    { "name": "agentfx_guardrails_audit",        "auth": "key",  "readOnly": true,  "destructive": false, "description": "Recent guardrail DENY events for caller's account (default 24h)." }
  ],
  "openapi": "https://jdufibzebfwymvnyunti.functions.supabase.co/fx-api/v1/openapi.json",
  "tools_spec": "https://solfun.dev/.well-known/agentfx-tools.json"
}