sentinel simulate

Simulate and policy-check a Solana transaction before broadcast

2 min read

sentinel simulate

Simulates a base64-encoded Solana transaction against the configured RPC, scores its risk, and checks it against your spending policy. Exits 0 if approved, 1 if rejected.

Usage

bash

sentinel simulate --tx <base64> [options]

Options

Flag	Short	Description	Default
`--tx <base64>`	`-t`	Base64-encoded serialized transaction (required)	—
`--rpc <url>`	`-r`	Override Solana RPC endpoint	from config
`--format <format>`	`-f`	Output format: `json` or `pretty`	`json`

Examples

Basic simulation

bash

sentinel simulate --tx "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQABAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAgAA"

json

{
  "approved": true,
  "riskScore": 12,
  "riskLevel": "low",
  "riskFlags": [],
  "policyViolations": [],
  "balanceChanges": [
    { "mint": "So1111111111111111111111111111111111111112", "amount": -1000000000, "decimals": 9 }
  ],
  "programInvocations": ["11111111111111111111111111111111"],
  "latency_ms": 340
}

Rejected transaction

json

{
  "approved": false,
  "riskScore": 88,
  "riskLevel": "critical",
  "riskFlags": [
    { "factor": "LARGE_SOL_TRANSFER", "weight": 0.8, "score": 0.9, "description": "Transfer exceeds normal threshold" }
  ],
  "policyViolations": [
    { "rule": "MAX_PER_TX", "message": "Transaction exceeds maximum per-tx limit of 10 SOL", "details": { "limit": 10, "actual": 25 } }
  ],
  "balanceChanges": [
    { "mint": "So1111111111111111111111111111111111111112", "amount": -25000000000, "decimals": 9 }
  ],
  "programInvocations": ["11111111111111111111111111111111"],
  "latency_ms": 210
}

Override RPC endpoint

bash

sentinel simulate --tx "$TX" --rpc https://devnet.helius-rpc.com/?api-key=YOUR_KEY

Use in a CI check

bash

#!/bin/bash
TX=$(generate_transaction)

if sentinel simulate --tx "$TX" > /dev/null; then
  echo "Transaction approved, broadcasting"
  broadcast_transaction "$TX"
else
  echo "Transaction rejected by Sentinel"
  exit 1
fi

Extract specific fields with jq

bash

sentinel simulate --tx "$TX" | jq '{approved, riskScore, violations: .policyViolations | length}'

Exit Codes

Code	Meaning
`0`	Transaction approved
`1`	Transaction rejected (risk or policy)
`2`	Error (missing config, RPC error, invalid transaction, etc.)

Config Requirements

sentinel simulate requires a config with an executionSandbox section including rpcEndpoint and policy. Run sentinel config init first.

Devnet vs Mainnet

The simulation runs against the RPC endpoint in your config (or the --rpc override). Make sure you're pointing at the correct cluster — simulation results from devnet won't reflect mainnet state.