Developer Docs
Build secure AI agents with ProofGate's transaction validation infrastructure.// Prevent exploits before they happen
Integrations
Official SDKs for TypeScript, Python, Rust, and Go with full type support.
REST API
Direct HTTP API for validation, evidence retrieval, and agent checks.
Eliza Plugin
Drop-in plugin for ai16z Eliza framework. Auto-validates all transactions.
Security Features
Blacklist, MEV detection, bytecode scanning, slippage protection — always active.
GOAT Plugin
Transaction guardrails for GOAT SDK. Protect DeFi operations across 50+ plugins.
Quick Start
Get started with ProofGate validation in 3 steps.
// Get your API key from www.proofgate.xyz/dashboard/keys
// Free: 100/mo | Pro ($49): 10K/mo | Enterprise: Unlimited
// On-chain proofs: Buy credit packs OR Enterprise gets unlimited
const API_KEY = 'pg_live_xxx';// Submit transaction for validation
const response = await fetch('https://www.proofgate.xyz/api/validate', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + API_KEY
},
body: JSON.stringify({
from: '0xYourAgentWallet',
to: '0xContractAddress',
data: '0xa9059cbb...', // calldata
value: '0',
chainId: 8453, // Base
guardrailId: 'optional-guardrail-id'
})
});
const result = await response.json();
console.log('Validation:', result.validationId);// Check result and execute
if (result.safe) {
// ✅ Transaction passed all checks
console.log('Approved:', result.reason);
await wallet.sendTransaction({ to, data, value });
} else {
// 🚫 Transaction blocked by guardrail
console.error('Blocked:', result.reason);
console.error('Failed checks:', result.checks.filter(c => !c.passed));
}
// Response includes credits remaining
console.log('Credits left:', result.creditsRemaining);API Keys
All API requests require authentication. Create and manage your API keys in the Dashboard.
Free
100
validations/month
10 req/min
Pro - $49/mo
10,000
validations/month
60 req/min
Enterprise
Unlimited
validations + on-chain
600 req/min
ON-CHAIN CREDITS
Any tier can purchase on-chain proof credits separately. Use recordOnChain: true in your request to record the validation on Base Mainnet. View credit packs →
Key Format
pg_live_API Key
Full access to all 19 chains (mainnet + testnet). All validations cost 1 credit.
# Method 1: Authorization header (recommended)
curl -X POST https://www.proofgate.xyz/api/validate \
-H "Authorization: Bearer pg_live_xxx..." \
-H "Content-Type: application/json"
# Method 2: X-API-Key header
curl -X POST https://www.proofgate.xyz/api/validate \
-H "X-API-Key: pg_live_xxx..." \
-H "Content-Type: application/json"
# Method 3: Query parameter (for testing only)
curl "https://www.proofgate.xyz/api/validate?api_key=pg_live_xxx..."// 401 - Missing or invalid API key
{ "error": "API key required", "code": "AUTHENTICATION_REQUIRED" }
// 402 - No credits remaining
{ "error": "No credits remaining. Please upgrade your plan", "code": "PAYMENT_REQUIRED" }
// Successful responses include remaining credits
{ "validationId": "val_...", "result": "PASS", "creditsRemaining": 95, "tier": "free" }Supported Chains
ProofGate validates transactions across multiple EVM-compatible chains. All validation proofs are recorded on Base Mainnet.
Layer 1
Ethereum
BNB Chain
Avalanche
Sonic
Celo
GnosisLayer 2
Base
Arbitrum
Optimism
Polygon
zkSync Era
Linea
Scroll
Mantle
Polygon zkEVMTestnets
Base SepoliaSepoliaPolygon AmoyBSC TestnetMore testnets available on request
NOTE
All chains share the same validation API. Just specify the chainId in your request. All tiers get instant API validation. On-chain proof recording (Base Mainnet) is available for Business and Enterprise tiers — creating an immutable audit trail for compliance.
Security Features
ProofGate runs a 2-tier security system on every validation. Always Active checks run automatically on every request — no configuration needed. Configurable checks can be tuned per guardrail for fine-grained control.
Always Active
Runs on every validationThese protections are enforced on every single validation request, with or without a guardrail configured.
Malicious Address Blacklist
3,800+ known malicious addresses synced daily from ScamSniffer, OFAC SDN, and MEW darklist. Auto-blocks Tornado Cash mixers, Lazarus Group wallets, confirmed rug pulls, phishing drainers, and sanctioned entities.
Zero Slippage Protection
Blocks all swaps with amountOutMin=0 on major DEX routers (Uniswap V2/V3, SushiSwap, PancakeSwap, Aerodrome, etc.). Zero slippage = guaranteed sandwich attack.
Contract Bytecode Scanning
Fetches contract bytecode via RPC and scans for dangerous patterns: selfdestruct, delegatecall to unknown targets, suspicious proxy patterns, and unverified contracts. Critical findings = FAIL.
Infinite Approval Detection
Blocks unlimited token approvals (type(uint256).max). Prevents malicious contracts from draining your entire token balance through excessive allowances.
Configurable per Guardrail
Per-guardrail rulesFine-tune these settings in your guardrail configuration for additional protection.
// GuardrailRules — set per guardrail
max_slippage_bps: number
// Maximum slippage tolerance in basis points (1 bps = 0.01%)
// Example: 100 = 1% max slippage on DEX swaps
// Zero slippage is ALWAYS blocked regardless of this setting
block_mev_vulnerable: boolean
// Block MEV-vulnerable swaps (medium/high risk)
// Default: false (advisory mode — warns but doesn't block)
// Set to true to reject transactions vulnerable to
// sandwich attacks and frontrunning
allowed_contracts: string[]
// Whitelist specific contract addresses
// Agent can ONLY interact with these contracts
// Empty = all contracts allowed (not recommended)
blocked_contracts: string[]
// Blacklist specific contract addresses
// Transactions to these contracts are always rejected
// Checked in addition to the global malicious blacklistMEV DETECTION
MEV vulnerability detection runs on every swap transaction as an advisory by default. The check analyzes swap parameters to assess sandwich attack and frontrunning risk (low/medium/high). To upgrade from advisory to blocking, set block_mev_vulnerable: true in your guardrail rules.
Secure Architecture
For maximum security, keep your private keys away from your LLM. Use a signer microservice that validates transactions before signing.
The Problem
Most AI agents give the LLM direct access to the private key. If the LLM gets prompt-injected, attackers can drain the wallet.
❌ UNSAFE: LLM has private key +------------------+ | LLM / Agent | | (has priv key) | -----> Blockchain | Can sign ANY tx | +------------------+
The Solution
Separate the LLM from the signer. Add ProofGate as a validation layer between them.
✅ SECURE: LLM cannot access private key
+-----------+ +----------------+ +------------+
| LLM/Agent | ---> | Signer Service | ---> | Blockchain |
| (no key) | | (has key) | +------------+
+-----------+ +-------+--------+
|
v
+------------+
| ProofGate |
| validates |
+------------+Two Integration Options
1. Framework Plugin
Use our Eliza or GOAT plugins. The plugin calls ProofGate automatically before every transaction. Simplest setup if you're using a supported framework.
2. Signer Microservice
Deploy a separate service that holds the private key. LLM sends transaction intent, service validates via ProofGate, then signs and submits.
// LLM/Agent (no private key)
const result = await fetch('http://signer-service:3000/execute', {
method: 'POST',
body: JSON.stringify({
to: '0xUniswapRouter...',
data: '0x38ed1739...', // swap calldata
value: '0'
})
});
// Signer Service (has private key)
// 1. Receives transaction intent
// 2. Validates via ProofGate API
// 3. If PASS → signs and submits
// 4. If FAIL → returns error, never signs
// Even a prompt-injected LLM cannot sign
// arbitrary transactions — ProofGate blocks themValidation API
Submit transactions for pre-execution validation and retrieve results.
curl -X POST https://www.proofgate.xyz/api/validate \
-H "Authorization: Bearer pg_live_xxx..." \
-H "Content-Type: application/json" \
-d '{
"from": "0xAgentWallet",
"to": "0xContractAddress",
"data": "0xcalldata...",
"value": "0",
"chainId": 8453,
"guardrailId": "guardrail_xxx",
"guardrailIds": ["guardrail_1", "guardrail_2"]
}'{
"validationId": "val_xxx",
"result": "PASS",
"safe": true,
"reason": "All 5 checks passed",
"checks": [
{
"check": "chain_support",
"passed": true,
"message": "Chain 8453 (Base) is supported",
"severity": "info"
},
{
"check": "blocked_address",
"passed": true,
"message": "Address not in blacklist",
"severity": "info"
},
{
"check": "contract_risk",
"passed": true,
"message": "Contract scanned - no suspicious patterns",
"severity": "info"
},
{
"check": "mev_vulnerable",
"passed": true,
"message": "MEV risk advisory (low)",
"severity": "warning"
}
],
"creditsRemaining": 95
}Evidence Storage
Store and retrieve cryptographic evidence of validation results.
curl -X POST https://www.proofgate.xyz/evidence \
-H "X-API-Key: your_api_key" \
-H "Content-Type: application/json" \
-d '{
"requestId": "req_123",
"payload": {
"transaction": {...},
"validationResult": "PASS",
"timestamp": "2026-02-01T15:00:00.000Z"
}
}'
# Response:
# {
# "evidenceURI": "https://www.proofgate.xyz/evidence/abc123",
# "contentHash": "0x5678...",
# "id": "abc123"
# }curl https://www.proofgate.xyz/evidence/abc123
# Response:
# {
# "id": "abc123",
# "requestId": "req_123",
# "payload": {...},
# "contentHash": "0x5678...",
# "createdAt": "2026-02-01T15:00:00.000Z",
# "evidenceURI": "https://www.proofgate.xyz/evidence/abc123"
# }Integrations & SDKs
Official SDKs with full type support and async capabilities.
npm install @proofgate/sdkimport { ProofGate } from '@proofgate/sdk';
const pg = new ProofGate({ apiKey: 'pg_your_api_key' });
const result = await pg.validate({
chainId: 8453,
from: wallet.address,
to: contractAddress,
data: txData,
});
if (result.result === 'PASS') {
await wallet.sendTransaction({ to, data });
}pip install proofgatefrom proofgate import ProofGate
pg = ProofGate(api_key="pg_your_api_key")
result = pg.validate(
chain_id=8453,
from_address=wallet.address,
to_address=contract_address,
data=tx_data,
)
if result.result == "PASS":
wallet.send_transaction(to=to, data=data)cargo add proofgateuse proofgate::ProofGate;
let pg = ProofGate::new("pg_your_api_key")?;
let result = pg.validate(
8453,
&from_address,
&to_address,
&tx_data,
None,
).await?;
if result.result == "PASS" {
wallet.send_transaction(&to, &data).await?;
}go get github.com/ProofGate/proofgate-goimport proofgate "github.com/ProofGate/proofgate-go"
client, _ := proofgate.NewClient(proofgate.Config{
APIKey: "pg_your_api_key",
ChainID: 8453,
})
result, _ := client.Validate(ctx, proofgate.ValidationRequest{
From: wallet.Address(),
To: contractAddress,
Data: txData,
})
if result.Safe {
wallet.SendTransaction(to, data)
}Eliza Framework Plugin
Drop-in plugin for ai16z Eliza framework. Automatically validates all blockchain transactions before execution.
npm install @proofgate/eliza-plugin// character.json
{
"name": "MySecureAgent",
"plugins": ["@proofgate/eliza-plugin"],
"settings": {
"proofgate": {
"apiKey": "pg_your_api_key",
"guardrailId": "your_guardrail_id",
"autoValidate": true,
"blockOnFail": true
}
}
}// The plugin automatically intercepts wallet transactions:
// 1. Agent wants to execute a DeFi trade
agent.execute("Swap 100 USDC for ETH on Uniswap");
// 2. Plugin intercepts before signing:
// → Validates against your guardrail
// → Checks balance requirements
// → Verifies contract whitelist
// 3. If PASS: Transaction proceeds normally
// 4. If FAIL: Transaction blocked, agent notified
// All validations recorded on-chain for audit trailFeatures
- • Auto-validation - Every tx checked before signing
- • Configurable blocking - Block or warn on failed validations
- • On-chain proofs - All validations recorded on Base
- • Trust score tracking - Build verifiable agent reputation
GOAT SDK Plugin
Transaction guardrails for the GOAT SDK. Protect DeFi operations across 50+ plugins including Uniswap, Aave, 1inch, and more.
import { ProofGatePlugin } from '@proofgate/goat-plugin';
import { getOnChainTools } from '@goat-sdk/adapter-vercel-ai';
import { viem } from '@goat-sdk/wallet-viem';
// Initialize with your API key
const proofgate = new ProofGatePlugin({
apiKey: process.env.PROOFGATE_API_KEY,
autoBlock: true, // Block unsafe transactions
});
// Add to your GOAT tools
const tools = await getOnChainTools({
wallet: viem(walletClient),
plugins: [
proofgate,
// ... other plugins (uniswap, aave, etc.)
],
});
// All DeFi transactions now validated automatically// Before any transaction executes:
// 1. ProofGate intercepts the tx params
// 2. Validates against your guardrails:
// → Checks for infinite approvals
// → Verifies contract whitelist
// → Enforces value limits
// 3. If PASS: Transaction proceeds normally
// 4. If FAIL: Transaction blocked (if autoBlock: true)
// Available tools:
// - proofgate_validate_transaction (detailed validation)
// - proofgate_is_safe (quick boolean check)Features
- • 50+ DeFi plugins - Works with Uniswap, Aave, 1inch, Curve, etc.
- • Auto-blocking - Optionally block unsafe transactions
- • 19 chains supported - All major L1s and L2s
- • On-chain proofs - All validations recorded on Base
Smart Contracts
ProofGate's on-chain infrastructure for validation proofs. All contracts are verified and open source.
ValidationRegistry
Core validation logic, proof storage & batch publishing
NETWORK DETAILS
https://mainnet.base.orgVALIDATION FLOW
Key Functions
// Register a single validation proof
function registerValidation(
bytes32 requestHash,
address agent,
uint8 result, // 0=PASS, 1=FAIL
string calldata evidenceURI
) external;
// Batch register multiple proofs (gas efficient)
function batchRegister(
bytes32[] calldata hashes,
address[] calldata agents,
uint8[] calldata results,
string[] calldata evidenceURIs
) external;
// Query validation by hash
function getValidation(bytes32 hash)
external view returns (Validation memory);Evidence Service
REST API for storing and retrieving detailed validation evidence. Evidence is stored off-chain with hashes anchored on-chain.
curl -X POST https://www.proofgate.xyz/evidence \
-H "Content-Type: application/json" \
-d '{
"requestHash": "0x1234...",
"checks": [
{"name": "balance_check", "passed": true, "details": "..."},
{"name": "whitelist_check", "passed": true, "details": "..."}
],
"verdict": "PASS",
"timestamp": "2026-02-03T12:00:00Z"
}'
# Response:
{
"id": "ev_abc123",
"uri": "https://www.proofgate.xyz/evidence/ev_abc123"
}curl https://www.proofgate.xyz/evidence/ev_abc123
# Response:
{
"id": "ev_abc123",
"requestHash": "0x1234...",
"checks": [...],
"verdict": "PASS",
"timestamp": "2026-02-03T12:00:00Z",
"onChainTx": "0xabcd..." // Base transaction hash
}Validator Agent
Background service that processes validation requests, runs guardrail checks, and records results on-chain.
Validation Flow
Agent polls for pending validation requests from the queue
Fetches the guardrail configuration for the request
Executes validation checks: blacklist, bytecode scan, MEV detection, slippage, approvals, limits
Saves detailed check results to Evidence Service
Publishes validation proof to Base via batch publisher
// Available validation checks:
chain_support // Verify chain is supported (19 chains)
blocked_address // Check against 3,800+ malicious address blacklist
contract_risk // Bytecode scanning for suspicious patterns
mev_vulnerable // MEV/sandwich attack vulnerability detection
excessive_slippage // Zero slippage and configurable max protection
infinite_approval // Block unlimited token approvals
balance_check // Verify sufficient balance for tx
allowed_contracts // Verify contract is whitelisted
max_value // Check against daily/tx limits
max_approval // Check approval amount limitsSystem status: ONLINE