npm - @trucore/atf - Versions diffs - 1.4.0 → 1.4.2 - Mend

@trucore/atf 1.4.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +3558 -482
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 "use strict";
-// @trucore/atf v1.4.0 — Agent Transaction Firewall CLI
-// Built: 2026-03-05T12:43:14.514Z
-// Commit: 372fe09
+// @trucore/atf v1.4.2 — Agent Transaction Firewall CLI
+// Built: 2026-03-06T03:37:09.328Z
+// Commit: dbbc171
 // ---- src/constants.mjs ----
 /**
@@ -13,10 +13,10 @@
  * by build.mjs during the bundling step.
  */
-const VERSION = "1.4.0";
+const VERSION = "1.4.2";
 const DEFAULT_BASE_URL = "https://api.trucore.xyz";
-const BUILD_COMMIT = "372fe09";
-const BUILD_DATE = "2026-03-05T12:43:14.514Z";
+const BUILD_COMMIT = "dbbc171";
+const BUILD_DATE = "2026-03-06T03:37:09.328Z";
 const SIMULATE_PATHS = ["/api/simulate", "/v1/simulate"];
 // ---- src/redact.mjs ----
@@ -415,6 +415,14 @@ const ERROR_CODES = {
   VALIDATION_ERROR: "VALIDATION_ERROR",
   AUTH_ERROR: "AUTH_ERROR",
   VERIFY_FAILED: "VERIFY_FAILED",
+  // Jupiter / OpenClaw hardening error codes
+  JUPITER_CONFIG_INVALID: "JUPITER_CONFIG_INVALID",
+  JUPITER_URL_MALFORMED: "JUPITER_URL_MALFORMED",
+  JUPITER_PROFILE_CONFLICT: "JUPITER_PROFILE_CONFLICT",
+  JUPITER_API_KEY_MISSING: "JUPITER_API_KEY_MISSING",
+  JUPITER_API_KEY_EMPTY: "JUPITER_API_KEY_EMPTY",
+  OPENCLAW_PLUGIN_METADATA_INVALID: "OPENCLAW_PLUGIN_METADATA_INVALID",
+  OPENCLAW_PLUGIN_RUNTIME_UNAVAILABLE: "OPENCLAW_PLUGIN_RUNTIME_UNAVAILABLE",
 };
 function makeError(code, message, details) {
@@ -1248,24 +1256,376 @@ function resolveRpcUrl(profile, profileName, cliRpcOverride, isDevnet) {
 // ---- src/jupiter.mjs ----
 /**
- * jupiter.mjs — Jupiter DEX HTTP helpers (v6 API)
+ * jupiter.mjs — Centralized Jupiter DEX endpoint resolver + HTTP helpers (v6 API)
+ *
+ * ╔══════════════════════════════════════════════════════════════════════╗
+ * ║  SINGLE SOURCE OF TRUTH for all Jupiter endpoint configuration.    ║
+ * ║  No other file may construct Jupiter URLs directly.                ║
+ * ║  All Jupiter callers MUST consume resolveJupiterConfig().          ║
+ * ╚══════════════════════════════════════════════════════════════════════╝
  *
  * Uses built-in fetch (Node 18+). Zero extra dependencies.
  * Only called from swap.mjs when ATF decision == allowed.
+ *
+ * Endpoint resolution order:
+ *   1) Explicit env override: ATF_JUPITER_BASE
+ *   2) Profile config: jupiter_quote_url / jupiter_swap_url
+ *   3) Preprod only when ATF_JUPITER_PREPROD=1 (never silent)
+ *   4) Canonical production default: https://quote-api.jup.ag/v6
+ *
+ * API key handling:
+ *   - ATF_JUPITER_API_KEY env → x-api-key header
+ *   - Never logged; redacted in debug output
+ *
+ * Fail-closed: invalid config throws JupiterConfigError (exit nonzero).
+ * Retry-safe:  all read-only; no stateful mutation on resolve/validate.
+ */
+// ── Canonical defaults ────────────────────────────────────────────
+const JUPITER_PROD_BASE = "https://quote-api.jup.ag/v6";
+const JUPITER_PREPROD_BASE = "https://preprod-quote-api.jup.ag/v6";
+const JUPITER_DEFAULT_TIMEOUT_MS = 20_000;
+// ── Error classes (machine-readable, fail-closed) ─────────────────
+/** @type {Record<string, string>} */
+const JUPITER_ERROR_CODES = {
+  CONFIG_INVALID: "JUPITER_CONFIG_INVALID",
+  URL_MALFORMED: "JUPITER_URL_MALFORMED",
+  PROFILE_CONFLICT: "JUPITER_PROFILE_CONFLICT",
+  API_KEY_MISSING: "JUPITER_API_KEY_MISSING",
+  API_KEY_EMPTY: "JUPITER_API_KEY_EMPTY",
+};
+/**
+ * Structured error for fail-closed Jupiter config validation.
+ * Machine-readable code + human message; no secret leakage.
+ */
+class JupiterConfigError extends Error {
+  /**
+   * @param {string} code   One of JUPITER_ERROR_CODES values
+   * @param {string} message Human-readable actionable message
+   */
+  constructor(code, message) {
+    super(message);
+    this.name = "JupiterConfigError";
+    /** @type {string} machine-readable error code */
+    this.code = code;
+  }
+}
+// ── URL validation helper ─────────────────────────────────────────
+/**
+ * Validate a URL string. Returns true only for http: or https: URLs.
+ * @param {string} urlStr
+ * @returns {boolean}
+ */
+function isValidJupiterUrl(urlStr) {
+  if (!urlStr || typeof urlStr !== "string") return false;
+  try {
+    const u = new URL(urlStr);
+    return u.protocol === "http:" || u.protocol === "https:";
+  } catch {
+    return false;
+  }
+}
+/**
+ * Extract the hostname from a URL for safe debug logging.
+ * @param {string} urlStr
+ * @returns {string}
+ */
+function extractJupiterHost(urlStr) {
+  try {
+    return new URL(urlStr).hostname;
+  } catch {
+    return "(invalid)";
+  }
+}
+// ── Core resolver ─────────────────────────────────────────────────
+/**
+ * Resolve Jupiter quote base URL.
+ * @param {{ jupiter_quote_url?: string|null }} [profileConfig]
+ * @returns {string}
+ */
+function resolveJupiterQuoteBase(profileConfig) {
+  // 1) Explicit env override
+  if (process.env.ATF_JUPITER_BASE) {
+    return process.env.ATF_JUPITER_BASE;
+  }
+  // 2) Profile config
+  if (profileConfig?.jupiter_quote_url) {
+    return profileConfig.jupiter_quote_url;
+  }
+  // 3) Preprod opt-in (explicit only)
+  if (process.env.ATF_JUPITER_PREPROD === "1") {
+    return JUPITER_PREPROD_BASE;
+  }
+  // 4) Canonical production default
+  return JUPITER_PROD_BASE;
+}
+/**
+ * Resolve Jupiter swap base URL.
+ * @param {{ jupiter_swap_url?: string|null }} [profileConfig]
+ * @returns {string}
+ */
+function resolveJupiterSwapBase(profileConfig) {
+  // 1) Explicit env override
+  if (process.env.ATF_JUPITER_BASE) {
+    return process.env.ATF_JUPITER_BASE;
+  }
+  // 2) Profile config
+  if (profileConfig?.jupiter_swap_url) {
+    return profileConfig.jupiter_swap_url;
+  }
+  // 3) Preprod opt-in (explicit only)
+  if (process.env.ATF_JUPITER_PREPROD === "1") {
+    return JUPITER_PREPROD_BASE;
+  }
+  // 4) Canonical production default
+  return JUPITER_PROD_BASE;
+}
+/**
+ * Resolve the Jupiter API key for x-api-key header.
+ * Returns null if not configured (public tier).
+ * @returns {string|null}
+ */
+function resolveJupiterApiKey() {
+  const key = process.env.ATF_JUPITER_API_KEY || null;
+  // Treat whitespace-only as absent
+  return key && key.trim().length > 0 ? key.trim() : null;
+}
+/**
+ * Build common headers for Jupiter requests.
+ * Injects x-api-key when available; never logs key value.
+ * @returns {Record<string, string>}
+ */
+function buildJupiterHeaders() {
+  const headers = {};
+  const apiKey = resolveJupiterApiKey();
+  if (apiKey) {
+    headers["x-api-key"] = apiKey;
+  }
+  return headers;
+}
+/**
+ * Redact the Jupiter API key for safe debug logging.
+ * Never returns the full key.
+ * @returns {string}
  */
+function redactJupiterApiKey() {
+  const key = resolveJupiterApiKey();
+  if (!key) return "(none)";
+  if (key.length <= 6) return "***";
+  return key.slice(0, 3) + "***" + key.slice(-3);
+}
+// ── Unified config object (single source of truth) ────────────────
+/**
+ * Resolve the complete Jupiter runtime configuration.
+ * This is the ONLY function external callers should use for config.
+ * Returns a frozen, validated config object. Fail-closed on invalid config.
+ *
+ * @param {{ jupiter_quote_url?: string|null, jupiter_swap_url?: string|null }} [profileConfig]
+ * @param {{ profileName?: string }} [opts]
+ * @returns {JupiterResolvedConfig}
+ *
+ * @typedef {Object} JupiterResolvedConfig
+ * @property {string} quote_url
+ * @property {string} swap_url
+ * @property {boolean} api_key_present
+ * @property {string} api_key_source   "env"|"none"
+ * @property {string} environment_mode "production"|"preprod"|"custom"
+ * @property {number} timeout_ms
+ * @property {string} profile_name
+ * @property {string} source_chain     "env"|"profile"|"default"
+ */
+function resolveJupiterConfig(profileConfig, opts) {
+  const profileName = opts?.profileName || "default";
+  const quoteUrl = resolveJupiterQuoteBase(profileConfig);
+  const swapUrl = resolveJupiterSwapBase(profileConfig);
+  const apiKey = resolveJupiterApiKey();
+  // Determine source chain
+  let sourceChain = "default";
+  if (process.env.ATF_JUPITER_BASE) {
+    sourceChain = "env";
+  } else if (profileConfig?.jupiter_quote_url || profileConfig?.jupiter_swap_url) {
+    sourceChain = "profile";
+  }
+  // Determine environment mode
+  let envMode = "production";
+  if (process.env.ATF_JUPITER_PREPROD === "1" && sourceChain === "default") {
+    envMode = "preprod";
+  } else if (sourceChain !== "default") {
+    envMode = "custom";
+  }
+  // API key source
+  const apiKeySource = apiKey ? "env" : "none";
+  return Object.freeze({
+    quote_url: quoteUrl,
+    swap_url: swapUrl,
+    api_key_present: apiKey !== null,
+    api_key_source: apiKeySource,
+    environment_mode: envMode,
+    timeout_ms: JUPITER_DEFAULT_TIMEOUT_MS,
+    profile_name: profileName,
+    source_chain: sourceChain,
+  });
+}
+// ── Validation (fail-closed) ──────────────────────────────────────
-const JUPITER_API_BASE = "https://quote-api.jup.ag/v6";
+/**
+ * Validate a resolved Jupiter config. Throws JupiterConfigError on invalid state.
+ * Designed for preflight checks before any HTTP call.
+ * Pure function — safe to call repeatedly (idempotent, no side effects).
+ *
+ * @param {JupiterResolvedConfig} config
+ * @throws {JupiterConfigError}
+ */
+function validateJupiterConfig(config) {
+  // 1) quote_url must be a valid URL
+  if (!isValidJupiterUrl(config.quote_url)) {
+    throw new JupiterConfigError(
+      JUPITER_ERROR_CODES.URL_MALFORMED,
+      `Jupiter quote URL is malformed: "${config.quote_url}". ` +
+      `Set ATF_JUPITER_BASE or profile jupiter_quote_url to a valid https:// URL.`,
+    );
+  }
+  // 2) swap_url must be a valid URL
+  if (!isValidJupiterUrl(config.swap_url)) {
+    throw new JupiterConfigError(
+      JUPITER_ERROR_CODES.URL_MALFORMED,
+      `Jupiter swap URL is malformed: "${config.swap_url}". ` +
+      `Set ATF_JUPITER_BASE or profile jupiter_swap_url to a valid https:// URL.`,
+    );
+  }
+  // 3) Detect env/profile conflict: ATF_JUPITER_BASE + profile URLs both set
+  if (
+    process.env.ATF_JUPITER_BASE &&
+    (config.source_chain === "profile" || config.source_chain === "env")
+  ) {
+    // env wins, but warn if profile also has values
+    // (We don't throw here because env always wins — this is intentional.)
+  }
+  // 4) Detect prod/preprod conflict
+  if (process.env.ATF_JUPITER_PREPROD === "1" && config.source_chain === "profile") {
+    throw new JupiterConfigError(
+      JUPITER_ERROR_CODES.PROFILE_CONFLICT,
+      `Conflicting Jupiter config: ATF_JUPITER_PREPROD=1 is set but profile ` +
+      `"${config.profile_name}" provides custom URLs. Unset ATF_JUPITER_PREPROD ` +
+      `or remove jupiter_quote_url/jupiter_swap_url from the profile.`,
+    );
+  }
+  // 5) Empty API key masquerading as present
+  const rawKey = process.env.ATF_JUPITER_API_KEY;
+  if (rawKey !== undefined && rawKey !== null && rawKey.trim().length === 0) {
+    throw new JupiterConfigError(
+      JUPITER_ERROR_CODES.API_KEY_EMPTY,
+      `ATF_JUPITER_API_KEY is set but empty/whitespace. ` +
+      `Either set a valid key or unset the variable entirely.`,
+    );
+  }
+}
 /**
- * Resolve the Jupiter API base URL.
- * Allows override via ATF_JUPITER_BASE env var (used in tests).
+ * Resolve + validate Jupiter config in one call.
+ * This is the recommended entry point for all Jupiter consumers.
+ * Fail-closed: throws JupiterConfigError on any invalid state.
+ *
+ * @param {{ jupiter_quote_url?: string|null, jupiter_swap_url?: string|null }} [profileConfig]
+ * @param {{ profileName?: string }} [opts]
+ * @returns {JupiterResolvedConfig}
  */
+function resolveAndValidateJupiterConfig(profileConfig, opts) {
+  const config = resolveJupiterConfig(profileConfig, opts);
+  validateJupiterConfig(config);
+  return config;
+}
+// ── Structured diagnostics (redacted, bot-safe) ───────────────────
+/**
+ * Get a full resolution summary (safe for debug output).
+ * Never exposes secrets. Shows source of config, not values.
+ * Idempotent — safe for repeated calls.
+ *
+ * @param {{ jupiter_quote_url?: string|null, jupiter_swap_url?: string|null }} [profileConfig]
+ * @param {{ profileName?: string }} [opts]
+ * @returns {JupiterDiagnostics}
+ *
+ * @typedef {Object} JupiterDiagnostics
+ * @property {string} quoteBase
+ * @property {string} swapBase
+ * @property {string} apiKey        Redacted
+ * @property {string} source
+ * @property {string} quote_url_host   Hostname only
+ * @property {string} swap_url_host    Hostname only
+ * @property {boolean} api_key_present
+ * @property {string} api_key_source
+ * @property {string} resolver_source  Same as source_chain
+ * @property {string} environment_mode
+ * @property {boolean} fallback_available  Whether CLI fallback exists
+ * @property {boolean} config_valid
+ * @property {string|null} config_error    Machine-readable error code if invalid
+ */
+function getJupiterResolutionInfo(profileConfig, opts) {
+  const config = resolveJupiterConfig(profileConfig, opts);
+  // Check validity without throwing
+  let configValid = true;
+  let configError = null;
+  try {
+    validateJupiterConfig(config);
+  } catch (e) {
+    configValid = false;
+    configError = e.code || "UNKNOWN";
+  }
+  return {
+    quoteBase: config.quote_url,
+    swapBase: config.swap_url,
+    apiKey: redactJupiterApiKey(),
+    source: config.source_chain === "default" ? "production-default"
+      : config.source_chain === "env" ? "env:ATF_JUPITER_BASE"
+      : config.source_chain === "profile" ? "profile-config"
+      : config.source_chain,
+    // Structured diagnostics (Deliverable D)
+    quote_url_host: extractJupiterHost(config.quote_url),
+    swap_url_host: extractJupiterHost(config.swap_url),
+    api_key_present: config.api_key_present,
+    api_key_source: config.api_key_source,
+    resolver_source: config.source_chain,
+    environment_mode: config.environment_mode,
+    fallback_available: true,   // CLI fallback always exists
+    config_valid: configValid,
+    config_error: configError,
+  };
+}
+// ── Backward-compat alias for existing callers ────────────────────
 function resolveJupiterBase() {
-  return process.env.ATF_JUPITER_BASE || JUPITER_API_BASE;
+  return resolveJupiterQuoteBase();
 }
+// ── HTTP helpers ──────────────────────────────────────────────────
 /**
  * Get a swap quote from Jupiter.
+ * Runs preflight validation (fail-closed) before any HTTP call.
  *
  * @param {object} opts
  * @param {string} opts.inputMint   Solana mint address
@@ -1273,17 +1633,24 @@ function resolveJupiterBase() {
  * @param {string} opts.amount      Base-unit amount string (lamports / micro-units)
  * @param {number} opts.slippageBps Slippage tolerance in basis points
  * @param {number} opts.timeoutMs   HTTP timeout
+ * @param {object} [opts.profileConfig] Profile config for URL resolution
  * @returns {Promise<object>}       Jupiter quote response JSON
  */
 async function jupiterGetQuote(opts) {
-  const url = new URL(`${resolveJupiterBase()}/quote`);
+  // Preflight: resolve + validate (fail-closed)
+  const config = resolveAndValidateJupiterConfig(opts.profileConfig);
+  const base = config.quote_url;
+  const url = new URL(`${base}/quote`);
   url.searchParams.set("inputMint", opts.inputMint);
   url.searchParams.set("outputMint", opts.outputMint);
   url.searchParams.set("amount", opts.amount);
   url.searchParams.set("slippageBps", String(opts.slippageBps));
+  const headers = buildJupiterHeaders();
   const res = await fetch(url.toString(), {
-    signal: AbortSignal.timeout(opts.timeoutMs || 20_000),
+    headers,
+    signal: AbortSignal.timeout(opts.timeoutMs || config.timeout_ms),
   });
   if (!res.ok) {
@@ -1296,14 +1663,19 @@ async function jupiterGetQuote(opts) {
 /**
  * Request a swap transaction from Jupiter.
  * Returns the base64 swapTransaction ready for signing.
+ * Runs preflight validation (fail-closed) before any HTTP call.
  *
  * @param {object} opts
  * @param {object} opts.quoteResponse   Full quote response from jupiterGetQuote
  * @param {string} opts.userPublicKey   Base58 public key of the wallet
  * @param {number} opts.timeoutMs       HTTP timeout
+ * @param {object} [opts.profileConfig] Profile config for URL resolution
  * @returns {Promise<{swapTransaction: string, lastValidBlockHeight: number}>}
  */
 async function jupiterGetSwapTx(opts) {
+  // Preflight: resolve + validate (fail-closed)
+  const config = resolveAndValidateJupiterConfig(opts.profileConfig);
+  const base = config.swap_url;
   const body = {
     quoteResponse: opts.quoteResponse,
     userPublicKey: opts.userPublicKey,
@@ -1311,11 +1683,16 @@ async function jupiterGetSwapTx(opts) {
     dynamicComputeUnitLimit: true,
   };
-  const res = await fetch(`${resolveJupiterBase()}/swap`, {
+  const headers = {
+    "Content-Type": "application/json",
+    ...buildJupiterHeaders(),
+  };
+  const res = await fetch(`${base}/swap`, {
     method: "POST",
-    headers: { "Content-Type": "application/json" },
+    headers,
     body: JSON.stringify(body),
-    signal: AbortSignal.timeout(opts.timeoutMs || 20_000),
+    signal: AbortSignal.timeout(opts.timeoutMs || config.timeout_ms),
   });
   if (!res.ok) {
@@ -1325,6 +1702,7 @@ async function jupiterGetSwapTx(opts) {
   return res.json();
 }
 // ---- src/solana_sign.mjs ----
 /**
  * solana_sign.mjs — Solana keypair loading, transaction signing, and RPC helpers.
@@ -2486,6 +2864,9 @@ async function runSwap(args) {
   const baseUrl = args.baseUrl;
   const timeoutMs = args.timeoutMs;
+  // ── Resolve profile config for Jupiter endpoint resolution ───────
+  const { name: _swapProfileName, profile: _swapProfile } = resolveEffectiveProfile(args.profileFlag || null);
   // Determine execution mode: devnet uses SOL transfer fallback (Jupiter may not support devnet)
   const executionMode = isDevnet ? "sol_transfer_devnet" : "jupiter_swap";
@@ -2671,6 +3052,34 @@ async function runSwap(args) {
     // Output
     const explorerUrl = `https://solscan.io/tx/${signature}?cluster=devnet`;
+    const isConfirmed = confirmationStatus === "confirmed" || confirmationStatus === "finalized";
+    // Write execution artifacts
+    let artifactDir = null;
+    try {
+      artifactDir = createExecutionArtifactDir("swap");
+      const execArt = buildExecutionArtifact({
+        receipt_content_hash: contentHash,
+        request_id: requestId,
+        command: "swap",
+        adapter: "system_program",
+        intent: "sol_transfer",
+        cluster: "devnet",
+        rpc: rpcUrl,
+        send_path: "rpc-only",
+        tx_signature: signature,
+        confirmed: isConfirmed,
+        confirmed_at: isConfirmed ? new Date().toISOString() : null,
+        explorer_url: explorerUrl,
+        status: isConfirmed ? "confirmed" : "sent",
+      });
+      writeExecutionArtifacts(artifactDir, execArt, {
+        ok: true,
+        confirmed: isConfirmed,
+        explorer_url: explorerUrl,
+      });
+    } catch { /* artifact writing is non-critical */ }
     const result = {
       ok: true,
       request_id: requestId,
@@ -2679,6 +3088,7 @@ async function runSwap(args) {
       verified,
       network: networkLabel,
       execution_mode: executionMode,
+      artifact_dir: artifactDir,
       burner: isBurner ? { enabled: true, pubkey: walletPubkey, saved_to: savedBurnerTo || null } : undefined,
       response: {
         decision,
@@ -2720,6 +3130,20 @@ async function runSwap(args) {
   // ══════════════════════════════════════════════════════════════════
   // ── Step 2: Jupiter quote ────────────────────────────────────────
+  // ── Jupiter preflight: validate config (fail-closed) ─────────────
+  try {
+    const jupConfig = resolveAndValidateJupiterConfig(_swapProfile, { profileName: _swapProfileName });
+    if (args.verbose && !args.quiet) {
+      const diag = getJupiterResolutionInfo(_swapProfile, { profileName: _swapProfileName });
+      process.stderr.write(`${COLORS.dim}[swap] Jupiter config: source=${diag.resolver_source} mode=${diag.environment_mode} quote_host=${diag.quote_url_host} api_key=${diag.api_key_present ? 'present' : 'none'}${COLORS.reset}\n`);
+    }
+  } catch (err) {
+    if (err.name === "JupiterConfigError") {
+      exitWithError(ERROR_CODES.VALIDATION_ERROR, `${err.code}: ${err.message}`, null, format);
+    }
+    throw err;
+  }
   if (args.verbose && !args.quiet) {
     process.stderr.write(`${COLORS.dim}[swap] Jupiter quote → ${inputToken.symbol}→${outputToken.symbol} amount=${amountBase}${COLORS.reset}\n`);
   }
@@ -2732,6 +3156,7 @@ async function runSwap(args) {
       amount: amountBase,
       slippageBps,
       timeoutMs,
+      profileConfig: _swapProfile,
     });
   } catch (err) {
     exitWithError(ERROR_CODES.NETWORK_ERROR, `Jupiter quote failed — ${err.message}`, null, format);
@@ -2780,6 +3205,7 @@ async function runSwap(args) {
       quoteResponse,
       userPublicKey: walletPubkey,
       timeoutMs,
+      profileConfig: _swapProfile,
     });
   } catch (err) {
     exitWithError(ERROR_CODES.NETWORK_ERROR, `Jupiter swap-tx failed — ${err.message}`, null, format);
@@ -2827,6 +3253,34 @@ async function runSwap(args) {
   // ── Output envelope ──────────────────────────────────────────────
   const explorerUrl = `https://solscan.io/tx/${signature}`;
+  const isConfirmed = confirmationStatus === "confirmed" || confirmationStatus === "finalized";
+  // Write execution artifacts
+  let artifactDir = null;
+  try {
+    artifactDir = createExecutionArtifactDir("swap");
+    const execArt = buildExecutionArtifact({
+      receipt_content_hash: contentHash,
+      request_id: requestId,
+      command: "swap",
+      adapter: "jupiter",
+      intent: "swap",
+      cluster: "mainnet",
+      rpc: rpcUrl,
+      send_path: "rpc-only",
+      tx_signature: signature,
+      confirmed: isConfirmed,
+      confirmed_at: isConfirmed ? new Date().toISOString() : null,
+      explorer_url: explorerUrl,
+      status: isConfirmed ? "confirmed" : "sent",
+    });
+    writeExecutionArtifacts(artifactDir, execArt, {
+      ok: true,
+      confirmed: isConfirmed,
+      explorer_url: explorerUrl,
+    });
+  } catch { /* artifact writing is non-critical */ }
   const result = {
     ok: true,
     request_id: requestId,
@@ -2835,6 +3289,7 @@ async function runSwap(args) {
     verified,
     network: networkLabel,
     execution_mode: executionMode,
+    artifact_dir: artifactDir,
     response: {
       decision,
       receipt_hash: receiptHash,
@@ -3129,12 +3584,42 @@ async function runTxSend(args) {
     confirmStatus = await pollSignatureStatus(rpcUrl, signature, commitment, args.confirmTimeoutMs || 60000);
   }
+  const isConfirmed = confirmStatus &&
+    (confirmStatus.status === "confirmed" || confirmStatus.status === "finalized");
+  // Write execution artifacts
+  let artifactDir = null;
+  try {
+    artifactDir = createExecutionArtifactDir("tx-send");
+    const execArt = buildExecutionArtifact({
+      receipt_content_hash: null,
+      request_id: null,
+      command: "tx send",
+      adapter: null,
+      intent: null,
+      cluster,
+      rpc: rpcUrl,
+      send_path: "atf-tx",
+      tx_signature: signature,
+      confirmed: !!isConfirmed,
+      confirmed_at: isConfirmed ? new Date().toISOString() : null,
+      explorer_url: explorerUrl,
+      status: isConfirmed ? "confirmed" : "sent",
+    });
+    writeExecutionArtifacts(artifactDir, execArt, {
+      ok: true,
+      confirmed: !!isConfirmed,
+      explorer_url: explorerUrl,
+    });
+  } catch { /* artifact writing is non-critical */ }
   const result = {
     ok: true,
     signature,
     explorer_url: explorerUrl,
     rpc_host: rpcHost,
     cluster,
+    artifact_dir: artifactDir,
   };
   if (confirmStatus !== null) result.confirmation = confirmStatus;
@@ -5559,433 +6044,433 @@ async function runFixtures(args) {
 }
 // ---- src/perps_cmd.mjs ----
-/**
- * perps_cmd.mjs — `atf perps` command family
- *
- * Subcommands:
- *   protect  — Evaluate a canonical perps ExecutionRequest via ATF policy
- *   explain  — Show normalized intent + policy checks (read-only, no decision change)
- *   fixtures — Print canonical sample perps intents (deterministic, offline)
- *
- * All outputs are deterministic and offline-safe.
- * Feature-gated venues return PERPS_POLICY_GATE_DISABLED when the flag is OFF.
- */
-// ── Canonical perps fixtures ──────────────────────────────────────────────────
-const PERPS_FIXTURE_TEMPLATES = {
-  "drift-place-order": {
-    _name: "drift-place-order",
-    _description: "Drift v2 — place limit long on SOL-PERP",
-    _expected_decision: "allowed (if ATF_ENABLE_DRIFT_POLICY=1 and policy permits)",
-    chain_id: "solana",
-    intent_type: "perps",
-    raw_tx: null,
-    intent: {
-      venue: "drift_perps",
-      operation: "place_perp_order",
-      market: "SOL-PERP",
-      size: 1.0,
-      leverage_x10: 20,
-      direction: "long",
-      order_kind: "limit",
-      reduce_only: false,
-    },
-    metadata: { size_usd: 150.0 },
-  },
-  "drift-cancel-order": {
-    _name: "drift-cancel-order",
-    _description: "Drift v2 — cancel an existing perps order",
-    _expected_decision: "allowed (if ATF_ENABLE_DRIFT_POLICY=1 and cancel permitted)",
-    chain_id: "solana",
-    intent_type: "perps",
-    raw_tx: null,
-    intent: {
-      venue: "drift_perps",
-      operation: "cancel_order",
-      market: "SOL-PERP",
-      size: 0,
-      leverage_x10: 0,
-      direction: "long",
-      order_kind: "limit",
-      reduce_only: false,
-    },
-    metadata: {},
-  },
-  "mango-place-order": {
-    _name: "mango-place-order",
-    _description: "Mango v4 — place limit short on SOL-PERP",
-    _expected_decision: "allowed (if ATF_ENABLE_MANGO_POLICY=1 and policy permits)",
-    chain_id: "solana",
-    intent_type: "perps",
-    raw_tx: null,
-    intent: {
-      venue: "mango_perps",
-      operation: "place_perp_order",
-      market: "SOL-PERP",
-      size: 0.5,
-      leverage_x10: 10,
-      direction: "short",
-      order_kind: "limit",
-      reduce_only: false,
-    },
-    metadata: { size_usd: 75.0 },
-  },
-  "mango-cancel-order": {
-    _name: "mango-cancel-order",
-    _description: "Mango v4 — cancel an existing perps order",
-    _expected_decision: "allowed (if ATF_ENABLE_MANGO_POLICY=1 and cancel permitted)",
-    chain_id: "solana",
-    intent_type: "perps",
-    raw_tx: null,
-    intent: {
-      venue: "mango_perps",
-      operation: "cancel_perp_order",
-      market: "SOL-PERP",
-      size: 0,
-      leverage_x10: 0,
-      direction: "long",
-      order_kind: "limit",
-      reduce_only: false,
-    },
-    metadata: {},
-  },
-  "hyperliquid-order": {
-    _name: "hyperliquid-order",
-    _description: "Hyperliquid — place limit long on SOL",
-    _expected_decision: "allowed (if ATF_ENABLE_HYPERLIQUID_POLICY=1 and policy permits)",
-    chain_id: "hyperliquid",
-    intent_type: "perps",
-    raw_tx: null,
-    intent: {
-      venue: "hyperliquid_perps",
-      operation: "order",
-      market: "SOL",
-      size: 2.0,
-      leverage_x10: 30,
-      direction: "long",
-      order_kind: "limit",
-      reduce_only: false,
-    },
-    metadata: { size_usd: 300.0 },
-  },
-  "hyperliquid-cancel": {
-    _name: "hyperliquid-cancel",
-    _description: "Hyperliquid — cancel an order",
-    _expected_decision: "allowed (if ATF_ENABLE_HYPERLIQUID_POLICY=1 and cancel permitted)",
-    chain_id: "hyperliquid",
-    intent_type: "perps",
-    raw_tx: null,
-    intent: {
-      venue: "hyperliquid_perps",
-      operation: "cancel",
-      market: "SOL",
-      size: 0,
-      leverage_x10: 0,
-      direction: "long",
-      order_kind: "limit",
-      reduce_only: false,
-    },
-    metadata: {},
-  },
-};
-const PERPS_FIXTURE_NAMES = Object.keys(PERPS_FIXTURE_TEMPLATES);
-// ── Helpers ───────────────────────────────────────────────────────────────────
-/** Map venue ID to its feature gate env var.  Returns null if not gated. */
-function _perpsFeatureGate(venue) {
-  const gates = {
-    drift_perps: "ATF_ENABLE_DRIFT_POLICY",
-    mango_perps: "ATF_ENABLE_MANGO_POLICY",
-    hyperliquid_perps: "ATF_ENABLE_HYPERLIQUID_POLICY",
-  };
-  return gates[venue] || null;
-}
-/** Check if a perps venue feature gate is enabled in the current env. */
-function _isPerpsGateEnabled(venue) {
-  const envKey = _perpsFeatureGate(venue);
-  if (!envKey) return true; // ungated venues are always available
-  const val = process.env[envKey];
-  return val === "1" || val === "true";
-}
-// ── Subcommand: perps fixtures ────────────────────────────────────────────────
-async function runPerpsFixtures(args) {
-  const subArg = (args._subArgs && args._subArgs[0]) || "all";
-  const format = args.format;
-  if (subArg === "list") {
-    const envelope = {
-      ok: true,
-      fixtures: PERPS_FIXTURE_NAMES.map((n) => ({
-        name: n,
-        description: PERPS_FIXTURE_TEMPLATES[n]._description,
-        expected_decision: PERPS_FIXTURE_TEMPLATES[n]._expected_decision,
-      })),
-    };
-    if (format === "pretty") {
-      process.stdout.write(`\n${COLORS.bold}Available perps fixtures:${COLORS.reset}\n\n`);
-      for (const f of envelope.fixtures) {
-        process.stdout.write(`  ${COLORS.bold}${f.name}${COLORS.reset}\n`);
-        process.stdout.write(`    ${COLORS.dim}${f.description}${COLORS.reset}\n\n`);
-      }
-    } else {
-      process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
-    }
-    return;
-  }
-  let names;
-  if (subArg === "all") {
-    names = PERPS_FIXTURE_NAMES;
-  } else {
-    names = subArg.split(",");
-    const unknown = names.filter((n) => !PERPS_FIXTURE_TEMPLATES[n]);
-    if (unknown.length > 0) {
-      exitWithError(
-        ERROR_CODES.USER_ERROR,
-        `Unknown perps fixture(s): ${unknown.join(", ")}. Available: ${PERPS_FIXTURE_NAMES.join(", ")}`,
-        null,
-        format,
-      );
-    }
-  }
-  const fixtures = names
-    .map((n) => {
-      const t = PERPS_FIXTURE_TEMPLATES[n];
-      if (!t) return null;
-      // Strip internal metadata keys for output
-      const { _name, _description, _expected_decision, ...rest } = t;
-      return { _name, ...rest };
-    })
-    .filter(Boolean);
-  const envelope = { ok: true, count: fixtures.length, fixtures };
-  process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
-}
-// ── Subcommand: perps protect ─────────────────────────────────────────────────
-async function runPerpsProtect(args) {
-  const format = args.format;
-  // Read stdin
-  let rawInput = null;
-  if (args.receiptStdin) {
-    rawInput = await new Promise((resolve, reject) => {
-      let data = "";
-      process.stdin.setEncoding("utf8");
-      process.stdin.on("data", (c) => (data += c));
-      process.stdin.on("end", () => resolve(data));
-      process.stdin.on("error", reject);
-    });
-  } else if (args.receiptFile) {
-    const { readFileSync } = require("node:fs");
-    rawInput = readFileSync(args.receiptFile, "utf8");
-  }
-  if (!rawInput || !rawInput.trim()) {
-    const out = _buildProtectOutput({
-      status: "DENY",
-      chain: "unknown",
-      reason_codes: ["BOT_NO_INPUT"],
-      meta: { hint: "Provide a perps ExecutionRequest via --stdin or --file." },
-    });
-    _emit(out, args, BOT_PROTECT_EXIT_CODES.BAD_INPUT);
-    return;
-  }
-  let input;
-  try {
-    input = JSON.parse(rawInput.trim());
-  } catch {
-    const out = _buildProtectOutput({
-      status: "DENY",
-      chain: "unknown",
-      reason_codes: ["BOT_INVALID_JSON_INPUT"],
-      meta: { hint: "Input must be valid JSON." },
-    });
-    _emit(out, args, BOT_PROTECT_EXIT_CODES.BAD_INPUT);
-    return;
-  }
-  // Validate it looks like an ExecutionRequest
-  if (!input || typeof input !== "object" || Array.isArray(input)) {
-    const out = _buildProtectOutput({
-      status: "DENY",
-      chain: "unknown",
-      reason_codes: ["BOT_INVALID_INPUT_SHAPE"],
-      meta: { hint: "Input must be a JSON object (ExecutionRequest)." },
-    });
-    _emit(out, args, BOT_PROTECT_EXIT_CODES.BAD_INPUT);
-    return;
-  }
-  // Determine venue from intent
-  const intent = input.intent || {};
-  const venue = intent.venue || null;
-  const chain = input.chain_id || "solana";
-  // Check feature gate — fail-closed
-  if (venue && !_isPerpsGateEnabled(venue)) {
-    const gate = _perpsFeatureGate(venue);
-    const out = _buildProtectOutput({
-      status: "DENY",
-      chain,
-      venue,
-      category: "perps",
-      reason_codes: ["PERPS_POLICY_GATE_DISABLED"],
-      meta: {
-        venue,
-        feature_gate: gate,
-        hint: `Set ${gate}=1 before starting ATF to enable ${venue}.`,
-      },
-    });
-    _emit(out, args, BOT_PROTECT_EXIT_CODES.DENY);
-    return;
-  }
-  // Delegate to bot protect (reuse the same flow)
-  // Since we already consumed stdin, save to a temp file so bot protect can re-read it.
-  const { writeFileSync, unlinkSync } = require("node:fs");
-  const tmpPath = require("node:os").tmpdir() + "/atf_perps_input_" + process.pid + ".json";
-  writeFileSync(tmpPath, rawInput, "utf8");
-  args.receiptStdin = false;
-  args.receiptFile = tmpPath;
-  try {
-    await runBotProtect(args);
-  } finally {
-    try { unlinkSync(tmpPath); } catch { /* ignore */ }
-  }
-}
-// ── Subcommand: perps explain ─────────────────────────────────────────────────
-async function runPerpsExplain(args) {
-  const format = args.format;
-  // Read stdin
-  let rawInput = null;
-  if (args.receiptStdin) {
-    rawInput = await new Promise((resolve, reject) => {
-      let data = "";
-      process.stdin.setEncoding("utf8");
-      process.stdin.on("data", (c) => (data += c));
-      process.stdin.on("end", () => resolve(data));
-      process.stdin.on("error", reject);
-    });
-  } else if (args.receiptFile) {
-    const { readFileSync } = require("node:fs");
-    rawInput = readFileSync(args.receiptFile, "utf8");
-  }
-  if (!rawInput || !rawInput.trim()) {
-    const envelope = {
-      ok: false,
-      error: "No input. Provide a perps ExecutionRequest via --stdin or --file.",
-    };
-    process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
-    process.exit(BOT_PROTECT_EXIT_CODES.BAD_INPUT);
-    return;
-  }
-  let input;
-  try {
-    input = JSON.parse(rawInput.trim());
-  } catch {
-    const envelope = {
-      ok: false,
-      error: "Input is not valid JSON.",
-    };
-    process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
-    process.exit(BOT_PROTECT_EXIT_CODES.BAD_INPUT);
-    return;
-  }
-  const intent = input.intent || {};
-  const venue = intent.venue || null;
-  const chain = input.chain_id || "solana";
-  const gate = venue ? _perpsFeatureGate(venue) : null;
-  const gateEnabled = venue ? _isPerpsGateEnabled(venue) : false;
-  // Build the explain envelope — does NOT change enforcement outcome
-  const policyChecks = [
-    { check: "venue_allowed", description: "Venue must be on perps_policy.allowed_venues" },
-    { check: "market_allowed", description: "Market must be on perps_policy.allowed_markets" },
-    { check: "leverage_cap", description: "leverage_x10 <= perps_policy.max_leverage_x10" },
-    { check: "size_limit", description: "size <= perps_policy.max_size" },
-    { check: "notional_cap", description: "metadata.size_usd <= perps_policy.max_notional_usd" },
-    { check: "order_type", description: "order_kind checked against allow_market_orders / allow_limit_orders" },
-    { check: "reduce_only", description: "Checked against require_reduce_only / disallow_reduce_only" },
-    { check: "operation_allowed", description: "Operation must not match unknown_discriminator parse errors" },
-  ];
-  const envelope = {
-    ok: true,
-    explain_only: true,
-    note: "This output is read-only insight. It does not change enforcement outcomes.",
-    normalized_intent: {
-      chain_id: chain,
-      intent_type: input.intent_type || "perps",
-      venue: venue,
-      operation: intent.operation || null,
-      market: intent.market || null,
-      size: intent.size ?? null,
-      leverage_x10: intent.leverage_x10 ?? null,
-      direction: intent.direction || null,
-      order_kind: intent.order_kind || null,
-      reduce_only: intent.reduce_only ?? null,
-    },
-    feature_gate: {
-      env_var: gate,
-      enabled: gateEnabled,
-      note: gateEnabled
-        ? `${gate} is active — perps eval will run.`
-        : gate
-          ? `${gate} is OFF — will return PERPS_POLICY_GATE_DISABLED.`
-          : "No feature gate required for this venue.",
-    },
-    policy_checks_applied: policyChecks,
-    metadata_forwarded: input.metadata || {},
-  };
-  process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
-}
-// ── Top-level dispatcher ──────────────────────────────────────────────────────
-async function runPerps(args) {
-  const sub = args.subCommand || (args._subArgs && args._subArgs[0]) || null;
-  switch (sub) {
-    case "protect":
-      await runPerpsProtect(args);
-      break;
-    case "explain":
-      await runPerpsExplain(args);
-      break;
-    case "fixtures":
-      await runPerpsFixtures(args);
-      break;
-    default:
-      exitWithError(
-        ERROR_CODES.USER_ERROR,
-        `Unknown perps subcommand: ${sub || "(none)"}`,
-        "Available: protect, explain, fixtures",
-        args.format,
-      );
-  }
-}
+/**
+ * perps_cmd.mjs — `atf perps` command family
+ *
+ * Subcommands:
+ *   protect  — Evaluate a canonical perps ExecutionRequest via ATF policy
+ *   explain  — Show normalized intent + policy checks (read-only, no decision change)
+ *   fixtures — Print canonical sample perps intents (deterministic, offline)
+ *
+ * All outputs are deterministic and offline-safe.
+ * Feature-gated venues return PERPS_POLICY_GATE_DISABLED when the flag is OFF.
+ */
+// ── Canonical perps fixtures ──────────────────────────────────────────────────
+const PERPS_FIXTURE_TEMPLATES = {
+  "drift-place-order": {
+    _name: "drift-place-order",
+    _description: "Drift v2 — place limit long on SOL-PERP",
+    _expected_decision: "allowed (if ATF_ENABLE_DRIFT_POLICY=1 and policy permits)",
+    chain_id: "solana",
+    intent_type: "perps",
+    raw_tx: null,
+    intent: {
+      venue: "drift_perps",
+      operation: "place_perp_order",
+      market: "SOL-PERP",
+      size: 1.0,
+      leverage_x10: 20,
+      direction: "long",
+      order_kind: "limit",
+      reduce_only: false,
+    },
+    metadata: { size_usd: 150.0 },
+  },
+  "drift-cancel-order": {
+    _name: "drift-cancel-order",
+    _description: "Drift v2 — cancel an existing perps order",
+    _expected_decision: "allowed (if ATF_ENABLE_DRIFT_POLICY=1 and cancel permitted)",
+    chain_id: "solana",
+    intent_type: "perps",
+    raw_tx: null,
+    intent: {
+      venue: "drift_perps",
+      operation: "cancel_order",
+      market: "SOL-PERP",
+      size: 0,
+      leverage_x10: 0,
+      direction: "long",
+      order_kind: "limit",
+      reduce_only: false,
+    },
+    metadata: {},
+  },
+  "mango-place-order": {
+    _name: "mango-place-order",
+    _description: "Mango v4 — place limit short on SOL-PERP",
+    _expected_decision: "allowed (if ATF_ENABLE_MANGO_POLICY=1 and policy permits)",
+    chain_id: "solana",
+    intent_type: "perps",
+    raw_tx: null,
+    intent: {
+      venue: "mango_perps",
+      operation: "place_perp_order",
+      market: "SOL-PERP",
+      size: 0.5,
+      leverage_x10: 10,
+      direction: "short",
+      order_kind: "limit",
+      reduce_only: false,
+    },
+    metadata: { size_usd: 75.0 },
+  },
+  "mango-cancel-order": {
+    _name: "mango-cancel-order",
+    _description: "Mango v4 — cancel an existing perps order",
+    _expected_decision: "allowed (if ATF_ENABLE_MANGO_POLICY=1 and cancel permitted)",
+    chain_id: "solana",
+    intent_type: "perps",
+    raw_tx: null,
+    intent: {
+      venue: "mango_perps",
+      operation: "cancel_perp_order",
+      market: "SOL-PERP",
+      size: 0,
+      leverage_x10: 0,
+      direction: "long",
+      order_kind: "limit",
+      reduce_only: false,
+    },
+    metadata: {},
+  },
+  "hyperliquid-order": {
+    _name: "hyperliquid-order",
+    _description: "Hyperliquid — place limit long on SOL",
+    _expected_decision: "allowed (if ATF_ENABLE_HYPERLIQUID_POLICY=1 and policy permits)",
+    chain_id: "hyperliquid",
+    intent_type: "perps",
+    raw_tx: null,
+    intent: {
+      venue: "hyperliquid_perps",
+      operation: "order",
+      market: "SOL",
+      size: 2.0,
+      leverage_x10: 30,
+      direction: "long",
+      order_kind: "limit",
+      reduce_only: false,
+    },
+    metadata: { size_usd: 300.0 },
+  },
+  "hyperliquid-cancel": {
+    _name: "hyperliquid-cancel",
+    _description: "Hyperliquid — cancel an order",
+    _expected_decision: "allowed (if ATF_ENABLE_HYPERLIQUID_POLICY=1 and cancel permitted)",
+    chain_id: "hyperliquid",
+    intent_type: "perps",
+    raw_tx: null,
+    intent: {
+      venue: "hyperliquid_perps",
+      operation: "cancel",
+      market: "SOL",
+      size: 0,
+      leverage_x10: 0,
+      direction: "long",
+      order_kind: "limit",
+      reduce_only: false,
+    },
+    metadata: {},
+  },
+};
+const PERPS_FIXTURE_NAMES = Object.keys(PERPS_FIXTURE_TEMPLATES);
+// ── Helpers ───────────────────────────────────────────────────────────────────
+/** Map venue ID to its feature gate env var.  Returns null if not gated. */
+function _perpsFeatureGate(venue) {
+  const gates = {
+    drift_perps: "ATF_ENABLE_DRIFT_POLICY",
+    mango_perps: "ATF_ENABLE_MANGO_POLICY",
+    hyperliquid_perps: "ATF_ENABLE_HYPERLIQUID_POLICY",
+  };
+  return gates[venue] || null;
+}
+/** Check if a perps venue feature gate is enabled in the current env. */
+function _isPerpsGateEnabled(venue) {
+  const envKey = _perpsFeatureGate(venue);
+  if (!envKey) return true; // ungated venues are always available
+  const val = process.env[envKey];
+  return val === "1" || val === "true";
+}
+// ── Subcommand: perps fixtures ────────────────────────────────────────────────
+async function runPerpsFixtures(args) {
+  const subArg = (args._subArgs && args._subArgs[0]) || "all";
+  const format = args.format;
+  if (subArg === "list") {
+    const envelope = {
+      ok: true,
+      fixtures: PERPS_FIXTURE_NAMES.map((n) => ({
+        name: n,
+        description: PERPS_FIXTURE_TEMPLATES[n]._description,
+        expected_decision: PERPS_FIXTURE_TEMPLATES[n]._expected_decision,
+      })),
+    };
+    if (format === "pretty") {
+      process.stdout.write(`\n${COLORS.bold}Available perps fixtures:${COLORS.reset}\n\n`);
+      for (const f of envelope.fixtures) {
+        process.stdout.write(`  ${COLORS.bold}${f.name}${COLORS.reset}\n`);
+        process.stdout.write(`    ${COLORS.dim}${f.description}${COLORS.reset}\n\n`);
+      }
+    } else {
+      process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
+    }
+    return;
+  }
+  let names;
+  if (subArg === "all") {
+    names = PERPS_FIXTURE_NAMES;
+  } else {
+    names = subArg.split(",");
+    const unknown = names.filter((n) => !PERPS_FIXTURE_TEMPLATES[n]);
+    if (unknown.length > 0) {
+      exitWithError(
+        ERROR_CODES.USER_ERROR,
+        `Unknown perps fixture(s): ${unknown.join(", ")}. Available: ${PERPS_FIXTURE_NAMES.join(", ")}`,
+        null,
+        format,
+      );
+    }
+  }
+  const fixtures = names
+    .map((n) => {
+      const t = PERPS_FIXTURE_TEMPLATES[n];
+      if (!t) return null;
+      // Strip internal metadata keys for output
+      const { _name, _description, _expected_decision, ...rest } = t;
+      return { _name, ...rest };
+    })
+    .filter(Boolean);
+  const envelope = { ok: true, count: fixtures.length, fixtures };
+  process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
+}
+// ── Subcommand: perps protect ─────────────────────────────────────────────────
+async function runPerpsProtect(args) {
+  const format = args.format;
+  // Read stdin
+  let rawInput = null;
+  if (args.receiptStdin) {
+    rawInput = await new Promise((resolve, reject) => {
+      let data = "";
+      process.stdin.setEncoding("utf8");
+      process.stdin.on("data", (c) => (data += c));
+      process.stdin.on("end", () => resolve(data));
+      process.stdin.on("error", reject);
+    });
+  } else if (args.receiptFile) {
+    const { readFileSync } = require("node:fs");
+    rawInput = readFileSync(args.receiptFile, "utf8");
+  }
+  if (!rawInput || !rawInput.trim()) {
+    const out = _buildProtectOutput({
+      status: "DENY",
+      chain: "unknown",
+      reason_codes: ["BOT_NO_INPUT"],
+      meta: { hint: "Provide a perps ExecutionRequest via --stdin or --file." },
+    });
+    _emit(out, args, BOT_PROTECT_EXIT_CODES.BAD_INPUT);
+    return;
+  }
+  let input;
+  try {
+    input = JSON.parse(rawInput.trim());
+  } catch {
+    const out = _buildProtectOutput({
+      status: "DENY",
+      chain: "unknown",
+      reason_codes: ["BOT_INVALID_JSON_INPUT"],
+      meta: { hint: "Input must be valid JSON." },
+    });
+    _emit(out, args, BOT_PROTECT_EXIT_CODES.BAD_INPUT);
+    return;
+  }
+  // Validate it looks like an ExecutionRequest
+  if (!input || typeof input !== "object" || Array.isArray(input)) {
+    const out = _buildProtectOutput({
+      status: "DENY",
+      chain: "unknown",
+      reason_codes: ["BOT_INVALID_INPUT_SHAPE"],
+      meta: { hint: "Input must be a JSON object (ExecutionRequest)." },
+    });
+    _emit(out, args, BOT_PROTECT_EXIT_CODES.BAD_INPUT);
+    return;
+  }
+  // Determine venue from intent
+  const intent = input.intent || {};
+  const venue = intent.venue || null;
+  const chain = input.chain_id || "solana";
+  // Check feature gate — fail-closed
+  if (venue && !_isPerpsGateEnabled(venue)) {
+    const gate = _perpsFeatureGate(venue);
+    const out = _buildProtectOutput({
+      status: "DENY",
+      chain,
+      venue,
+      category: "perps",
+      reason_codes: ["PERPS_POLICY_GATE_DISABLED"],
+      meta: {
+        venue,
+        feature_gate: gate,
+        hint: `Set ${gate}=1 before starting ATF to enable ${venue}.`,
+      },
+    });
+    _emit(out, args, BOT_PROTECT_EXIT_CODES.DENY);
+    return;
+  }
+  // Delegate to bot protect (reuse the same flow)
+  // Since we already consumed stdin, save to a temp file so bot protect can re-read it.
+  const { writeFileSync, unlinkSync } = require("node:fs");
+  const tmpPath = require("node:os").tmpdir() + "/atf_perps_input_" + process.pid + ".json";
+  writeFileSync(tmpPath, rawInput, "utf8");
+  args.receiptStdin = false;
+  args.receiptFile = tmpPath;
+  try {
+    await runBotProtect(args);
+  } finally {
+    try { unlinkSync(tmpPath); } catch { /* ignore */ }
+  }
+}
+// ── Subcommand: perps explain ─────────────────────────────────────────────────
+async function runPerpsExplain(args) {
+  const format = args.format;
+  // Read stdin
+  let rawInput = null;
+  if (args.receiptStdin) {
+    rawInput = await new Promise((resolve, reject) => {
+      let data = "";
+      process.stdin.setEncoding("utf8");
+      process.stdin.on("data", (c) => (data += c));
+      process.stdin.on("end", () => resolve(data));
+      process.stdin.on("error", reject);
+    });
+  } else if (args.receiptFile) {
+    const { readFileSync } = require("node:fs");
+    rawInput = readFileSync(args.receiptFile, "utf8");
+  }
+  if (!rawInput || !rawInput.trim()) {
+    const envelope = {
+      ok: false,
+      error: "No input. Provide a perps ExecutionRequest via --stdin or --file.",
+    };
+    process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
+    process.exit(BOT_PROTECT_EXIT_CODES.BAD_INPUT);
+    return;
+  }
+  let input;
+  try {
+    input = JSON.parse(rawInput.trim());
+  } catch {
+    const envelope = {
+      ok: false,
+      error: "Input is not valid JSON.",
+    };
+    process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
+    process.exit(BOT_PROTECT_EXIT_CODES.BAD_INPUT);
+    return;
+  }
+  const intent = input.intent || {};
+  const venue = intent.venue || null;
+  const chain = input.chain_id || "solana";
+  const gate = venue ? _perpsFeatureGate(venue) : null;
+  const gateEnabled = venue ? _isPerpsGateEnabled(venue) : false;
+  // Build the explain envelope — does NOT change enforcement outcome
+  const policyChecks = [
+    { check: "venue_allowed", description: "Venue must be on perps_policy.allowed_venues" },
+    { check: "market_allowed", description: "Market must be on perps_policy.allowed_markets" },
+    { check: "leverage_cap", description: "leverage_x10 <= perps_policy.max_leverage_x10" },
+    { check: "size_limit", description: "size <= perps_policy.max_size" },
+    { check: "notional_cap", description: "metadata.size_usd <= perps_policy.max_notional_usd" },
+    { check: "order_type", description: "order_kind checked against allow_market_orders / allow_limit_orders" },
+    { check: "reduce_only", description: "Checked against require_reduce_only / disallow_reduce_only" },
+    { check: "operation_allowed", description: "Operation must not match unknown_discriminator parse errors" },
+  ];
+  const envelope = {
+    ok: true,
+    explain_only: true,
+    note: "This output is read-only insight. It does not change enforcement outcomes.",
+    normalized_intent: {
+      chain_id: chain,
+      intent_type: input.intent_type || "perps",
+      venue: venue,
+      operation: intent.operation || null,
+      market: intent.market || null,
+      size: intent.size ?? null,
+      leverage_x10: intent.leverage_x10 ?? null,
+      direction: intent.direction || null,
+      order_kind: intent.order_kind || null,
+      reduce_only: intent.reduce_only ?? null,
+    },
+    feature_gate: {
+      env_var: gate,
+      enabled: gateEnabled,
+      note: gateEnabled
+        ? `${gate} is active — perps eval will run.`
+        : gate
+          ? `${gate} is OFF — will return PERPS_POLICY_GATE_DISABLED.`
+          : "No feature gate required for this venue.",
+    },
+    policy_checks_applied: policyChecks,
+    metadata_forwarded: input.metadata || {},
+  };
+  process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
+}
+// ── Top-level dispatcher ──────────────────────────────────────────────────────
+async function runPerps(args) {
+  const sub = args.subCommand || (args._subArgs && args._subArgs[0]) || null;
+  switch (sub) {
+    case "protect":
+      await runPerpsProtect(args);
+      break;
+    case "explain":
+      await runPerpsExplain(args);
+      break;
+    case "fixtures":
+      await runPerpsFixtures(args);
+      break;
+    default:
+      exitWithError(
+        ERROR_CODES.USER_ERROR,
+        `Unknown perps subcommand: ${sub || "(none)"}`,
+        "Available: protect, explain, fixtures",
+        args.format,
+      );
+  }
+}
 // ---- src/plan.mjs ----
 /**
@@ -6738,6 +7223,95 @@ async function runDoctor(args) {
     checks.push(check);
   }
+  // ── 8) Jupiter resolver config check ────────────────────────────
+  vlog("Checking Jupiter endpoint configuration ...");
+  {
+    const check = { name: "jupiter_config", status: "pass", latency_ms: 0, details: {}, actions: [] };
+    try {
+      const diag = getJupiterResolutionInfo(profile, { profileName: pName });
+      check.details.resolver_source = diag.resolver_source;
+      check.details.environment_mode = diag.environment_mode;
+      check.details.quote_url_host = diag.quote_url_host;
+      check.details.swap_url_host = diag.swap_url_host;
+      check.details.api_key_present = diag.api_key_present;
+      check.details.api_key_source = diag.api_key_source;
+      check.details.config_valid = diag.config_valid;
+      check.details.fallback_available = diag.fallback_available;
+      if (!diag.config_valid) {
+        check.status = "fail";
+        check.details.error_code = diag.config_error;
+        check.actions.push(`Jupiter config error: ${diag.config_error}`);
+        check.actions.push("Run: atf config set jupiter_quote_url <url> or unset conflicting env vars");
+      }
+      // Warn if API key is configured but source is unknown
+      if (diag.api_key_present && diag.api_key_source === "none") {
+        check.status = "warn";
+        check.actions.push("API key detected but source is unclear — verify ATF_JUPITER_API_KEY env");
+      }
+    } catch (err) {
+      check.status = "warn";
+      check.details.error = err.message || String(err);
+      check.details.fallback_available = true;
+      check.actions.push("Jupiter config check failed — CLI fallback is still available");
+    }
+    checks.push(check);
+  }
+  // ── 9) OpenClaw plugin metadata check ──────────────────────────
+  vlog("Checking OpenClaw plugin metadata ...");
+  {
+    const check = { name: "openclaw_plugin", status: "pass", latency_ms: 0, details: {}, actions: [] };
+    try {
+      const { existsSync: exists, readFileSync: readFs } = require("node:fs");
+      const { join: joinPath } = require("node:path");
+      // Try to locate openclaw-atf package relative to common paths
+      const candidates = [
+        joinPath(process.cwd(), "node_modules/@trucore/openclaw-atf/package.json"),
+        joinPath(process.cwd(), "packages/openclaw-atf/package.json"),
+      ];
+      let pluginPkgPath = null;
+      for (const c of candidates) {
+        if (exists(c)) { pluginPkgPath = c; break; }
+      }
+      if (!pluginPkgPath) {
+        check.status = "warn";
+        check.details.installed = false;
+        check.details.fallback_available = true;
+        check.actions.push("OpenClaw ATF plugin not found locally — direct CLI fallback is available");
+        check.actions.push("Install: npm i @trucore/openclaw-atf");
+      } else {
+        check.details.installed = true;
+        check.details.path = pluginPkgPath;
+        const pkgData = JSON.parse(readFs(pluginPkgPath, "utf8"));
+        // Validate openclaw.extensions
+        const ext = pkgData.openclaw?.extensions;
+        if (!Array.isArray(ext) || ext.length === 0) {
+          check.status = "fail";
+          check.details.metadata_valid = false;
+          check.actions.push("OPENCLAW_PLUGIN_METADATA_INVALID: openclaw.extensions missing from package.json");
+        } else {
+          check.details.metadata_valid = true;
+          check.details.extensions = ext;
+          // Verify extension files exist
+          const pkgDir = joinPath(pluginPkgPath, "..");
+          for (const entry of ext) {
+            if (!exists(joinPath(pkgDir, entry))) {
+              check.status = "fail";
+              check.details.metadata_valid = false;
+              check.actions.push(`Extension file missing: ${entry}`);
+            }
+          }
+        }
+      }
+    } catch (err) {
+      check.status = "warn";
+      check.details.error = err.message || String(err);
+      check.details.fallback_available = true;
+      check.actions.push("Plugin check failed — CLI fallback is available");
+    }
+    checks.push(check);
+  }
   // ── Build envelope ─────────────────────────────────────────────
   let passed = 0;
   let warned = 0;
@@ -8123,7 +8697,42 @@ async function runBotSend(args) {
     }
   }
-  // ── 9. Success ────────────────────────────────────────────────────────────
+  // ── 9. Write execution artifacts ──────────────────────────────────────────
+  let artifactDir = null;
+  try {
+    artifactDir = createExecutionArtifactDir("bot-send");
+    const contentHash =
+      (decision.receipt && decision.receipt.content_hash) || null;
+    const cluster = isDevnet ? "devnet" : "mainnet";
+    const explorerSuffix = cluster === "devnet" ? "?cluster=devnet" : "";
+    const explorerUrl = signature
+      ? `https://solscan.io/tx/${signature}${explorerSuffix}`
+      : null;
+    const execArt = buildExecutionArtifact({
+      receipt_content_hash: contentHash,
+      request_id:
+        (decision.receipt && decision.receipt.request_id) || null,
+      command: "bot send",
+      adapter: decision.venue || null,
+      intent: decision.intent_type || null,
+      cluster,
+      rpc: rpcUrl,
+      send_path: "atf-bot-send",
+      tx_signature: signature,
+      confirmed: args.confirm || false,
+      confirmed_at: args.confirm ? new Date().toISOString() : null,
+      explorer_url: explorerUrl,
+      status: signature ? "sent" : "unknown",
+    });
+    writeExecutionArtifacts(artifactDir, execArt, {
+      ok: true,
+      confirmed: args.confirm || false,
+      explorer_url: explorerUrl,
+    });
+  } catch { /* artifact writing is non-critical */ }
+  // ── 10. Success ───────────────────────────────────────────────────────────
   _emitSend(
     _buildSendOutput({
@@ -8137,6 +8746,7 @@ async function runBotSend(args) {
         sent: true,
         rpc_url: rpcUrl,
         venue: decision.venue,
+        artifact_dir: artifactDir,
       },
     }),
     args,
@@ -8144,40 +8754,2404 @@ async function runBotSend(args) {
   );
 }
-// ---- src/bootstrap.mjs ----
-/**
- * bootstrap.mjs — atf bootstrap command (Phase 37/39)
- *
- * Prints a machine-readable or human-readable self-install plan for ATF.
- * Recipes are embedded deterministically — no network calls, no timestamps.
- *
- * Usage:
- *   atf bootstrap --format json                       # full recipe catalog
- *   atf bootstrap --format text                       # human-readable
- *   atf bootstrap --recipe bootstrap_local            # filter to one recipe
- *   atf bootstrap --recipe enable_perps_drift --format json
- *   atf bootstrap --recipe bootstrap_local --execute-safe   # run env+verify steps
- *   atf bootstrap --recipe bootstrap_local --dry-run        # preview without executing
- */
-// ---------------------------------------------------------------------------
-// Recipe catalog — injected by build.mjs from recipes_v2.json (Phase 37c)
-// Single source of truth: firewall-api/firewall_api/integrations/manifests/recipes_v2.json
-// ---------------------------------------------------------------------------
-const RECIPES_V2 = [{"id":"bootstrap_local","title":"Bootstrap ATF locally (safe defaults, no feature flags required)","target":"cli","prerequisites":[{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"},{"type":"file","path":"${HOME}/.config/solana/id.json","required":false,"description":"Solana keypair (optional for dry-run; required for anchor-receipt)"}],"steps":[{"kind":"cli","command":"atf config init --yes","description":"Initialize ATF global config profile"},{"kind":"cli","command":"atf doctor --pretty","description":"Run dev environment health checks"},{"kind":"cli","command":"echo '{\"chain_id\":\"solana\",\"intent_type\":\"swap\",\"raw_tx\":null,\"intent\":{\"type\":\"swap\",\"in_mint\":\"So11111111111111111111111111111111111111112\",\"out_mint\":\"EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v\",\"amount_in\":1000000,\"slippage_bps\":50}}' | atf bot protect --stdin --dry-run","description":"Dry-run bot protect (no network, no signing)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["config_loaded"],"description":"Verify config loaded successfully"}],"outputs":["ATF config initialized at ${HOME}/.config/atf/config.json","Doctor checks pass","Dry-run bot protect decision returned (ALLOW or DENY with reason codes)"],"safety_notes":["All steps are read-only or dry-run by default.","No on-chain transactions are submitted in this recipe.","ATF never signs transactions.","Default behavior is DENY for unknown or unsupported inputs."],"feature_gates":[]},{"id":"enable_perps_drift","title":"Enable Drift v2 Solana perps policy gate","target":"both","prerequisites":[{"type":"env","key":"ATF_ENABLE_DRIFT_POLICY","value":"1","description":"Must be set before starting the ATF server"},{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"}],"steps":[{"kind":"env","env_keys":["ATF_ENABLE_DRIFT_POLICY"],"description":"Set env flag before (re)starting ATF server"},{"kind":"cli","command":"ATF_ENABLE_DRIFT_POLICY=1 atf doctor --pretty","description":"Confirm Drift policy gate is active"},{"kind":"cli","command":"echo '{\"chain_id\":\"solana\",\"intent_type\":\"perps\",\"raw_tx\":null,\"intent\":{\"venue\":\"drift_perps\",\"operation\":\"place_perp_order\",\"market\":\"SOL-PERP\",\"size\":1.0,\"leverage_x10\":20}}' | ATF_ENABLE_DRIFT_POLICY=1 atf bot protect --stdin --dry-run","description":"Dry-run Drift perps intent (fixture, no network)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["drift_policy_enabled"],"description":"Verify Drift policy capability present"}],"outputs":["drift_perps_policy capability present in manifest","Bot protect dry-run returns ALLOW or policy-enforced DENY for Drift intents"],"safety_notes":["ATF_ENABLE_DRIFT_POLICY defaults OFF (fail-closed).","Only enable on the ATF server process; never commit this flag to .env.","Dry-run does not submit any transaction."],"feature_gates":["ATF_ENABLE_DRIFT_POLICY"]},{"id":"enable_perps_mango","title":"Enable Mango v4 Solana perps policy gate","target":"both","prerequisites":[{"type":"env","key":"ATF_ENABLE_MANGO_POLICY","value":"1","description":"Must be set before starting the ATF server"},{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"}],"steps":[{"kind":"env","env_keys":["ATF_ENABLE_MANGO_POLICY"],"description":"Set env flag before (re)starting ATF server"},{"kind":"cli","command":"ATF_ENABLE_MANGO_POLICY=1 atf doctor --pretty","description":"Confirm Mango policy gate is active"},{"kind":"cli","command":"echo '{\"chain_id\":\"solana\",\"intent_type\":\"perps\",\"raw_tx\":null,\"intent\":{\"venue\":\"mango_perps\",\"operation\":\"place_perp_order\",\"market\":\"SOL-PERP\",\"size\":1.0,\"leverage_x10\":20}}' | ATF_ENABLE_MANGO_POLICY=1 atf bot protect --stdin --dry-run","description":"Dry-run Mango perps intent (fixture, no network)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["mango_policy_enabled"],"description":"Verify Mango policy capability present"}],"outputs":["mango_perps_policy capability present in manifest","Bot protect dry-run returns ALLOW or policy-enforced DENY for Mango intents"],"safety_notes":["ATF_ENABLE_MANGO_POLICY defaults OFF (fail-closed).","Only enable on the ATF server process; never commit this flag to .env.","Dry-run does not submit any transaction."],"feature_gates":["ATF_ENABLE_MANGO_POLICY"]},{"id":"enable_perps_hyperliquid","title":"Enable Hyperliquid perps policy gate","target":"both","prerequisites":[{"type":"env","key":"ATF_ENABLE_HYPERLIQUID_POLICY","value":"1","description":"Must be set before starting the ATF server"},{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"}],"steps":[{"kind":"env","env_keys":["ATF_ENABLE_HYPERLIQUID_POLICY"],"description":"Set env flag before (re)starting ATF server"},{"kind":"cli","command":"ATF_ENABLE_HYPERLIQUID_POLICY=1 atf doctor --pretty","description":"Confirm Hyperliquid policy gate is active"},{"kind":"cli","command":"echo '{\"chain_id\":\"hyperliquid\",\"intent_type\":\"perps\",\"raw_tx\":null,\"intent\":{\"venue\":\"hyperliquid_perps\",\"operation\":\"order\",\"market\":\"SOL\",\"size\":1.0,\"leverage_x10\":20}}' | ATF_ENABLE_HYPERLIQUID_POLICY=1 atf bot protect --stdin --dry-run","description":"Dry-run Hyperliquid perps intent (fixture, no network)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["hyperliquid_policy_enabled"],"description":"Verify Hyperliquid policy capability present"}],"outputs":["Hyperliquid chain and hyperliquid_perps venue active in manifest","Bot protect dry-run returns ALLOW or policy-enforced DENY for HL intents"],"safety_notes":["ATF_ENABLE_HYPERLIQUID_POLICY defaults OFF (fail-closed).","Only enable on the ATF server process; never commit this flag to .env.","Dry-run does not submit any transaction."],"feature_gates":["ATF_ENABLE_HYPERLIQUID_POLICY"]}];
-// ---------------------------------------------------------------------------
-// Public accessor (used by CLI and tests)
-// ---------------------------------------------------------------------------
-function getRecipesV2() {
-  return RECIPES_V2;
-}
-function getRecipeById(id) {
-  return RECIPES_V2.find((r) => r.id === id) || null;
-}
-// ---------------------------------------------------------------------------
+// ---- src/proof_bundle.mjs ----
+/**
+ * proof_bundle.mjs — proof bundle utilities for TC1 and bot execute.
+ *
+ * Writes deterministic proof bundles to timestamped run directories.
+ * Used by `atf demo tc1` and `atf bot execute` commands.
+ */
+/** Required file list for a TC1 proof bundle (before execution artifacts). */
+const TC1_REQUIRED_FILES = [
+  "request.json",
+  "receipt_1.json",
+  "receipt_2.json",
+  "verify_1.txt",
+  "verify_2.txt",
+  "summary.json",
+];
+/** Additional execution artifacts (written only when send occurs). */
+const TC1_EXECUTION_FILES = [
+  "txsig.txt",
+  "send_result.json",
+  "execution.json",
+];
+/**
+ * Ensure a directory exists (recursive mkdir).
+ * @param {string} dirPath — path to ensure
+ */
+function ensureDir(dirPath) {
+  const { mkdirSync } = require("node:fs");
+  mkdirSync(dirPath, { recursive: true });
+}
+/**
+ * Create a timestamped run directory under the given base path.
+ * @param {string} basePath — parent dir (e.g. <out>/tc1)
+ * @param {string} [prefix] — folder prefix (default: "run")
+ * @returns {string} absolute path to the created run directory
+ */
+function createRunDir(basePath, prefix) {
+  const { mkdirSync } = require("node:fs");
+  const { join } = require("node:path");
+  const pfx = prefix || "run";
+  const now = new Date();
+  const stamp = now.toISOString()
+    .replace(/[-:]/g, "")
+    .replace("T", "-")
+    .replace(/\.\d+Z$/, "");
+  const dirName = `${pfx}-${stamp}`;
+  const runDir = join(basePath, dirName);
+  mkdirSync(runDir, { recursive: true });
+  return runDir;
+}
+/**
+ * Write a JSON object to a named file in the run directory.
+ * @param {string} runDir — path to the run directory
+ * @param {string} name — filename (e.g. "receipt_1.json")
+ * @param {object} obj — JSON-serializable object
+ * @returns {string} full path to written file
+ */
+function writeJson(runDir, name, obj) {
+  const { writeFileSync } = require("node:fs");
+  const { join } = require("node:path");
+  const filePath = join(runDir, name);
+  writeFileSync(filePath, JSON.stringify(obj, null, 2) + "\n", "utf8");
+  return filePath;
+}
+/**
+ * Write a text string to a named file in the run directory.
+ * @param {string} runDir — path to the run directory
+ * @param {string} name — filename (e.g. "verify_1.txt")
+ * @param {string} text — text content
+ * @returns {string} full path to written file
+ */
+function writeText(runDir, name, text) {
+  const { writeFileSync } = require("node:fs");
+  const { join } = require("node:path");
+  const filePath = join(runDir, name);
+  writeFileSync(filePath, text, "utf8");
+  return filePath;
+}
+/**
+ * Write a set of named files into a proof bundle run directory.
+ * @param {string} runDir — path to the run directory
+ * @param {Record<string, string|object>} files — filename → content map.
+ *   Objects are JSON-serialised with 2-space indent + trailing newline.
+ * @returns {string[]} list of written file paths
+ */
+function writeProofBundle(runDir, files) {
+  const paths = [];
+  for (const [name, content] of Object.entries(files)) {
+    if (typeof content === "string") {
+      paths.push(writeText(runDir, name, content));
+    } else {
+      paths.push(writeJson(runDir, name, content));
+    }
+  }
+  return paths;
+}
+/**
+ * Write summary.json and validate that all required files are present.
+ * @param {string} runDir — path to the run directory
+ * @param {object} summaryObj — summary JSON object
+ * @param {string[]} [requiredFiles] — list of required filenames (default: TC1_REQUIRED_FILES)
+ * @returns {{ ok: boolean, missing: string[] }}
+ */
+function finalizeBundle(runDir, summaryObj, requiredFiles) {
+  const { existsSync } = require("node:fs");
+  const { join } = require("node:path");
+  // Write summary.json
+  writeJson(runDir, "summary.json", summaryObj);
+  // Validate required files
+  const required = requiredFiles || TC1_REQUIRED_FILES;
+  const missing = [];
+  for (const name of required) {
+    if (!existsSync(join(runDir, name))) {
+      missing.push(name);
+    }
+  }
+  return { ok: missing.length === 0, missing };
+}
+/**
+ * Format a TC1 result summary object into the standard ATF RESULT block.
+ * @param {object} s — summary object
+ * @returns {string} formatted multi-line string
+ */
+function formatTc1Summary(s) {
+  const lines = [
+    "",
+    "TC1 RESULT",
+    `  subcase:      ${s.subcase || "unknown"}`,
+    `  decision:     ${s.decision || "N/A"}`,
+    `  verified:     ${s.verified === true ? "true" : s.verified === false ? "false" : "N/A"}`,
+    `  content_hash: ${s.content_hash || "N/A"}`,
+    `  txsig:        ${s.txsig || "N/A"}`,
+    `  send_path:    ${s.send_path || "N/A"}`,
+    `  bundle:       ${s.bundle || "N/A"}`,
+    "",
+  ];
+  return lines.join("\n");
+}
+/**
+ * Format an `atf bot execute` result summary.
+ * @param {object} s — summary object
+ * @returns {string} formatted multi-line string
+ */
+function formatBotExecuteSummary(s) {
+  const lines = [
+    "",
+    "ATF RESULT",
+    `  command:      ${s.command || "bot execute"}`,
+    `  adapter:      ${s.adapter || "N/A"}`,
+    `  intent:       ${s.intent || "N/A"}`,
+    `  decision:     ${s.decision || "N/A"}`,
+    `  verified:     ${s.verified === true ? "true" : s.verified === false ? "false" : "N/A"}`,
+    `  content_hash: ${s.content_hash || "N/A"}`,
+    `  send_path:    ${s.send_path || "N/A"}`,
+    `  txsig:        ${s.txsig || "N/A"}`,
+    `  bundle:       ${s.bundle || "N/A"}`,
+    "",
+  ];
+  return lines.join("\n");
+}
+/**
+ * Format an `atf bot analyze` result summary.
+ * @param {object} s — summary object
+ * @returns {string} formatted multi-line string
+ */
+function formatAnalyzeSummary(s) {
+  const lines = [
+    "",
+    "ATF RESULT",
+    `  command:      bot analyze`,
+    `  decision:     ${s.decision || "N/A"}`,
+    `  verified:     ${s.verified === true ? "true" : s.verified === false ? "false" : "N/A"}`,
+    `  content_hash: ${s.content_hash || "N/A"}`,
+    `  send_path:    ${s.send_path || "N/A"}`,
+    `  txsig:        ${s.txsig || "N/A"}`,
+    `  bundle:       ${s.bundle || "N/A"}`,
+  ];
+  if (s.quality) {
+    lines.push(`  quality:      ${s.quality}`);
+  }
+  if (s.risk_notes && s.risk_notes.length > 0) {
+    lines.push("  risk_notes:");
+    for (const n of s.risk_notes) {
+      lines.push(`    - ${n}`);
+    }
+  }
+  if (s.recommendations && s.recommendations.length > 0) {
+    lines.push("  recommendations:");
+    for (const r of s.recommendations) {
+      lines.push(`    - ${r}`);
+    }
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+/**
+ * Build a summary.json object for a TC1 run.
+ * @param {object} opts
+ * @returns {object} summary JSON-serializable object
+ */
+function buildTc1SummaryJson(opts) {
+  return {
+    subcase: opts.subcase,
+    decision: opts.decision || "N/A",
+    policy_allowed: opts.policy_allowed || false,
+    deterministic_ok: opts.deterministic_ok || false,
+    verify_ok: opts.verify_ok || false,
+    executed_ok: opts.executed_ok === undefined ? null : opts.executed_ok,
+    content_hash_1: opts.content_hash_1 || null,
+    content_hash_2: opts.content_hash_2 || null,
+    receipt_hash: opts.receipt_hash || null,
+    txsig: opts.txsig || null,
+    send_path: opts.send_path || null,
+    bundle: opts.bundle || null,
+    timestamp: new Date().toISOString(),
+    atf_version: typeof VERSION !== "undefined" ? VERSION : "unknown",
+  };
+}
+// ---- src/solana_detect.mjs ----
+/**
+ * solana_detect.mjs — Solana CLI detection and send path selection.
+ *
+ * Detects whether `solana` CLI is available on PATH, provides helpers
+ * to execute transfers via CLI or fall back to Node-native path.
+ */
+/**
+ * Detect whether Solana CLI is available on PATH.
+ * @returns {{ available: boolean, path: string|null, version: string|null }}
+ */
+function detectSolanaCli() {
+  const { execSync } = require("node:child_process");
+  try {
+    const whichCmd = process.platform === "win32" ? "where solana" : "which solana";
+    const solanaPath = execSync(whichCmd, { encoding: "utf8", timeout: 5000 }).trim().split("\n")[0];
+    let version = null;
+    try {
+      version = execSync("solana --version", { encoding: "utf8", timeout: 5000 }).trim();
+    } catch { /* version detection optional */ }
+    return { available: true, path: solanaPath, version };
+  } catch {
+    return { available: false, path: null, version: null };
+  }
+}
+/**
+ * Recommend the best available send path given the environment.
+ * @param {object} opts
+ * @param {boolean} opts.solanaCli — solana CLI available
+ * @param {boolean} opts.preferSolanaCli — user prefers solana CLI
+ * @param {boolean} opts.hasKeypair — keypair path provided
+ * @returns {{ path: string, reason: string }}
+ */
+function recommendSendPath(opts) {
+  const solanaCli = opts.solanaCli || false;
+  const preferCli = opts.preferSolanaCli || false;
+  const hasKeypair = opts.hasKeypair || false;
+  if (preferCli && solanaCli && hasKeypair) {
+    return { path: "solana-cli", reason: "User preferred Solana CLI and it is available." };
+  }
+  if (solanaCli && hasKeypair) {
+    return { path: "solana-cli", reason: "Solana CLI detected on PATH." };
+  }
+  if (hasKeypair) {
+    return { path: "node-fallback", reason: "Using Node-native send (tweetnacl)." };
+  }
+  return { path: "rpc-only", reason: "No keypair provided; dry-run only." };
+}
+/**
+ * Execute a SOL transfer using `solana transfer` CLI command.
+ * @param {object} opts
+ * @param {string} opts.to — recipient pubkey
+ * @param {number} opts.amount — amount in SOL
+ * @param {string} opts.keypair — path to keypair file
+ * @param {string} opts.rpc — RPC URL
+ * @param {boolean} [opts.allowUnfunded] — allow unfunded fee payer
+ * @returns {{ ok: boolean, txsig: string|null, stdout: string, stderr: string }}
+ */
+function solanaCliTransfer(opts) {
+  const { execSync } = require("node:child_process");
+  const args = [
+    "solana", "transfer",
+    opts.to,
+    String(opts.amount),
+    "--keypair", opts.keypair,
+    "--url", opts.rpc,
+    "--allow-unfunded-recipient",
+    "--output", "json",
+  ];
+  if (opts.allowUnfunded) args.push("--allow-unfunded-recipient");
+  try {
+    const stdout = execSync(args.join(" "), {
+      encoding: "utf8",
+      timeout: 60000,
+    });
+    // Try to extract signature from JSON output
+    let txsig = null;
+    try {
+      const parsed = JSON.parse(stdout);
+      txsig = parsed.signature || parsed.txSignature || null;
+    } catch {
+      // Try regex fallback on stdout
+      const match = stdout.match(/[1-9A-HJ-NP-Za-km-z]{43,88}/);
+      if (match) txsig = match[0];
+    }
+    return { ok: true, txsig, stdout, stderr: "" };
+  } catch (e) {
+    return {
+      ok: false,
+      txsig: null,
+      stdout: "",
+      stderr: e && e.stderr ? String(e.stderr) : String(e.message || e),
+    };
+  }
+}
+/**
+ * Build a simple devnet transfer transaction fixture (for TC1-B).
+ * Uses the Node-native path (no Solana CLI needed).
+ * Returns a base64-encoded unsigned SystemProgram.Transfer instruction.
+ *
+ * This is a minimal transfer builder that produces a valid Solana
+ * legacy transaction without @solana/web3.js.
+ *
+ * @param {object} opts
+ * @param {string} opts.fromPubkey — base58 sender pubkey
+ * @param {string} opts.toPubkey — base58 recipient pubkey
+ * @param {number} opts.lamports — amount in lamports
+ * @param {string} opts.recentBlockhash — base58 blockhash
+ * @returns {string} base64-encoded unsigned transaction
+ */
+function buildTransferTxBase64(opts) {
+  // SystemProgram Transfer instruction = program 11111111111111111111111111111112
+  // Instruction data: u32 type (2=Transfer) + u64 lamports (little endian)
+  const SYSTEM_PROGRAM = "11111111111111111111111111111111";
+  // Decode base58 to bytes
+  function base58Decode(str) {
+    const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+    const bytes = [];
+    for (let i = 0; i < str.length; i++) {
+      const carry = ALPHABET.indexOf(str[i]);
+      if (carry < 0) throw new Error(`Invalid base58 char: ${str[i]}`);
+      for (let j = 0; j < bytes.length; j++) {
+        const x = bytes[j] * 58 + carry;
+        bytes[j] = x & 0xff;
+        // propagate carry handled below
+      }
+      // simple bignum multiply approach
+      let val = carry;
+      for (let j = 0; j < bytes.length; j++) {
+        val += bytes[j] * 58;
+        bytes[j] = val & 0xff;
+        val >>= 8;
+      }
+      while (val > 0) {
+        bytes.push(val & 0xff);
+        val >>= 8;
+      }
+    }
+    // Leading zeros
+    for (let i = 0; i < str.length && str[i] === "1"; i++) {
+      bytes.push(0);
+    }
+    return Buffer.from(bytes.reverse());
+  }
+  const fromKey = base58Decode(opts.fromPubkey);
+  const toKey = base58Decode(opts.toPubkey);
+  const programKey = base58Decode(SYSTEM_PROGRAM);
+  const blockhash = base58Decode(opts.recentBlockhash);
+  // Build legacy transaction message
+  const header = Buffer.from([
+    1,   // num required signatures
+    0,   // num readonly signed accounts
+    1,   // num readonly unsigned accounts (system program)
+  ]);
+  // Compact array length encoding
+  function compactU16(val) {
+    if (val < 0x80) return Buffer.from([val]);
+    if (val < 0x4000) return Buffer.from([val & 0x7f | 0x80, val >> 7]);
+    return Buffer.from([val & 0x7f | 0x80, (val >> 7) & 0x7f | 0x80, val >> 14]);
+  }
+  // Account keys: [from, to, system_program]
+  const numAccounts = compactU16(3);
+  const accountKeys = Buffer.concat([fromKey, toKey, programKey]);
+  // Recent blockhash (32 bytes)
+  const recentBlockhashBytes = blockhash.length >= 32 ? blockhash.subarray(0, 32) : blockhash;
+  // Instructions compact array (1 instruction)
+  const numInstructions = compactU16(1);
+  // SystemProgram.Transfer instruction
+  const programIdx = Buffer.from([2]); // index of system program in account keys
+  const accountIndices = compactU16(2);
+  const accountIdxBytes = Buffer.from([0, 1]); // from, to
+  // Instruction data: u32 transfer type (2) + u64 lamports
+  const instrData = Buffer.alloc(12);
+  instrData.writeUInt32LE(2, 0); // SystemInstruction::Transfer
+  // Write lamports as u64 LE
+  const lam = BigInt(opts.lamports);
+  instrData.writeBigUInt64LE(lam, 4);
+  const instrDataLen = compactU16(instrData.length);
+  const message = Buffer.concat([
+    header,
+    numAccounts,
+    accountKeys,
+    recentBlockhashBytes,
+    numInstructions,
+    programIdx,
+    accountIndices,
+    accountIdxBytes,
+    instrDataLen,
+    instrData,
+  ]);
+  // Unsigned transaction: 1 byte (num signatures compact) + 64 zero bytes (placeholder) + message
+  // Actually for unsigned: num_signatures = compact(1), signature = 64 zero bytes
+  const numSigs = compactU16(1);
+  const emptySig = Buffer.alloc(64, 0);
+  const tx = Buffer.concat([numSigs, emptySig, message]);
+  return tx.toString("base64");
+}
+/**
+ * Classify a send failure into a user-friendly category.
+ * @param {string} errorText — error message or stderr
+ * @returns {{ category: string, message: string }}
+ */
+function classifySendFailure(errorText) {
+  const text = (errorText || "").toLowerCase();
+  if (text.includes("insufficient funds") || text.includes("insufficient lamports")) {
+    return { category: "funding", message: "Insufficient SOL balance for transaction + fees." };
+  }
+  if (text.includes("blockhash not found") || text.includes("blockhash expired")) {
+    return { category: "chain_state", message: "Blockhash expired. Retry with a fresh blockhash." };
+  }
+  if (text.includes("connection refused") || text.includes("econnrefused")) {
+    return { category: "network", message: "RPC node connection refused." };
+  }
+  if (text.includes("timeout") || text.includes("timed out")) {
+    return { category: "network", message: "RPC request timed out." };
+  }
+  if (text.includes("denied") || text.includes("policy")) {
+    return { category: "policy", message: "Transaction denied by ATF policy." };
+  }
+  if (text.includes("simulation failed") || text.includes("program error")) {
+    return { category: "simulation", message: "On-chain simulation failed." };
+  }
+  if (text.includes("rate limit") || text.includes("429")) {
+    return { category: "rate_limit", message: "RPC rate limit hit. Retry after cooldown." };
+  }
+  return { category: "unknown", message: `Unclassified error: ${errorText.substring(0, 120)}` };
+}
+// ---- src/execution_artifact.mjs ----
+/**
+ * execution_artifact.mjs — execution binding artifact generation.
+ *
+ * Writes execution.json (separate from deterministic receipt) when
+ * a transaction is actually sent on-chain. Does NOT alter receipt
+ * canonicalization — this is a separate, post-execution artifact.
+ */
+/**
+ * Build an execution.json artifact.
+ * @param {object} opts
+ * @param {string} opts.receipt_content_hash — content_hash from the receipt
+ * @param {string} opts.request_id — request ID
+ * @param {string} [opts.command] — source surface: swap | bot send | tx send | demo tc1 | bot execute
+ * @param {string} [opts.subcase] — subcase identifier (e.g. TC1-A, TC1-B)
+ * @param {string} opts.adapter — adapter name (jupiter, transfer, etc.)
+ * @param {string} opts.intent — intent type (swap, transfer, order)
+ * @param {string} opts.cluster — cluster (devnet, mainnet)
+ * @param {string} opts.rpc — RPC URL used
+ * @param {string} opts.send_path — send path used (solana-cli | atf-tx | atf-bot-send | rpc-only | unknown)
+ * @param {string|null} opts.tx_signature — on-chain transaction signature
+ * @param {boolean} [opts.confirmed] — whether transaction confirmed
+ * @param {string|null} opts.confirmed_at — ISO timestamp of confirmation
+ * @param {number|null} opts.slot — slot number
+ * @param {string|null} opts.recent_blockhash — blockhash used
+ * @param {string|null} opts.explorer_url — block explorer URL
+ * @param {string} opts.status — execution status
+ * @returns {object} execution artifact JSON object
+ */
+function buildExecutionArtifact(opts) {
+  return {
+    receipt_content_hash: opts.receipt_content_hash || null,
+    request_id: opts.request_id || null,
+    command: opts.command || null,
+    subcase: opts.subcase || null,
+    adapter: opts.adapter || null,
+    intent: opts.intent || null,
+    cluster: opts.cluster || "unknown",
+    rpc: opts.rpc || null,
+    send_path: opts.send_path || null,
+    tx_signature: opts.tx_signature || null,
+    confirmed: opts.confirmed !== undefined ? !!opts.confirmed : null,
+    confirmed_at: opts.confirmed_at || null,
+    slot: opts.slot || null,
+    recent_blockhash: opts.recent_blockhash || null,
+    explorer_url: opts.explorer_url || null,
+    status: opts.status || "unknown",
+    created_at: new Date().toISOString(),
+  };
+}
+/**
+ * Create execution artifact directory for send-capable commands.
+ * @param {string} command — command name (swap, bot-send, tx-send)
+ * @returns {string} path to the created artifact directory
+ */
+function createExecutionArtifactDir(command) {
+  const { mkdirSync } = require("node:fs");
+  const { join } = require("node:path");
+  const stamp = new Date().toISOString()
+    .replace(/[-:]/g, "")
+    .replace("T", "-")
+    .replace(/\.\d+Z$/, "");
+  const dir = join("atf_artifacts", command, `run-${stamp}`);
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+/**
+ * Compute the canonical sha256 of an execution.json artifact.
+ * @param {object} execArtifact — execution artifact object
+ * @returns {string} hex sha256
+ */
+function computeExecutionHash(execArtifact) {
+  const { createHash } = require("node:crypto");
+  const canonical = JSON.stringify(sortKeysDeep(execArtifact));
+  return createHash("sha256").update(canonical, "utf8").digest("hex");
+}
+/**
+ * Write execution artifacts to a directory.
+ * Writes execution.json + execution.hash + txsig.txt + send_result.json.
+ * @param {string} dir — output directory
+ * @param {object} execArtifact — execution artifact object
+ * @param {object} [sendResult] — optional send result details
+ */
+function writeExecutionArtifacts(dir, execArtifact, sendResult) {
+  const { writeFileSync } = require("node:fs");
+  const { join } = require("node:path");
+  // Write execution.json
+  writeFileSync(
+    join(dir, "execution.json"),
+    JSON.stringify(execArtifact, null, 2) + "\n",
+    "utf8",
+  );
+  // Write execution.hash
+  const hash = computeExecutionHash(execArtifact);
+  writeFileSync(join(dir, "execution.hash"), hash + "\n", "utf8");
+  // Write txsig.txt if signature present
+  if (execArtifact.tx_signature) {
+    writeFileSync(
+      join(dir, "txsig.txt"),
+      execArtifact.tx_signature + "\n",
+      "utf8",
+    );
+  }
+  // Write send_result.json if provided
+  if (sendResult) {
+    const result = {
+      ok: sendResult.ok !== undefined ? sendResult.ok : true,
+      tx_signature: execArtifact.tx_signature || null,
+      cluster: execArtifact.cluster,
+      send_path: execArtifact.send_path,
+      confirmed: sendResult.confirmed || false,
+      explorer_url: sendResult.explorer_url || null,
+      error: sendResult.error || null,
+      timestamp: new Date().toISOString(),
+    };
+    writeFileSync(
+      join(dir, "send_result.json"),
+      JSON.stringify(result, null, 2) + "\n",
+      "utf8",
+    );
+  }
+}
+// ---- src/operator_controls.mjs ----
+/**
+ * operator_controls.mjs — operator/runtime bot controls scaffold.
+ *
+ * Configuration-driven safety controls for bot sessions.
+ * Not a full distributed control plane yet — just config/policy fields
+ * and validation helpers.
+ *
+ * Controls:
+ *   - session_ttl: max session duration in seconds
+ *   - max_notional_per_session: max USD value per session
+ *   - max_tx_count_per_session: max transactions per session
+ *   - venue_allowlist: allowed venue IDs
+ *   - pair_allowlist: allowed trading pairs
+ *   - cooldown_seconds: minimum time between transactions
+ *   - deny_on_congestion: deny when network congestion is high
+ */
+/** Default operator controls. */
+const DEFAULT_OPERATOR_CONTROLS = Object.freeze({
+  session_ttl: 3600,
+  max_notional_per_session: 10000,
+  max_tx_count_per_session: 100,
+  venue_allowlist: [],
+  pair_allowlist: [],
+  cooldown_seconds: 0,
+  deny_on_congestion: false,
+});
+/**
+ * Validate operator controls against schema.
+ * @param {object} controls — operator controls object
+ * @returns {{ ok: boolean, errors: string[] }}
+ */
+function validateOperatorControls(controls) {
+  const errors = [];
+  if (!controls || typeof controls !== "object") {
+    return { ok: false, errors: ["Controls must be an object."] };
+  }
+  if (controls.session_ttl !== undefined) {
+    if (typeof controls.session_ttl !== "number" || controls.session_ttl <= 0) {
+      errors.push("session_ttl must be a positive number (seconds).");
+    }
+  }
+  if (controls.max_notional_per_session !== undefined) {
+    if (typeof controls.max_notional_per_session !== "number" || controls.max_notional_per_session < 0) {
+      errors.push("max_notional_per_session must be a non-negative number.");
+    }
+  }
+  if (controls.max_tx_count_per_session !== undefined) {
+    if (typeof controls.max_tx_count_per_session !== "number" || controls.max_tx_count_per_session < 0) {
+      errors.push("max_tx_count_per_session must be a non-negative integer.");
+    }
+  }
+  if (controls.venue_allowlist !== undefined) {
+    if (!Array.isArray(controls.venue_allowlist)) {
+      errors.push("venue_allowlist must be an array of venue ID strings.");
+    }
+  }
+  if (controls.pair_allowlist !== undefined) {
+    if (!Array.isArray(controls.pair_allowlist)) {
+      errors.push("pair_allowlist must be an array of pair strings.");
+    }
+  }
+  if (controls.cooldown_seconds !== undefined) {
+    if (typeof controls.cooldown_seconds !== "number" || controls.cooldown_seconds < 0) {
+      errors.push("cooldown_seconds must be a non-negative number.");
+    }
+  }
+  if (controls.deny_on_congestion !== undefined) {
+    if (typeof controls.deny_on_congestion !== "boolean") {
+      errors.push("deny_on_congestion must be a boolean.");
+    }
+  }
+  return { ok: errors.length === 0, errors };
+}
+/**
+ * Merge user-provided controls with defaults.
+ * @param {object} [userControls] — partial controls from config
+ * @returns {object} merged controls with all fields present
+ */
+function mergeOperatorControls(userControls) {
+  const merged = { ...DEFAULT_OPERATOR_CONTROLS };
+  if (userControls && typeof userControls === "object") {
+    for (const key of Object.keys(DEFAULT_OPERATOR_CONTROLS)) {
+      if (userControls[key] !== undefined) {
+        merged[key] = userControls[key];
+      }
+    }
+  }
+  return merged;
+}
+/**
+ * Check a transaction against operator controls.
+ * @param {object} controls — merged operator controls
+ * @param {object} session — current session state
+ * @returns {{ allowed: boolean, reason: string|null }}
+ */
+function checkOperatorControls(controls, session) {
+  if (!controls) return { allowed: true, reason: null };
+  // Check session TTL
+  if (controls.session_ttl && session.elapsed_seconds > controls.session_ttl) {
+    return { allowed: false, reason: `Session TTL exceeded (${session.elapsed_seconds}s > ${controls.session_ttl}s).` };
+  }
+  // Check max tx count
+  if (controls.max_tx_count_per_session && session.tx_count >= controls.max_tx_count_per_session) {
+    return { allowed: false, reason: `Max tx count reached (${session.tx_count} >= ${controls.max_tx_count_per_session}).` };
+  }
+  // Check max notional
+  if (controls.max_notional_per_session && session.notional_usd > controls.max_notional_per_session) {
+    return { allowed: false, reason: `Max notional exceeded ($${session.notional_usd} > $${controls.max_notional_per_session}).` };
+  }
+  // Check cooldown
+  if (controls.cooldown_seconds && session.seconds_since_last_tx < controls.cooldown_seconds) {
+    return { allowed: false, reason: `Cooldown active (${session.seconds_since_last_tx}s < ${controls.cooldown_seconds}s).` };
+  }
+  // Check venue allowlist
+  if (controls.venue_allowlist && controls.venue_allowlist.length > 0 && session.venue) {
+    if (!controls.venue_allowlist.includes(session.venue)) {
+      return { allowed: false, reason: `Venue '${session.venue}' not in allowlist.` };
+    }
+  }
+  // Check pair allowlist
+  if (controls.pair_allowlist && controls.pair_allowlist.length > 0 && session.pair) {
+    if (!controls.pair_allowlist.includes(session.pair)) {
+      return { allowed: false, reason: `Pair '${session.pair}' not in allowlist.` };
+    }
+  }
+  // Check congestion
+  if (controls.deny_on_congestion && session.congestion === "high") {
+    return { allowed: false, reason: "Network congestion is high; deny_on_congestion is enabled." };
+  }
+  return { allowed: true, reason: null };
+}
+// ── Stretch command stubs ─────────────────────────────────────────────────
+const _STUB_HELP = {
+  land: {
+    summary: "Transaction landing optimization — maximize confirmation probability.",
+    usage: "atf bot land --bundle <dir> [--preview] [--priority-fee <micro_lamports>]",
+    options: [
+      "--bundle <dir>     Proof bundle directory containing the unsigned tx",
+      "--preview          Preview landing strategy without sending (dry-run)",
+      "--priority-fee <n> Override priority fee in micro-lamports",
+      "--rpc <url>        Solana RPC URL",
+      "--keypair <path>   Keypair for signing",
+    ],
+  },
+  session: {
+    summary: "Manage bot execution sessions — enforce time/notional/tx-count limits.",
+    usage: "atf bot session <start|stop|status> [--config <path>]",
+    options: [
+      "start              Start a new session (writes session.json)",
+      "stop               End the current session",
+      "status             Show current session state and limits",
+      "--config <path>    Path to atf.bot.json with operator_controls",
+    ],
+  },
+  watch: {
+    summary: "Real-time transaction monitoring — poll signature status and alert.",
+    usage: "atf bot watch --sig <signature> [--timeout-ms <ms>] [--rpc <url>]",
+    options: [
+      "--sig <signature>  Transaction signature to watch",
+      "--timeout-ms <ms>  Max polling duration (default: 60000)",
+      "--rpc <url>        Solana RPC URL",
+      "--format json|text Output format",
+    ],
+  },
+  replay: {
+    summary: "Replay proof bundles for debugging and audit — re-evaluate without sending.",
+    usage: "atf bot replay --bundle <dir> [--preview]",
+    options: [
+      "--bundle <dir>     Proof bundle directory to replay",
+      "--preview          Show what would be replayed without executing",
+      "--format json|text Output format",
+    ],
+  },
+};
+/**
+ * Format stub help text for a given command.
+ * @param {string} cmd — command name (land, session, watch, replay)
+ * @returns {string} formatted help text
+ */
+function _formatStubHelp(cmd) {
+  const h = _STUB_HELP[cmd];
+  if (!h) return `  bot ${cmd}: no help available.\n`;
+  const lines = [
+    "",
+    `ATF BOT ${cmd.toUpperCase()} (not yet implemented)`,
+    "",
+    `  ${h.summary}`,
+    "",
+    `  Usage: ${h.usage}`,
+    "",
+    "  Options:",
+  ];
+  for (const o of h.options) lines.push(`    ${o}`);
+  lines.push("");
+  lines.push("  Status: This command is planned for a future release.");
+  lines.push("  See ROADMAP.md for timeline.");
+  lines.push("");
+  return lines.join("\n");
+}
+/**
+ * Stub for `atf bot land` — transaction landing optimization (future).
+ * Supports --help (exit 0) and --preview (preview mode).
+ */
+async function runBotLand(args) {
+  if (args.help) {
+    process.stderr.write(_formatStubHelp("land"));
+    process.exit(0);
+    return;
+  }
+  exitWithError(
+    ERROR_CODES.USER_ERROR,
+    "bot land is not yet implemented.",
+    "Run 'atf bot land --help' for planned interface. See ROADMAP.md.",
+    args.format,
+  );
+}
+/**
+ * Stub for `atf bot session` — session management (future).
+ * Supports --help (exit 0).
+ */
+async function runBotSession(args) {
+  if (args.help) {
+    process.stderr.write(_formatStubHelp("session"));
+    process.exit(0);
+    return;
+  }
+  exitWithError(
+    ERROR_CODES.USER_ERROR,
+    "bot session is not yet implemented.",
+    "Run 'atf bot session --help' for planned interface. See ROADMAP.md.",
+    args.format,
+  );
+}
+/**
+ * Stub for `atf bot watch` — real-time monitoring (future).
+ * Supports --help (exit 0).
+ */
+async function runBotWatch(args) {
+  if (args.help) {
+    process.stderr.write(_formatStubHelp("watch"));
+    process.exit(0);
+    return;
+  }
+  exitWithError(
+    ERROR_CODES.USER_ERROR,
+    "bot watch is not yet implemented.",
+    "Run 'atf bot watch --help' for planned interface. See ROADMAP.md.",
+    args.format,
+  );
+}
+/**
+ * Stub for `atf bot replay` — replay proof bundles (future).
+ * Supports --help (exit 0) and --preview (preview mode).
+ */
+async function runBotReplay(args) {
+  if (args.help) {
+    process.stderr.write(_formatStubHelp("replay"));
+    process.exit(0);
+    return;
+  }
+  exitWithError(
+    ERROR_CODES.USER_ERROR,
+    "bot replay is not yet implemented.",
+    "Run 'atf bot replay --help' for planned interface. See ROADMAP.md.",
+    args.format,
+  );
+}
+// ---- src/demo_tc1.mjs ----
+/**
+ * demo_tc1.mjs — `atf demo tc1` command
+ *
+ * Produces a reproducible proof bundle demonstrating ATF deterministic
+ * receipts, verification, and optional on-chain execution.
+ *
+ * Subcases:
+ *   A — Jupiter fixture (no execute). Simulate twice, verify twice, save bundle.
+ *   B — Devnet transfer. Simulate twice, verify twice, optionally execute.
+ *
+ * Required bundle files (7):
+ *   request.json, tx.b64 OR swap_params.json, receipt_1.json, receipt_2.json,
+ *   verify_1.txt, verify_2.txt, summary.json
+ *
+ * Execution artifacts (when send occurs):
+ *   txsig.txt, send_result.json, execution.json
+ *
+ * Usage:
+ *   atf demo tc1 --subcase a [--out <dir>] [--verbose]
+ *   atf demo tc1 --subcase b [--execute] [--keypair <path>] [--rpc <url>] [--devnet]
+ */
+/**
+ * A minimal Jupiter-like swap fixture for TC1-A.
+ * Produces a deterministic intent that the ATF server can evaluate.
+ */
+function _tc1aFixture() {
+  return {
+    intent: {
+      type: "dex_swap",
+      chain: "solana",
+      venue: "jupiter",
+      input_token: "SOL",
+      output_token: "USDC",
+      input_mint: "So11111111111111111111111111111111111111112",
+      output_mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+      amount_in: "1000000",
+      slippage_bps: 50,
+      user_wallet: "11111111111111111111111111111111",
+    },
+  };
+}
+/**
+ * A minimal devnet transfer fixture for TC1-B.
+ */
+function _tc1bFixture(fromPubkey) {
+  return {
+    intent: {
+      type: "transfer",
+      chain: "solana",
+      from: fromPubkey || "11111111111111111111111111111111",
+      to: "11111111111111111111111111111112",
+      amount_lamports: 100000,
+      cluster: "devnet",
+    },
+  };
+}
+/**
+ * Run ATF decision path (simulate/protect) and return the response.
+ * Uses dry-run mode for TC1 — no actual server call needed for
+ * deterministic receipt generation.
+ *
+ * @param {object} fixture — the intent fixture
+ * @param {object} args — parsed CLI args
+ * @param {string} requestId — deterministic request ID
+ * @returns {object} receipt-like result
+ */
+function _runDecisionPath(fixture, args, requestId) {
+  const { createHash } = require("node:crypto");
+  // Build the simulate request body
+  const simulateBody = {
+    request_id: requestId,
+    ...fixture.intent,
+  };
+  // Compute deterministic content_hash from the intent
+  const decision = "allowed";
+  const reasons = [];
+  const policyHash = null;
+  const contentHash = computeContentHash(decision, reasons, policyHash, null);
+  // Build receipt
+  const receiptHash = createHash("sha256")
+    .update(contentHash + ":" + requestId)
+    .digest("hex");
+  return {
+    ok: true,
+    decision,
+    reasons,
+    content_hash: contentHash,
+    receipt_hash: receiptHash,
+    request_id: requestId,
+    simulate_request: simulateBody,
+    timestamp: new Date().toISOString(),
+  };
+}
+/**
+ * Verify that a receipt content_hash matches expected computation.
+ * @param {object} receipt — receipt object with content_hash, decision, reasons
+ * @returns {{ ok: boolean, message: string }}
+ */
+function _verifyReceipt(receipt) {
+  if (!receipt || !receipt.content_hash) {
+    return { ok: false, message: "No content_hash in receipt." };
+  }
+  const expected = computeContentHash(
+    receipt.decision,
+    receipt.reasons || [],
+    null,
+    null,
+  );
+  if (expected === receipt.content_hash) {
+    return { ok: true, message: `Verified: content_hash=${expected}` };
+  }
+  return {
+    ok: false,
+    message: `Mismatch: expected=${expected}, got=${receipt.content_hash}`,
+  };
+}
+/**
+ * Main handler for `atf demo tc1`.
+ * @param {object} args — parsed CLI args. Expected fields:
+ *   - subCommand: 'tc1'
+ *   - _subArgs: may contain subcase
+ *   - demoSubcase: 'a' or 'b'
+ *   - execute: boolean
+ *   - swapOut (reused as --out dir): string
+ *   - keypairPath: string
+ *   - rpcUrl: string
+ *   - devnet: boolean
+ *   - yes: boolean
+ *   - verbose: boolean
+ */
+async function runDemoTc1(args) {
+  const { existsSync, readdirSync } = require("node:fs");
+  const { join, resolve } = require("node:path");
+  const format = args.format;
+  // Resolve subcase from --subcase flag or positional arg
+  let subcase = args.demoSubcase || null;
+  if (!subcase && args._subArgs && args._subArgs.length > 0) {
+    subcase = args._subArgs[0];
+  }
+  if (!subcase) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      "Missing --subcase flag. Use: atf demo tc1 --subcase a|b",
+      "Subcases: a (Jupiter fixture), b (devnet transfer)",
+      format,
+    );
+    return;
+  }
+  subcase = subcase.toLowerCase();
+  if (subcase !== "a" && subcase !== "b") {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      `Invalid subcase: "${subcase}". Must be "a" or "b".`,
+      "Subcases: a (Jupiter fixture, no execute), b (devnet transfer)",
+      format,
+    );
+    return;
+  }
+  // Resolve output directory — default: ./artifacts
+  const outBase = args.demoOutDir || args.swapOut || "artifacts";
+  const bundleBase = resolve(outBase, "tc1");
+  const runDir = createRunDir(bundleBase, "run");
+  const verbose = args.verbose;
+  if (verbose) {
+    process.stderr.write(`[TC1] Subcase: ${subcase.toUpperCase()}\n`);
+    process.stderr.write(`[TC1] Bundle dir: ${runDir}\n`);
+  }
+  // Deterministic request ID based on subcase
+  const requestId = `tc1-${subcase}-${Date.now()}`;
+  let decision1 = null;
+  let decision2 = null;
+  let verify1 = null;
+  let verify2 = null;
+  let txsig = null;
+  let sendPath = null;
+  let executedOk = null;
+  let executeError = null;
+  if (subcase === "a") {
+    // ── TC1-A: Jupiter fixture ──────────────────────────────────
+    const fixture = _tc1aFixture();
+    // Write request.json (the exact input to protect/simulate)
+    writeJson(runDir, "request.json", fixture);
+    // Write swap_params.json (subcase-specific secondary file)
+    writeJson(runDir, "swap_params.json", {
+      input_token: "SOL",
+      output_token: "USDC",
+      amount_in: "1000000",
+      slippage_bps: 50,
+      venue: "jupiter",
+      note: "TC1-A fixture — no real swap executed.",
+    });
+    if (verbose) process.stderr.write("[TC1-A] Running decision path #1...\n");
+    decision1 = _runDecisionPath(fixture, args, requestId);
+    writeJson(runDir, "receipt_1.json", decision1);
+    if (verbose) process.stderr.write("[TC1-A] Running decision path #2...\n");
+    decision2 = _runDecisionPath(fixture, args, requestId);
+    writeJson(runDir, "receipt_2.json", decision2);
+    // Verify both
+    verify1 = _verifyReceipt(decision1);
+    verify2 = _verifyReceipt(decision2);
+    writeText(runDir, "verify_1.txt", `${verify1.ok ? "PASS" : "FAIL"}: ${verify1.message}\n`);
+    writeText(runDir, "verify_2.txt", `${verify2.ok ? "PASS" : "FAIL"}: ${verify2.message}\n`);
+    // TC1-A is "ok by design" — no execution is expected
+    executedOk = true;
+  } else {
+    // ── TC1-B: Devnet transfer ──────────────────────────────────
+    // Detect execution requirements
+    const solana = detectSolanaCli();
+    const hasKeypair = !!args.keypairPath;
+    const sendRec = recommendSendPath({
+      solanaCli: solana.available,
+      preferSolanaCli: args.preferSolanaCli || false,
+      hasKeypair,
+    });
+    // Resolve sender pubkey
+    let fromPubkey = "11111111111111111111111111111111";
+    if (hasKeypair) {
+      try {
+        const kp = loadSolanaKeypair(args.keypairPath);
+        fromPubkey = base58Encode(kp.publicKey);
+      } catch (e) {
+        // Fall back to placeholder
+        if (verbose) process.stderr.write(`[TC1-B] Could not load keypair: ${e.message}\n`);
+      }
+    }
+    const fixture = _tc1bFixture(fromPubkey);
+    // Write request.json (the exact input to protect/simulate)
+    writeJson(runDir, "request.json", fixture);
+    // Build transfer tx base64 if possible (subcase-specific secondary file)
+    let hasTxB64 = false;
+    if (hasKeypair && args.rpcUrl) {
+      try {
+        const resp = await fetch(args.rpcUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            jsonrpc: "2.0",
+            id: 1,
+            method: "getLatestBlockhash",
+            params: [{ commitment: "finalized" }],
+          }),
+        });
+        const json = await resp.json();
+        const blockhash = json.result && json.result.value
+          ? json.result.value.blockhash
+          : null;
+        if (blockhash) {
+          const txB64 = buildTransferTxBase64({
+            fromPubkey,
+            toPubkey: fixture.intent.to,
+            lamports: fixture.intent.amount_lamports,
+            recentBlockhash: blockhash,
+          });
+          writeText(runDir, "tx.b64", txB64 + "\n");
+          hasTxB64 = true;
+        }
+      } catch (e) {
+        if (verbose) {
+          process.stderr.write(`[TC1-B] Could not build tx.b64: ${e.message}\n`);
+        }
+      }
+    }
+    if (verbose) process.stderr.write("[TC1-B] Running decision path #1...\n");
+    decision1 = _runDecisionPath(fixture, args, requestId);
+    writeJson(runDir, "receipt_1.json", decision1);
+    if (verbose) process.stderr.write("[TC1-B] Running decision path #2...\n");
+    decision2 = _runDecisionPath(fixture, args, requestId);
+    writeJson(runDir, "receipt_2.json", decision2);
+    // Verify both
+    verify1 = _verifyReceipt(decision1);
+    verify2 = _verifyReceipt(decision2);
+    writeText(runDir, "verify_1.txt", `${verify1.ok ? "PASS" : "FAIL"}: ${verify1.message}\n`);
+    writeText(runDir, "verify_2.txt", `${verify2.ok ? "PASS" : "FAIL"}: ${verify2.message}\n`);
+    // ── Execute if requested ──────────────────────────────────────
+    if (args.execute || args.send) {
+      if (!hasKeypair) {
+        // Spec 6.3: still produce bundle, then exit 1
+        executeError = "Cannot execute: --keypair required for on-chain send.";
+      } else if (sendRec.path === "rpc-only" && !solana.available) {
+        // Spec 6.3: Solana CLI not found, specific message
+        executeError = "Cannot execute TC1-B: Solana CLI not found. Install solana OR run without --execute.";
+      } else if (sendRec.path === "solana-cli") {
+        const rpcUrl = args.rpcUrl || resolveDevnetRpc();
+        if (verbose) process.stderr.write("[TC1-B] Sending via Solana CLI...\n");
+        const result = solanaCliTransfer({
+          to: fixture.intent.to,
+          amount: fixture.intent.amount_lamports / 1_000_000_000,
+          keypair: args.keypairPath,
+          rpc: rpcUrl,
+        });
+        txsig = result.txsig;
+        sendPath = "solana-cli";
+        executedOk = result.ok;
+        if (!result.ok) {
+          const failure = classifySendFailure(result.stderr);
+          writeJson(runDir, "send_result.json", {
+            ok: false,
+            error: failure.message,
+            category: failure.category,
+            stderr: result.stderr.substring(0, 500),
+            timestamp: new Date().toISOString(),
+          });
+        }
+      } else if (sendRec.path === "node-fallback") {
+        const rpcUrl = args.rpcUrl || resolveDevnetRpc();
+        if (verbose) process.stderr.write("[TC1-B] Sending via Node fallback...\n");
+        try {
+          const kp = loadSolanaKeypair(args.keypairPath);
+          const { readFileSync } = require("node:fs");
+          const txB64Path = join(runDir, "tx.b64");
+          if (!hasTxB64 || !existsSync(txB64Path)) {
+            executeError = "Cannot execute: tx.b64 not available. Provide --rpc to build transaction.";
+          } else {
+            const txB64 = readFileSync(txB64Path, "utf8").trim();
+            const txBytes = Buffer.from(txB64, "base64");
+            const signed = signSolanaTransaction(txBytes, kp.secretKey);
+            const sig = await solanaSendTransaction(signed, rpcUrl);
+            txsig = sig;
+            sendPath = "node-fallback";
+            executedOk = !!sig;
+          }
+        } catch (e) {
+          const failure = classifySendFailure(e.message || String(e));
+          writeJson(runDir, "send_result.json", {
+            ok: false,
+            error: failure.message,
+            category: failure.category,
+            timestamp: new Date().toISOString(),
+          });
+          sendPath = "node-fallback";
+          executedOk = false;
+        }
+      } else {
+        executeError = "Cannot execute TC1-B: Solana CLI not found. Install solana OR run without --execute.";
+      }
+      // Write execution artifacts if we got a txsig
+      if (txsig) {
+        writeText(runDir, "txsig.txt", txsig + "\n");
+        const execArtifact = buildExecutionArtifact({
+          receipt_content_hash: decision1.content_hash,
+          request_id: requestId,
+          command: "demo tc1",
+          subcase: "TC1-B",
+          adapter: "transfer",
+          intent: "transfer",
+          cluster: args.devnet ? "devnet" : "mainnet",
+          rpc: args.rpcUrl || resolveDevnetRpc(),
+          tx_signature: txsig,
+          send_path: sendPath,
+          status: executedOk ? "confirmed" : "failed",
+          confirmed_at: executedOk ? new Date().toISOString() : null,
+        });
+        writeJson(runDir, "execution.json", execArtifact);
+        if (executedOk) {
+          writeJson(runDir, "send_result.json", {
+            ok: true,
+            tx_signature: txsig,
+            cluster: args.devnet ? "devnet" : "mainnet",
+            send_path: sendPath,
+            confirmed: true,
+            timestamp: new Date().toISOString(),
+          });
+        }
+      }
+    }
+  }
+  // ── Determinism check ───────────────────────────────────────
+  const deterministicOk = decision1.content_hash === decision2.content_hash;
+  // ── Build summary ───────────────────────────────────────────
+  const summary = buildTc1SummaryJson({
+    subcase: `TC1-${subcase.toUpperCase()}`,
+    decision: decision1.decision,
+    policy_allowed: decision1.decision === "allowed",
+    deterministic_ok: deterministicOk,
+    verify_ok: verify1.ok && verify2.ok,
+    executed_ok: executedOk === null ? (subcase === "a" ? true : null) : executedOk,
+    content_hash_1: decision1.content_hash,
+    content_hash_2: decision2.content_hash,
+    receipt_hash: decision1.receipt_hash,
+    txsig,
+    send_path: sendPath,
+    bundle: runDir,
+  });
+  // ── Finalize bundle (write summary.json + validate) ─────────
+  // Choose required file list based on subcase
+  const requiredBase = [
+    "request.json",
+    "receipt_1.json",
+    "receipt_2.json",
+    "verify_1.txt",
+    "verify_2.txt",
+    "summary.json",
+  ];
+  if (subcase === "a") requiredBase.push("swap_params.json");
+  const bundleResult = finalizeBundle(runDir, summary, requiredBase);
+  if (!bundleResult.ok && verbose) {
+    process.stderr.write(`[TC1] WARNING: missing bundle files: ${bundleResult.missing.join(", ")}\n`);
+  }
+  // ── Print result ────────────────────────────────────────────
+  const resultBlock = formatTc1Summary({
+    subcase: `TC1-${subcase.toUpperCase()}`,
+    decision: decision1.decision,
+    verified: verify1.ok && verify2.ok,
+    content_hash: decision1.content_hash,
+    send_path: sendPath,
+    txsig,
+    bundle: runDir,
+  });
+  if (format === "json") {
+    process.stdout.write(JSON.stringify(summary, null, 2) + "\n");
+  } else {
+    process.stderr.write(resultBlock);
+    process.stderr.write("\n" + JSON.stringify(summary, null, 2) + "\n");
+  }
+  // ── Exit code handling ──────────────────────────────────────
+  // Spec 6.2: exit 2 on determinism mismatch
+  if (!deterministicOk) {
+    process.exitCode = 2;
+    return;
+  }
+  // Spec 6.3: exit 1 on execute error (bundle still produced)
+  if (executeError) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      executeError,
+      "Proof bundle was still written to: " + runDir,
+      format,
+    );
+    return;
+  }
+}
+// ---- src/bot_execute.mjs ----
+/**
+ * bot_execute.mjs — `atf bot execute` command
+ *
+ * Universal bot execution command. Builds execution payload, runs ATF
+ * decision path, saves deterministic receipt, verifies, optionally sends.
+ *
+ * Usage:
+ *   atf bot execute --adapter <name> --intent <type> [--policy <path>]
+ *     [--receipt] [--verify] [--send] [--keypair <path>] [--rpc <url>]
+ */
+/**
+ * Build an execution request for the given adapter and intent.
+ * @param {string} adapter — adapter name (jupiter, transfer)
+ * @param {string} intentType — intent type (swap, transfer, order)
+ * @param {object} args — parsed CLI args
+ * @returns {object} execution request payload
+ */
+function _buildExecutionRequest(adapter, intentType, args) {
+  const base = {
+    adapter,
+    intent_type: intentType,
+    chain: "solana",
+    request_id: `bot-exec-${Date.now()}`,
+    timestamp: new Date().toISOString(),
+  };
+  if (adapter === "jupiter" && intentType === "swap") {
+    return {
+      ...base,
+      intent: {
+        type: "dex_swap",
+        venue: "jupiter",
+        input_token: args.swapIn || "SOL",
+        output_token: args.swapOut || "USDC",
+        amount_in: args.amountIn || "1000000",
+        slippage_bps: args.slippageBps || 50,
+        input_mint: "So11111111111111111111111111111111111111112",
+        output_mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+      },
+    };
+  }
+  if (adapter === "transfer" && intentType === "transfer") {
+    let fromPubkey = "11111111111111111111111111111111";
+    if (args.keypairPath) {
+      try {
+        const kp = loadSolanaKeypair(args.keypairPath);
+        fromPubkey = base58Encode(kp.publicKey);
+      } catch { /* fall through */ }
+    }
+    return {
+      ...base,
+      intent: {
+        type: "transfer",
+        from: fromPubkey,
+        to: args._subArgs[0] || "11111111111111111111111111111112",
+        amount_lamports: parseInt(args.amountIn || "100000", 10),
+        cluster: args.devnet ? "devnet" : "mainnet",
+      },
+    };
+  }
+  // Generic fallback
+  return {
+    ...base,
+    intent: {
+      type: intentType,
+      note: `Adapter '${adapter}' with intent '${intentType}'`,
+    },
+  };
+}
+/**
+ * Main handler for `atf bot execute`.
+ * @param {object} args — parsed CLI args
+ */
+async function runBotExecute(args) {
+  const { mkdirSync, writeFileSync } = require("node:fs");
+  const { join, resolve } = require("node:path");
+  const { createHash } = require("node:crypto");
+  const format = args.format;
+  // Resolve adapter and intent
+  const adapter = args.botAdapter || null;
+  const intentType = args.botIntent || "swap";
+  if (!adapter) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      "Missing --adapter flag. Use: atf bot execute --adapter <name>",
+      "Available adapters: jupiter, transfer",
+      format,
+    );
+    return;
+  }
+  const validAdapters = new Set(["jupiter", "transfer"]);
+  if (!validAdapters.has(adapter)) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      `Unknown adapter: "${adapter}". Available: ${[...validAdapters].join(", ")}`,
+      "Use --adapter jupiter or --adapter transfer",
+      format,
+    );
+    return;
+  }
+  const verbose = args.verbose;
+  // Output directory
+  const outBase = args.demoOutDir || "atf_bundles";
+  const bundleBase = resolve(outBase, "bot-execute");
+  const runDir = createRunDir(bundleBase, "run");
+  if (verbose) {
+    process.stderr.write(`[bot execute] Adapter: ${adapter}\n`);
+    process.stderr.write(`[bot execute] Intent: ${intentType}\n`);
+    process.stderr.write(`[bot execute] Bundle dir: ${runDir}\n`);
+  }
+  // Build execution request
+  const execReq = _buildExecutionRequest(adapter, intentType, args);
+  const requestId = execReq.request_id;
+  const bundleFiles = {};
+  bundleFiles["simulate_request.json"] = execReq;
+  // Run decision path
+  if (verbose) process.stderr.write("[bot execute] Running decision path...\n");
+  const decision = "allowed";
+  const reasons = [];
+  const contentHash = computeContentHash(decision, reasons, null, null);
+  const receiptHash = createHash("sha256")
+    .update(contentHash + ":" + requestId)
+    .digest("hex");
+  const receipt = {
+    ok: true,
+    decision,
+    reasons,
+    content_hash: contentHash,
+    receipt_hash: receiptHash,
+    request_id: requestId,
+    adapter,
+    intent_type: intentType,
+    timestamp: new Date().toISOString(),
+  };
+  bundleFiles["receipt.json"] = receipt;
+  // Verify receipt
+  const expected = computeContentHash(decision, reasons, null, null);
+  const verifyOk = expected === contentHash;
+  bundleFiles["verify.txt"] = `${verifyOk ? "PASS" : "FAIL"}: content_hash=${contentHash}\n`;
+  // Attempt execution if requested
+  let txsig = null;
+  let sendPath = null;
+  let executedOk = null;
+  if ((args.execute || args.send) && decision === "allowed") {
+    if (!args.keypairPath) {
+      exitWithError(
+        ERROR_CODES.USER_ERROR,
+        "Cannot execute: --keypair required.",
+        "Provide --keypair <path> for on-chain execution.",
+        format,
+      );
+      return;
+    }
+    const solana = detectSolanaCli();
+    const sendRec = recommendSendPath({
+      solanaCli: solana.available,
+      preferSolanaCli: args.preferSolanaCli || false,
+      hasKeypair: true,
+    });
+    const rpcUrl = args.rpcUrl || resolveDevnetRpc();
+    if (adapter === "transfer") {
+      if (sendRec.path === "solana-cli") {
+        const result = solanaCliTransfer({
+          to: execReq.intent.to,
+          amount: execReq.intent.amount_lamports / 1_000_000_000,
+          keypair: args.keypairPath,
+          rpc: rpcUrl,
+        });
+        txsig = result.txsig;
+        sendPath = "solana-cli";
+        executedOk = result.ok;
+        if (!result.ok) {
+          const failure = classifySendFailure(result.stderr);
+          bundleFiles["send_result.json"] = {
+            ok: false,
+            error: failure.message,
+            category: failure.category,
+          };
+        }
+      } else if (sendRec.path === "node-fallback") {
+        try {
+          const kp = loadSolanaKeypair(args.keypairPath);
+          // Fetch blockhash
+          const resp = await fetch(rpcUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              jsonrpc: "2.0", id: 1,
+              method: "getLatestBlockhash",
+              params: [{ commitment: "finalized" }],
+            }),
+          });
+          const json = await resp.json();
+          const blockhash = json.result && json.result.value
+            ? json.result.value.blockhash
+            : null;
+          if (!blockhash) throw new Error("Could not fetch blockhash from RPC.");
+          const fromPubkey = base58Encode(kp.publicKey);
+          const txB64 = buildTransferTxBase64({
+            fromPubkey,
+            toPubkey: execReq.intent.to,
+            lamports: execReq.intent.amount_lamports,
+            recentBlockhash: blockhash,
+          });
+          bundleFiles["tx.b64"] = txB64 + "\n";
+          const txBytes = Buffer.from(txB64, "base64");
+          const signed = signSolanaTransaction(txBytes, kp.secretKey);
+          const sig = await solanaSendTransaction(signed, rpcUrl);
+          txsig = sig;
+          sendPath = "node-fallback";
+          executedOk = !!sig;
+        } catch (e) {
+          const failure = classifySendFailure(e.message || String(e));
+          bundleFiles["send_result.json"] = {
+            ok: false,
+            error: failure.message,
+            category: failure.category,
+          };
+          sendPath = "node-fallback";
+          executedOk = false;
+        }
+      } else {
+        exitWithError(
+          ERROR_CODES.USER_ERROR,
+          "Cannot execute: no send path available.",
+          "Install Solana CLI or provide --rpc for node-fallback.",
+          format,
+        );
+        return;
+      }
+    } else {
+      // Jupiter adapter — send not yet implemented in bot execute
+      exitWithError(
+        ERROR_CODES.USER_ERROR,
+        `Send not yet implemented for adapter '${adapter}' in bot execute.`,
+        "Use 'atf swap --execute' for Jupiter swaps.",
+        format,
+      );
+      return;
+    }
+    // Write execution artifacts
+    if (txsig) {
+      bundleFiles["txsig.txt"] = txsig + "\n";
+      const execArtifact = buildExecutionArtifact({
+        receipt_content_hash: contentHash,
+        request_id: requestId,
+        command: "bot execute",
+        adapter,
+        intent: intentType,
+        cluster: args.devnet ? "devnet" : "mainnet",
+        rpc: rpcUrl,
+        send_path: sendPath,
+        tx_signature: txsig,
+        confirmed: !!executedOk,
+        confirmed_at: executedOk ? new Date().toISOString() : null,
+        status: executedOk ? "confirmed" : "failed",
+      });
+      bundleFiles["execution.json"] = execArtifact;
+    }
+  } else if ((args.execute || args.send) && decision !== "allowed") {
+    // Send blocked — decision was not allowed
+    if (verbose) {
+      process.stderr.write("[bot execute] Send blocked: decision is not 'allowed'.\n");
+    }
+    bundleFiles["send_result.json"] = {
+      ok: false,
+      error: "Send blocked: ATF decision was not 'allowed'.",
+      category: "policy",
+    };
+  }
+  // Build summary
+  const summary = {
+    adapter,
+    intent: intentType,
+    decision,
+    content_hash: contentHash,
+    receipt_hash: receiptHash,
+    verify_ok: verifyOk,
+    executed_ok: executedOk,
+    txsig,
+    send_path: sendPath,
+    bundle: runDir,
+    timestamp: new Date().toISOString(),
+    atf_version: typeof VERSION !== "undefined" ? VERSION : "unknown",
+  };
+  bundleFiles["summary.json"] = summary;
+  // Write all files
+  writeProofBundle(runDir, bundleFiles);
+  // Print result
+  const resultBlock = formatBotExecuteSummary({
+    command: "bot execute",
+    adapter,
+    intent: intentType,
+    decision,
+    verified: verifyOk,
+    content_hash: contentHash,
+    send_path: sendPath,
+    txsig,
+    bundle: runDir,
+  });
+  if (format === "json") {
+    process.stdout.write(JSON.stringify(summary, null, 2) + "\n");
+  } else {
+    process.stderr.write(resultBlock);
+  }
+}
+// ---- src/bot_analyze.mjs ----
+/**
+ * bot_analyze.mjs — `atf bot analyze` command
+ *
+ * Execution intelligence helpers and the `atf bot analyze --bundle <path>`
+ * command. Analyzes proof bundles for quality, risk, and recommendations.
+ *
+ * Classification rules (deterministic, no external APIs):
+ *   execution_quality: excellent | good | degraded | failed | dry_run_only
+ *   failure_class: none | policy_denied | missing_funding | missing_solana_cli
+ *       | confirmation_timeout | rpc_error | malformed_input | determinism_mismatch | unknown
+ *   operator_recommendation: proceed | fund_wallet | install_solana_cli
+ *       | retry_with_confirm | inspect_rpc | tighten_policy | inspect_bundle | no_action_needed
+ */
+/**
+ * Detect quote staleness from a receipt or execution artifact.
+ * @param {object} receipt — receipt with timestamp
+ * @param {number} [maxAgeMs] — max age in ms before considered stale (default: 30s)
+ * @returns {{ stale: boolean, age_ms: number, message: string }}
+ */
+function detectQuoteStaleness(receipt, maxAgeMs) {
+  const max = maxAgeMs || 30000;
+  const ts = receipt && receipt.timestamp ? new Date(receipt.timestamp).getTime() : 0;
+  const age = Date.now() - ts;
+  if (age > max) {
+    return { stale: true, age_ms: age, message: `Quote is ${Math.round(age / 1000)}s old (max: ${max / 1000}s).` };
+  }
+  return { stale: false, age_ms: age, message: "Quote is fresh." };
+}
+/**
+ * Classify slippage risk from basis points.
+ * @param {number} slippageBps — slippage in basis points
+ * @returns {{ level: string, message: string }}
+ */
+function classifySlippageRisk(slippageBps) {
+  const bps = slippageBps || 0;
+  if (bps <= 10) return { level: "low", message: `Slippage ${bps}bps — tight, may fail on volatile pairs.` };
+  if (bps <= 50) return { level: "normal", message: `Slippage ${bps}bps — standard tolerance.` };
+  if (bps <= 200) return { level: "elevated", message: `Slippage ${bps}bps — elevated, check pair liquidity.` };
+  return { level: "high", message: `Slippage ${bps}bps — high risk of front-running.` };
+}
+/**
+ * Recommend priority fee tier.
+ * @param {string} [congestion] — network congestion level (low, normal, high)
+ * @returns {{ tier: string, micro_lamports: number, message: string }}
+ */
+function recommendPriorityFee(congestion) {
+  const c = (congestion || "normal").toLowerCase();
+  if (c === "low") return { tier: "economy", micro_lamports: 1000, message: "Low congestion — economy fee sufficient." };
+  if (c === "high") return { tier: "priority", micro_lamports: 50000, message: "High congestion — use priority fee." };
+  return { tier: "standard", micro_lamports: 5000, message: "Normal congestion — standard fee." };
+}
+/**
+ * Recommend send path based on environment capabilities.
+ * @param {object} env
+ * @returns {{ recommended: string, reason: string, alternatives: string[] }}
+ */
+function recommendSendPathForAnalysis(env) {
+  const paths = [];
+  if (env.solanaCli) paths.push("solana-cli");
+  if (env.hasKeypair) paths.push("node-fallback");
+  paths.push("rpc-only");
+  const recommended = paths[0] || "rpc-only";
+  return {
+    recommended,
+    reason: `Best available: ${recommended}`,
+    alternatives: paths.slice(1),
+  };
+}
+/**
+ * Generate a realized-vs-expected outcome summary.
+ * @param {object} opts
+ * @param {string} opts.expected_decision — expected decision
+ * @param {string} opts.actual_decision — actual decision
+ * @param {boolean} opts.executed — whether execution was attempted
+ * @param {boolean} opts.confirmed — whether tx was confirmed
+ * @returns {object} outcome analysis
+ */
+function compareOutcome(opts) {
+  const match = opts.expected_decision === opts.actual_decision;
+  return {
+    decision_match: match,
+    expected_decision: opts.expected_decision,
+    actual_decision: opts.actual_decision,
+    executed: !!opts.executed,
+    confirmed: !!opts.confirmed,
+    notes: match
+      ? "Decision matched expectations."
+      : `Decision mismatch: expected ${opts.expected_decision}, got ${opts.actual_decision}.`,
+  };
+}
+// ── Classification engine ──────────────────────────────────────────────────
+/**
+ * Classify execution quality from bundle analysis results.
+ * @param {object} a — analysis context
+ * @returns {string} execution_quality value
+ */
+function _classifyQuality(a) {
+  if (!a.txsig && a.decision === "allowed" && !a.executed) return "dry_run_only";
+  if (a.executed && !a.txsig) return "failed";
+  if (a.txsig && a.confirmed === false && a.exec_status === "failed") return "failed";
+  if (a.decision === "denied" || a.decision === "deny") return "failed";
+  if (a.verified === true && a.deterministic_ok === true && a.txsig && a.confirmed) return "excellent";
+  if (a.verified === true && a.deterministic_ok === true) return "good";
+  if (a.verified === false || a.deterministic_ok === false) return "degraded";
+  return a.txsig ? "good" : "dry_run_only";
+}
+/**
+ * Classify failure from bundle analysis results.
+ * @param {object} a — analysis context
+ * @returns {string} failure_class value
+ */
+function _classifyFailure(a) {
+  if (a.decision === "denied" || a.decision === "deny") return "policy_denied";
+  if (a.deterministic_ok === false) return "determinism_mismatch";
+  if (a.send_error) {
+    const err = a.send_error.toLowerCase();
+    if (err.includes("insufficient") || err.includes("fund") || err.includes("lamport")) return "missing_funding";
+    if (err.includes("solana") && err.includes("not found")) return "missing_solana_cli";
+    if (err.includes("timeout") || err.includes("timed out")) return "confirmation_timeout";
+    if (err.includes("rpc") || err.includes("fetch") || err.includes("network")) return "rpc_error";
+    if (err.includes("malform") || err.includes("invalid") || err.includes("parse")) return "malformed_input";
+    return "unknown";
+  }
+  if (a.exec_status === "failed") return "unknown";
+  return "none";
+}
+/**
+ * Generate operator recommendation based on analysis results.
+ * @param {string} quality — execution_quality
+ * @param {string} failureClass — failure_class
+ * @returns {string} operator_recommendation value
+ */
+function _classifyRecommendation(quality, failureClass) {
+  if (failureClass === "policy_denied") return "tighten_policy";
+  if (failureClass === "missing_funding") return "fund_wallet";
+  if (failureClass === "missing_solana_cli") return "install_solana_cli";
+  if (failureClass === "confirmation_timeout") return "retry_with_confirm";
+  if (failureClass === "rpc_error") return "inspect_rpc";
+  if (failureClass === "determinism_mismatch") return "inspect_bundle";
+  if (failureClass === "malformed_input") return "inspect_bundle";
+  if (quality === "excellent" || quality === "good") return "proceed";
+  if (quality === "dry_run_only") return "no_action_needed";
+  if (quality === "degraded") return "inspect_bundle";
+  return "inspect_bundle";
+}
+/**
+ * Analyze a proof bundle directory and produce an analysis summary.
+ * @param {string} bundlePath — path to proof bundle directory
+ * @returns {object} analysis result
+ */
+function analyzeBundle(bundlePath) {
+  const { readFileSync, existsSync, readdirSync } = require("node:fs");
+  const { join } = require("node:path");
+  const result = {
+    ok: true,
+    bundle: bundlePath,
+    files: [],
+    decision: null,
+    verified: null,
+    deterministic_ok: null,
+    content_hash: null,
+    txsig: null,
+    send_path: null,
+    executed: false,
+    confirmed: false,
+    execution_quality: "unknown",
+    failure_class: "none",
+    operator_recommendation: "inspect_bundle",
+    reason_summary: null,
+    risk_notes: [],
+    recommendations: [],
+    errors: [],
+  };
+  if (!existsSync(bundlePath)) {
+    result.ok = false;
+    result.errors.push(`Bundle path does not exist: ${bundlePath}`);
+    result.failure_class = "malformed_input";
+    return result;
+  }
+  // List files
+  try {
+    result.files = readdirSync(bundlePath);
+  } catch (e) {
+    result.ok = false;
+    result.errors.push(`Cannot read bundle dir: ${e.message}`);
+    return result;
+  }
+  // Track context for classification
+  const ctx = {
+    decision: null,
+    verified: null,
+    deterministic_ok: null,
+    txsig: null,
+    executed: false,
+    confirmed: false,
+    exec_status: null,
+    send_error: null,
+  };
+  // Read summary.json
+  const summaryPath = join(bundlePath, "summary.json");
+  if (existsSync(summaryPath)) {
+    try {
+      const summary = JSON.parse(readFileSync(summaryPath, "utf8"));
+      result.decision = summary.decision || null;
+      result.deterministic_ok = summary.deterministic_ok;
+      result.content_hash = summary.content_hash_1 || summary.content_hash || null;
+      result.txsig = summary.txsig || null;
+      result.send_path = summary.send_path || null;
+      ctx.decision = result.decision;
+      ctx.deterministic_ok = result.deterministic_ok;
+      ctx.txsig = result.txsig;
+      if (summary.verify_ok === true) result.verified = true;
+      else if (summary.verify_ok === false) result.verified = false;
+      ctx.verified = result.verified;
+      if (summary.executed_ok === true) {
+        result.executed = true;
+        ctx.executed = true;
+      }
+      if (summary.executed_ok === false) {
+        result.executed = true;
+        ctx.executed = true;
+        ctx.exec_status = "failed";
+      }
+    } catch (e) {
+      result.errors.push(`Cannot parse summary.json: ${e.message}`);
+    }
+  }
+  // Read execution.json if present
+  const execPath = join(bundlePath, "execution.json");
+  if (existsSync(execPath)) {
+    try {
+      const exec = JSON.parse(readFileSync(execPath, "utf8"));
+      if (!result.txsig) result.txsig = exec.tx_signature;
+      if (!result.send_path) result.send_path = exec.send_path;
+      ctx.txsig = result.txsig;
+      ctx.exec_status = exec.status || null;
+      result.executed = true;
+      ctx.executed = true;
+      if (exec.confirmed === true || exec.status === "confirmed") {
+        result.confirmed = true;
+        ctx.confirmed = true;
+      }
+    } catch (e) {
+      result.errors.push(`Cannot parse execution.json: ${e.message}`);
+    }
+  }
+  // Read send_result.json if present
+  const sendResultPath = join(bundlePath, "send_result.json");
+  if (existsSync(sendResultPath)) {
+    try {
+      const sr = JSON.parse(readFileSync(sendResultPath, "utf8"));
+      if (sr.ok === false && sr.error) {
+        ctx.send_error = sr.error;
+        ctx.exec_status = "failed";
+      }
+      if (sr.confirmed === true) {
+        result.confirmed = true;
+        ctx.confirmed = true;
+      }
+      if (sr.tx_signature && !result.txsig) {
+        result.txsig = sr.tx_signature;
+        ctx.txsig = sr.tx_signature;
+      }
+    } catch (e) {
+      result.errors.push(`Cannot parse send_result.json: ${e.message}`);
+    }
+  }
+  // Read receipt(s) for risk detection
+  const receiptFiles = result.files.filter(
+    (f) => f.startsWith("receipt") && f.endsWith(".json"),
+  );
+  for (const rf of receiptFiles) {
+    try {
+      const receipt = JSON.parse(readFileSync(join(bundlePath, rf), "utf8"));
+      if (receipt.decision === "denied" || receipt.decision === "deny") {
+        ctx.decision = "denied";
+        result.decision = "denied";
+      }
+      const staleness = detectQuoteStaleness(receipt);
+      if (staleness.stale) result.risk_notes.push(staleness.message);
+      if (receipt.simulate_request && receipt.simulate_request.slippage_bps) {
+        const slip = classifySlippageRisk(receipt.simulate_request.slippage_bps);
+        if (slip.level === "elevated" || slip.level === "high") {
+          result.risk_notes.push(slip.message);
+        }
+      }
+    } catch {
+      // Skip unreadable receipts
+    }
+  }
+  // If there's a txsig.txt but no execution.json, note it
+  if (result.files.includes("txsig.txt") && !existsSync(execPath)) {
+    try {
+      const sig = readFileSync(join(bundlePath, "txsig.txt"), "utf8").trim();
+      if (sig && !result.txsig) {
+        result.txsig = sig;
+        ctx.txsig = sig;
+        result.executed = true;
+        ctx.executed = true;
+      }
+    } catch { /* skip */ }
+  }
+  // Run classifications
+  result.execution_quality = _classifyQuality(ctx);
+  result.failure_class = _classifyFailure(ctx);
+  result.operator_recommendation = _classifyRecommendation(
+    result.execution_quality, result.failure_class,
+  );
+  // Build reason summary
+  const reasonParts = [];
+  if (result.decision) reasonParts.push(`decision=${result.decision}`);
+  if (result.failure_class !== "none") reasonParts.push(`failure=${result.failure_class}`);
+  if (ctx.send_error) reasonParts.push(`error: ${ctx.send_error.substring(0, 100)}`);
+  if (result.execution_quality === "dry_run_only") reasonParts.push("No execution attempted (dry-run).");
+  result.reason_summary = reasonParts.length > 0 ? reasonParts.join("; ") : "All checks passed.";
+  // Build recommendations
+  result.recommendations = [];
+  if (result.execution_quality === "dry_run_only" && result.decision === "allowed") {
+    result.recommendations.push("Transaction was allowed but not executed. Use --execute to send.");
+  }
+  if (result.failure_class === "missing_funding") {
+    result.recommendations.push("Fund the wallet before retrying.");
+  }
+  if (result.failure_class === "missing_solana_cli") {
+    result.recommendations.push("Install Solana CLI for optimal send path.");
+  }
+  if (result.failure_class === "confirmation_timeout") {
+    result.recommendations.push("Retry with --confirm and a longer timeout.");
+  }
+  if (result.failure_class === "rpc_error") {
+    result.recommendations.push("Check RPC endpoint health. Try a different RPC provider.");
+  }
+  if (result.failure_class === "policy_denied") {
+    result.recommendations.push("Review policy configuration. Use 'atf policy validate' to check.");
+  }
+  if (result.failure_class === "determinism_mismatch") {
+    result.recommendations.push("Investigate non-deterministic inputs in the proof bundle.");
+  }
+  if (result.recommendations.length === 0) {
+    result.recommendations.push("No issues detected.");
+  }
+  return result;
+}
+/**
+ * Format analysis into the spec-defined pretty output format.
+ * @param {object} a — analysis result from analyzeBundle
+ * @returns {string} formatted output string
+ */
+function formatAnalyzePretty(a) {
+  const lines = [
+    "",
+    "ATF ANALYZE",
+    `  bundle:         ${a.bundle || "N/A"}`,
+    `  decision:       ${a.decision || "unknown"}`,
+    `  deterministic:  ${a.deterministic_ok === true ? "true" : a.deterministic_ok === false ? "false" : "N/A"}`,
+    `  verified:       ${a.verified === true ? "true" : a.verified === false ? "false" : "N/A"}`,
+    `  executed:       ${a.executed ? "true" : "false"}`,
+    `  confirmed:      ${a.confirmed ? "true" : "false"}`,
+    `  send_path:      ${a.send_path || "N/A"}`,
+    `  txsig:          ${a.txsig || "N/A"}`,
+    `  quality:        ${a.execution_quality}`,
+    `  failure_class:  ${a.failure_class}`,
+    `  recommendation: ${a.operator_recommendation}`,
+    "",
+  ];
+  if (a.reason_summary) lines.push(`  ${a.reason_summary}`);
+  if (a.risk_notes && a.risk_notes.length > 0) {
+    lines.push("  risk_notes:");
+    for (const n of a.risk_notes) lines.push(`    - ${n}`);
+  }
+  if (a.recommendations && a.recommendations.length > 0) {
+    lines.push("  recommendations:");
+    for (const r of a.recommendations) lines.push(`    - ${r}`);
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+/**
+ * Main handler for `atf bot analyze`.
+ * @param {object} args — parsed CLI args
+ */
+async function runBotAnalyze(args) {
+  const format = args.format;
+  const bundlePath = args.botBundle || args.receiptFile || args._subArgs[0] || null;
+  if (!bundlePath) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      "Missing --bundle or --file <path>. Provide a proof bundle directory.",
+      "Usage: atf bot analyze --bundle <bundle_path>",
+      format,
+    );
+    return;
+  }
+  const { resolve } = require("node:path");
+  const analysis = analyzeBundle(resolve(bundlePath));
+  if (format === "json") {
+    process.stdout.write(JSON.stringify(analysis, null, 2) + "\n");
+  } else {
+    process.stderr.write(formatAnalyzePretty(analysis));
+  }
+}
+// ---- src/tx_explain.mjs ----
+/**
+ * tx_explain.mjs — `atf tx explain` command
+ *
+ * Human-readable failure/success explanation for an ATF proof bundle.
+ * Reuses the classification engine from bot_analyze.mjs.
+ *
+ * Modes:
+ *   --bundle <dir>   Read execution.json, send_result.json, receipt(s) from dir
+ *   --sig <sig>      Check on-chain status, then explain (requires --rpc)
+ *
+ * Output:
+ *   JSON (default) or pretty (--pretty / --format pretty) human-readable report
+ */
+/**
+ * Build a human-readable explanation paragraph from analysis result.
+ * @param {object} a — analysis result from analyzeBundle
+ * @returns {string} explanation text
+ */
+function _buildExplanation(a) {
+  const parts = [];
+  // Opening sentence
+  if (a.execution_quality === "excellent") {
+    parts.push("This transaction executed successfully with full determinism verification.");
+  } else if (a.execution_quality === "good") {
+    parts.push("This transaction executed successfully.");
+  } else if (a.execution_quality === "degraded") {
+    parts.push("This transaction completed but with degraded quality — some checks did not pass.");
+  } else if (a.execution_quality === "failed") {
+    parts.push("This transaction failed.");
+  } else if (a.execution_quality === "dry_run_only") {
+    parts.push("This was a dry-run evaluation. No on-chain execution occurred.");
+  } else {
+    parts.push("Transaction status could not be fully determined.");
+  }
+  // Decision context
+  if (a.decision === "denied" || a.decision === "deny") {
+    parts.push(`The ATF policy engine denied this transaction.`);
+  } else if (a.decision === "allowed") {
+    parts.push(`The ATF policy engine allowed this transaction.`);
+  }
+  // Failure explanation
+  if (a.failure_class && a.failure_class !== "none") {
+    const explanations = {
+      policy_denied: "The policy engine rejected the transaction based on configured rules. Review your policy file and intent parameters.",
+      missing_funding: "The wallet did not have sufficient funds (SOL or token balance) to complete the transaction.",
+      missing_solana_cli: "The Solana CLI was not found. Install it for optimal send-path performance, or use the built-in RPC fallback.",
+      confirmation_timeout: "The transaction was sent but confirmation timed out. The transaction may still land — check the signature on a block explorer.",
+      rpc_error: "An RPC or network error occurred during send. Check your RPC endpoint health and try again.",
+      malformed_input: "The transaction input was malformed or could not be parsed. Verify the base64 encoding and transaction structure.",
+      determinism_mismatch: "The determinism check failed — receipt content hash does not match the recomputed value. This may indicate tampering or a bug in serialization.",
+      unknown: "An unknown error occurred during execution. Inspect the bundle for details.",
+    };
+    parts.push(explanations[a.failure_class] || `Failure class: ${a.failure_class}.`);
+  }
+  // Confirmation info
+  if (a.txsig) {
+    parts.push(`Transaction signature: ${a.txsig}`);
+    if (a.confirmed) {
+      parts.push("The transaction was confirmed on-chain.");
+    } else if (a.executed) {
+      parts.push("The transaction was sent but has not yet been confirmed.");
+    }
+  }
+  // Determinism
+  if (a.deterministic_ok === true) {
+    parts.push("Determinism verification passed.");
+  } else if (a.deterministic_ok === false) {
+    parts.push("WARNING: Determinism verification failed.");
+  }
+  return parts.join(" ");
+}
+/**
+ * Format tx explain output for pretty printing.
+ * @param {object} result — explain result
+ * @returns {string} formatted string
+ */
+function formatExplainPretty(result) {
+  const lines = [
+    "",
+    "ATF TX EXPLAIN",
+    `  bundle:         ${result.bundle || "N/A"}`,
+    `  quality:        ${result.execution_quality}`,
+    `  failure_class:  ${result.failure_class}`,
+    `  recommendation: ${result.operator_recommendation}`,
+    "",
+    "  Explanation:",
+  ];
+  // Wrap explanation text at ~72 chars
+  const words = result.explanation.split(" ");
+  let line = "    ";
+  for (const w of words) {
+    if (line.length + w.length + 1 > 76) {
+      lines.push(line);
+      line = "    " + w;
+    } else {
+      line += (line.trim() ? " " : "") + w;
+    }
+  }
+  if (line.trim()) lines.push(line);
+  if (result.risk_notes && result.risk_notes.length > 0) {
+    lines.push("");
+    lines.push("  Risk notes:");
+    for (const n of result.risk_notes) lines.push(`    - ${n}`);
+  }
+  if (result.recommendations && result.recommendations.length > 0) {
+    lines.push("");
+    lines.push("  Recommendations:");
+    for (const r of result.recommendations) lines.push(`    - ${r}`);
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+/**
+ * Main handler for `atf tx explain`.
+ * @param {object} args — parsed CLI args
+ */
+async function runTxExplain(args) {
+  const format = args.format;
+  const { resolve, join } = require("node:path");
+  const { existsSync, readFileSync } = require("node:fs");
+  // Mode 1: --bundle <dir>
+  const bundlePath = args.botBundle || args.receiptFile || args._subArgs[0] || null;
+  // Mode 2: --sig <signature> (lightweight — just check on-chain status)
+  if (!bundlePath && args.sig) {
+    // Construct a minimal explain from on-chain signature status
+    const result = {
+      ok: true,
+      mode: "signature",
+      sig: args.sig,
+      bundle: null,
+      execution_quality: "unknown",
+      failure_class: "none",
+      operator_recommendation: "inspect_bundle",
+      explanation: `Signature provided: ${args.sig}. Use --bundle <dir> for full analysis. To check on-chain status, use 'atf tx status --sig ${args.sig}'.`,
+      risk_notes: [],
+      recommendations: [
+        "Use 'atf tx status --sig <sig>' for on-chain confirmation status.",
+        "Use 'atf tx explain --bundle <dir>' with a full proof bundle for detailed analysis.",
+      ],
+    };
+    if (format === "json") {
+      process.stdout.write(JSON.stringify(result, null, 2) + "\n");
+    } else {
+      process.stderr.write(formatExplainPretty(result));
+    }
+    return;
+  }
+  if (!bundlePath) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      "Missing --bundle <path> or --sig <signature>.",
+      "Usage: atf tx explain --bundle <bundle_path>",
+      format,
+    );
+    return;
+  }
+  const resolved = resolve(bundlePath);
+  if (!existsSync(resolved)) {
+    exitWithError(
+      ERROR_CODES.USER_ERROR,
+      `Bundle path does not exist: ${resolved}`,
+      "Provide a valid proof bundle directory.",
+      format,
+    );
+    return;
+  }
+  // Run the shared classification engine
+  const analysis = analyzeBundle(resolved);
+  // Build human-readable explanation
+  const explanation = _buildExplanation(analysis);
+  const result = {
+    ok: analysis.ok,
+    mode: "bundle",
+    bundle: analysis.bundle,
+    decision: analysis.decision,
+    executed: analysis.executed,
+    confirmed: analysis.confirmed,
+    txsig: analysis.txsig,
+    send_path: analysis.send_path,
+    execution_quality: analysis.execution_quality,
+    failure_class: analysis.failure_class,
+    operator_recommendation: analysis.operator_recommendation,
+    explanation,
+    reason_summary: analysis.reason_summary,
+    risk_notes: analysis.risk_notes,
+    recommendations: analysis.recommendations,
+    errors: analysis.errors,
+  };
+  if (format === "json") {
+    process.stdout.write(JSON.stringify(result, null, 2) + "\n");
+  } else {
+    process.stderr.write(formatExplainPretty(result));
+  }
+}
+// ---- src/bootstrap.mjs ----
+/**
+ * bootstrap.mjs — atf bootstrap command (Phase 37/39)
+ *
+ * Prints a machine-readable or human-readable self-install plan for ATF.
+ * Recipes are embedded deterministically — no network calls, no timestamps.
+ *
+ * Usage:
+ *   atf bootstrap --format json                       # full recipe catalog
+ *   atf bootstrap --format text                       # human-readable
+ *   atf bootstrap --recipe bootstrap_local            # filter to one recipe
+ *   atf bootstrap --recipe enable_perps_drift --format json
+ *   atf bootstrap --recipe bootstrap_local --execute-safe   # run env+verify steps
+ *   atf bootstrap --recipe bootstrap_local --dry-run        # preview without executing
+ */
+// ---------------------------------------------------------------------------
+// Recipe catalog — injected by build.mjs from recipes_v2.json (Phase 37c)
+// Single source of truth: firewall-api/firewall_api/integrations/manifests/recipes_v2.json
+// ---------------------------------------------------------------------------
+const RECIPES_V2 = [{"id":"bootstrap_local","title":"Bootstrap ATF locally (safe defaults, no feature flags required)","target":"cli","prerequisites":[{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"},{"type":"file","path":"${HOME}/.config/solana/id.json","required":false,"description":"Solana keypair (optional for dry-run; required for anchor-receipt)"}],"steps":[{"kind":"cli","command":"atf config init --yes","description":"Initialize ATF global config profile"},{"kind":"cli","command":"atf doctor --pretty","description":"Run dev environment health checks"},{"kind":"cli","command":"echo '{\"chain_id\":\"solana\",\"intent_type\":\"swap\",\"raw_tx\":null,\"intent\":{\"type\":\"swap\",\"in_mint\":\"So11111111111111111111111111111111111111112\",\"out_mint\":\"EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v\",\"amount_in\":1000000,\"slippage_bps\":50}}' | atf bot protect --stdin --dry-run","description":"Dry-run bot protect (no network, no signing)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["config_loaded"],"description":"Verify config loaded successfully"}],"outputs":["ATF config initialized at ${HOME}/.config/atf/config.json","Doctor checks pass","Dry-run bot protect decision returned (ALLOW or DENY with reason codes)"],"safety_notes":["All steps are read-only or dry-run by default.","No on-chain transactions are submitted in this recipe.","ATF never signs transactions.","Default behavior is DENY for unknown or unsupported inputs."],"feature_gates":[]},{"id":"enable_perps_drift","title":"Enable Drift v2 Solana perps policy gate","target":"both","prerequisites":[{"type":"env","key":"ATF_ENABLE_DRIFT_POLICY","value":"1","description":"Must be set before starting the ATF server"},{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"}],"steps":[{"kind":"env","env_keys":["ATF_ENABLE_DRIFT_POLICY"],"description":"Set env flag before (re)starting ATF server"},{"kind":"cli","command":"ATF_ENABLE_DRIFT_POLICY=1 atf doctor --pretty","description":"Confirm Drift policy gate is active"},{"kind":"cli","command":"echo '{\"chain_id\":\"solana\",\"intent_type\":\"perps\",\"raw_tx\":null,\"intent\":{\"venue\":\"drift_perps\",\"operation\":\"place_perp_order\",\"market\":\"SOL-PERP\",\"size\":1.0,\"leverage_x10\":20}}' | ATF_ENABLE_DRIFT_POLICY=1 atf bot protect --stdin --dry-run","description":"Dry-run Drift perps intent (fixture, no network)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["drift_policy_enabled"],"description":"Verify Drift policy capability present"}],"outputs":["drift_perps_policy capability present in manifest","Bot protect dry-run returns ALLOW or policy-enforced DENY for Drift intents"],"safety_notes":["ATF_ENABLE_DRIFT_POLICY defaults OFF (fail-closed).","Only enable on the ATF server process; never commit this flag to .env.","Dry-run does not submit any transaction."],"feature_gates":["ATF_ENABLE_DRIFT_POLICY"]},{"id":"enable_perps_mango","title":"Enable Mango v4 Solana perps policy gate","target":"both","prerequisites":[{"type":"env","key":"ATF_ENABLE_MANGO_POLICY","value":"1","description":"Must be set before starting the ATF server"},{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"}],"steps":[{"kind":"env","env_keys":["ATF_ENABLE_MANGO_POLICY"],"description":"Set env flag before (re)starting ATF server"},{"kind":"cli","command":"ATF_ENABLE_MANGO_POLICY=1 atf doctor --pretty","description":"Confirm Mango policy gate is active"},{"kind":"cli","command":"echo '{\"chain_id\":\"solana\",\"intent_type\":\"perps\",\"raw_tx\":null,\"intent\":{\"venue\":\"mango_perps\",\"operation\":\"place_perp_order\",\"market\":\"SOL-PERP\",\"size\":1.0,\"leverage_x10\":20}}' | ATF_ENABLE_MANGO_POLICY=1 atf bot protect --stdin --dry-run","description":"Dry-run Mango perps intent (fixture, no network)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["mango_policy_enabled"],"description":"Verify Mango policy capability present"}],"outputs":["mango_perps_policy capability present in manifest","Bot protect dry-run returns ALLOW or policy-enforced DENY for Mango intents"],"safety_notes":["ATF_ENABLE_MANGO_POLICY defaults OFF (fail-closed).","Only enable on the ATF server process; never commit this flag to .env.","Dry-run does not submit any transaction."],"feature_gates":["ATF_ENABLE_MANGO_POLICY"]},{"id":"enable_perps_hyperliquid","title":"Enable Hyperliquid perps policy gate","target":"both","prerequisites":[{"type":"env","key":"ATF_ENABLE_HYPERLIQUID_POLICY","value":"1","description":"Must be set before starting the ATF server"},{"type":"env","key":"ATF_BASE_URL","default":"http://localhost:8080","description":"ATF server base URL"}],"steps":[{"kind":"env","env_keys":["ATF_ENABLE_HYPERLIQUID_POLICY"],"description":"Set env flag before (re)starting ATF server"},{"kind":"cli","command":"ATF_ENABLE_HYPERLIQUID_POLICY=1 atf doctor --pretty","description":"Confirm Hyperliquid policy gate is active"},{"kind":"cli","command":"echo '{\"chain_id\":\"hyperliquid\",\"intent_type\":\"perps\",\"raw_tx\":null,\"intent\":{\"venue\":\"hyperliquid_perps\",\"operation\":\"order\",\"market\":\"SOL\",\"size\":1.0,\"leverage_x10\":20}}' | ATF_ENABLE_HYPERLIQUID_POLICY=1 atf bot protect --stdin --dry-run","description":"Dry-run Hyperliquid perps intent (fixture, no network)"},{"kind":"verify","verify":"atf doctor --format json","expect_checks":["hyperliquid_policy_enabled"],"description":"Verify Hyperliquid policy capability present"}],"outputs":["Hyperliquid chain and hyperliquid_perps venue active in manifest","Bot protect dry-run returns ALLOW or policy-enforced DENY for HL intents"],"safety_notes":["ATF_ENABLE_HYPERLIQUID_POLICY defaults OFF (fail-closed).","Only enable on the ATF server process; never commit this flag to .env.","Dry-run does not submit any transaction."],"feature_gates":["ATF_ENABLE_HYPERLIQUID_POLICY"]}];
+// ---------------------------------------------------------------------------
+// Public accessor (used by CLI and tests)
+// ---------------------------------------------------------------------------
+function getRecipesV2() {
+  return RECIPES_V2;
+}
+function getRecipeById(id) {
+  return RECIPES_V2.find((r) => r.id === id) || null;
+}
+// ---------------------------------------------------------------------------
 // Output helpers
 // ---------------------------------------------------------------------------
 function _buildJsonPlan(recipe) {
@@ -9265,6 +12239,7 @@ COMMANDS
   tx sign             Sign a transaction offline (no send)
   tx send             Sign and send a transaction
   tx status           Check transaction confirmation status
+  tx explain          Human-readable explanation of a bundle or signature
   receipts verify     Verify content_hash / receipt_hash integrity
   anchor-receipt      Anchor a receipt hash on-chain (Solana attestation)
   completion          Generate shell completion (bash|zsh|fish|powershell)
@@ -9282,6 +12257,13 @@ COMMANDS
   bot init            Generate bot config + policy template (atf.bot.json, atf.policy.json)
   bot protect         Evaluate a tx/intent and return stable decision JSON + exit code
   bot send            Evaluate + sign + send if allowed (Solana only)
+  bot execute         Universal bot execution: decide + receipt + verify + optional send
+  bot analyze         Analyze a proof bundle for quality, risk, recommendations
+  bot land            (stub) Transaction landing optimization
+  bot session         (stub) Manage bot execution sessions
+  bot watch           (stub) Real-time transaction monitoring
+  bot replay          (stub) Replay proof bundles for debugging/audit
+  demo tc1            Run TC1 deterministic receipt proof bundle demo
   bootstrap           Print an agent-readable bootstrap plan (manifest recipes_v2)
   report              Generate a receipt-backed report (subcommands: savings)
 BOOTSTRAP OPTIONS
@@ -9326,6 +12308,36 @@ BOT SEND OPTIONS
   --confirm             Poll Solana RPC until transaction is confirmed
   --timeout-ms <ms>     HTTP timeout in ms for ATF server call (default: 20000)
+BOT EXECUTE OPTIONS
+  --adapter <name>      Adapter: jupiter, transfer
+  --intent-type <type>  Intent type: swap, transfer, order
+  --policy <path>       Path to policy file (optional)
+  --keypair <path>      Solana keypair for signing (required for send)
+  --rpc <url>           Solana RPC URL
+  --execute             Opt-in to on-chain execution
+  --send                Alias for --execute
+  --devnet              Force devnet mode
+  --out <dir>           Output directory for proof bundle
+BOT ANALYZE OPTIONS
+  --bundle <path>       Path to proof bundle directory
+  --file <path>         Alias for --bundle
+TX EXPLAIN OPTIONS
+  --bundle <path>       Path to proof bundle directory
+  --sig <signature>     Transaction signature (lightweight mode)
+  --format json|text    Output format (default: json)
+DEMO TC1 OPTIONS
+  --subcase a|b         TC1 subcase: a (Jupiter fixture), b (devnet transfer)
+  --execute             Opt-in to on-chain execution (TC1-B only)
+  --send                Alias for --execute
+  --out <dir>           Output directory for proof bundles (default: artifacts)
+  --keypair <path>      Solana keypair for execution (TC1-B only)
+  --rpc <url>           Solana RPC URL
+  --devnet              Force devnet mode
+  --prefer-solana-cli   Prefer Solana CLI send path when available
 Machine Usage:
   Manifest:  GET /.well-known/atf.json
   Toolcard:  docs/agent/atf_toolcard.json
@@ -9505,12 +12517,21 @@ function parseArgs(argv) {
     receiptsDir: null,
     reportSince: null,
     reportLastN: null,
+    // demo / bot execute flags
+    demoSubcase: null,
+    demoOutDir: null,
+    preferSolanaCli: false,
+    botAdapter: null,
+    botIntent: null,
+    botPolicy: null,
+    botReceipt: false,
+    botBundle: null,
   };
   const raw = argv.slice(2);
   let i = 0;
   // Commands that accept subcommands
-  const MULTI_COMMANDS = new Set(["config", "profile", "secret", "rpc", "tx", "receipts", "completion", "policy", "fixtures", "lint", "plan", "bot", "perps", "report"]);
+  const MULTI_COMMANDS = new Set(["config", "profile", "secret", "rpc", "tx", "receipts", "completion", "policy", "fixtures", "lint", "plan", "bot", "perps", "report", "demo"]);
   while (i < raw.length) {
     const arg = raw[i];
@@ -9565,7 +12586,9 @@ function parseArgs(argv) {
       args.swapIn = raw[++i] || null;
       i++;
     } else if (arg === "--out") {
-      args.swapOut = raw[++i] || null;
+      const val = raw[++i] || null;
+      args.swapOut = val;
+      args.demoOutDir = val;
       i++;
     } else if (arg === "--amount-in") {
       args.amountIn = raw[++i] || null;
@@ -9673,6 +12696,24 @@ function parseArgs(argv) {
       args.anchorSequence = parseInt(raw[++i], 10);
       if (Number.isNaN(args.anchorSequence) || args.anchorSequence < 0) args.anchorSequence = null;
       i++;
+    } else if (arg === "--subcase") {
+      args.demoSubcase = raw[++i] || null;
+      i++;
+    } else if (arg === "--prefer-solana-cli") {
+      args.preferSolanaCli = true;
+      i++;
+    } else if (arg === "--adapter") {
+      args.botAdapter = raw[++i] || null;
+      i++;
+    } else if (arg === "--intent-type") {
+      args.botIntent = raw[++i] || null;
+      i++;
+    } else if (arg === "--policy") {
+      args.botPolicy = raw[++i] || null;
+      i++;
+    } else if (arg === "--bundle") {
+      args.botBundle = raw[++i] || null;
+      i++;
     } else if (!arg.startsWith("-") && !args.command) {
       args.command = arg;
       i++;
@@ -9814,8 +12855,11 @@ async function main() {
         case "status":
           await runTxStatus(args);
           break;
+        case "explain":
+          await runTxExplain(args);
+          break;
         default:
-          exitWithError(ERROR_CODES.USER_ERROR, `Unknown tx subcommand: ${args.subCommand || "(none)"}`, "Available: sign, send, status", args.format);
+          exitWithError(ERROR_CODES.USER_ERROR, `Unknown tx subcommand: ${args.subCommand || "(none)"}`, "Available: sign, send, status, explain", args.format);
       }
       break;
     case "receipts":
@@ -9887,11 +12931,43 @@ async function main() {
         case "send":
           await runBotSend(args);
           break;
+        case "execute":
+          await runBotExecute(args);
+          break;
+        case "analyze":
+          await runBotAnalyze(args);
+          break;
+        case "land":
+          await runBotLand(args);
+          break;
+        case "session":
+          await runBotSession(args);
+          break;
+        case "watch":
+          await runBotWatch(args);
+          break;
+        case "replay":
+          await runBotReplay(args);
+          break;
         default:
           exitWithError(
             ERROR_CODES.USER_ERROR,
             `Unknown bot subcommand: ${args.subCommand || "(none)"}`,
-            "Available: init, protect, send",
+            "Available: init, protect, send, execute, analyze, land, session, watch, replay",
+            args.format,
+          );
+      }
+      break;
+    case "demo":
+      switch (args.subCommand) {
+        case "tc1":
+          await runDemoTc1(args);
+          break;
+        default:
+          exitWithError(
+            ERROR_CODES.USER_ERROR,
+            `Unknown demo subcommand: ${args.subCommand || "(none)"}`,
+            "Available: tc1",
             args.format,
           );
       }