# & chain (0x26) — agent onboarding

> The `&` chain is an agent-native L1 where authority (mandates), identity
> tiers, and verifiable execution are protocol primitives, not per-application
> conventions. This document tells an autonomous agent everything it needs to
> install the tooling, write a mandate, mint a session key, and submit its
> first intent.

Testnet goes live May 2026. The tooling below builds and signs correctly
against the published wire format today; the RPC endpoint will accept traffic
once testnet is live.

## Quick facts

- Landing page: https://0x26.xyz
- Whitepaper: https://0x26.xyz/whitepaper.pdf
- CLI binaries: https://github.com/0xTwentySix/and-cli/releases/latest
- Rust SDK source (crates.io): `and-chain-sdk`
- Other SDKs:
  - TypeScript: `@0xtwentysix/and-chain-sdk`
  - Python: `and-chain-sdk`
  - .NET: `AndChain.Sdk`
- Testnet RPC URL: `https://testnet.0x26.xyz/api` (live May 2026; every
  CLI and SDK example below already points here so no changes needed
  once testnet opens)
- Signature scheme: ed25519
- Hash: SHA256 over Borsh serialization
- Numeric units: micro-USDC (1 USDC = 1_000_000 micro-USDC)

## Install the `and` CLI

Prebuilt binaries for each platform are attached to the latest release. Pick
the one matching your platform:

```sh
# macOS Apple Silicon
curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-macos-arm64.tar.gz | tar -xz
sudo mv and /usr/local/bin/

# macOS Intel
curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-macos-x64.tar.gz | tar -xz
sudo mv and /usr/local/bin/

# Linux x86_64
curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-linux-x64.tar.gz | tar -xz
sudo mv and /usr/local/bin/

# Linux arm64
curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-linux-arm64.tar.gz | tar -xz
sudo mv and /usr/local/bin/
```

Windows: download `and-windows-x64.zip` from the releases page, unzip, and
put `and.exe` somewhere on your `PATH`.

Verify the install:

```sh
and --version
and --help
```

## Hello world — from zero to a signed intent

The `&` chain splits authority into three objects:

1. **Account** — holds funds, owned by a principal key.
2. **Policy (mandate)** — what an agent operating under this account is
   allowed to do: markets, volume caps, drawdown caps, rate limits. The
   policy delegates signing power to a **session key**.
3. **Intent** — a single action (place order, cancel, etc.), signed by the
   session key, admitted only if it fits inside the policy.

Setup flow:

```sh
# 1. Keys. The owner authorises the account; the session key signs intents.
and keygen --out owner.key
and keygen --out session.key

# Optional: see the session pubkey you'll bind to the policy.
and public-key session.key
# → 0x3a4aa8c5...

# 2. Sanity-check the RPC. Default endpoint is testnet.0x26.xyz/api —
#    override with --rpc or the AND_RPC_URL env var if you're running
#    a local node.
and chain-info

# 3. Write the mandate (owner-signed CreatePolicy).
#    The `grantee-hex` is the session pubkey above.
and policy mint \
  --owner owner.key \
  --account-id 22 \
  --policy-id 42 \
  --grantee-hex "$(and public-key session.key)" \
  --max-volume-per-day-usdc 50000 \
  --max-drawdown-pct 1500 \
  --max-intents-per-second 5

# 4. Run. The session key submits a limit bid.
and order place \
  --session session.key \
  --account-id 22 --policy-id 42 \
  --market-id 7 --client-order-id 1 \
  --side bid --quantity-lots 5 --price-ticks 103 \
  --tif gtc

# Cancel it.
and order cancel \
  --session session.key \
  --account-id 22 --policy-id 42 \
  --market-id 7 --client-order-id 1

# Inspect runtime events.
and events list --limit 20
```

The session key physically cannot exceed the mandate. The protocol rejects
any intent that would breach volume, drawdown, or rate caps.

## Command reference

```sh
and keygen --out <file>            # generate a new ed25519 keypair
and public-key <file>              # print the pubkey hex for a secret-key file
and chain-info                     # chain id + head height + state root
and account get --account-id N     # account record
and policy get --policy-id N       # policy record (state, next nonce, etc.)
and policy mint ...                # owner-signed CreatePolicy
and order place ...                # session-signed PlaceOrder intent
and order cancel ...               # session-signed CancelOrder intent
and events list ...                # page through recent runtime events
```

Every command accepts `--rpc <url>` (or env var `AND_RPC_URL`).

## Using the SDKs directly

The CLI is a thin wrapper over the Rust SDK. If you're writing a bot,
prefer the SDK for your language:

### Rust

```toml
[dependencies]
and-chain-sdk = "0.1"
tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
```

```rust
use and_chain_sdk::{
    AndChainClient, IntentKind, IntentRequest, Keypair, OrderKind, OrderSide,
    OwnerAction, OwnerCallRequest, PolicyTermsBuilder, TimeInForce,
};

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    let client = AndChainClient::new("https://testnet.0x26.xyz/api");
    let owner = Keypair::generate();
    let session = Keypair::generate();

    let terms = PolicyTermsBuilder::new()
        .max_volume_per_day_usdc(50_000)
        .max_drawdown_pct(1_500)
        .build();

    let chain_id = client.chain_info().await?.chain_id;
    let nonce = client.get_account(22).await?.nonce;

    client.submit_typed_owner_call(&owner, OwnerCallRequest {
        account_id: 22,
        chain_id,
        nonce,
        action: OwnerAction::CreatePolicy {
            policy_id: 42,
            grantee: session.public_bytes(),
            expires_at: now_ms() + 86_400_000,
            terms,
        },
    }, now_ms()).await?;

    client.submit_typed_intent(&session, IntentRequest {
        chain_id, account_id: 22, policy_id: 42,
        nonce: client.next_intent_nonce(42).await?,
        expires_at: now_ms() + 60_000,
        predicate: None,
        kind: IntentKind::PlaceOrder {
            market_id: 7, client_order_id: 1,
            side: OrderSide::Bid, quantity_lots: 5,
            kind: OrderKind::Limit { price_ticks: 103 },
            time_in_force: TimeInForce::Gtc, post_only: false,
        },
    }, now_ms()).await?;
    Ok(())
}
```

### TypeScript / Python / .NET

The TS / Python / .NET packages are thin JSON-RPC transports. Intent and
owner-call JSON must be constructed and signed by the caller; the wire
format is the same as the Rust SDK produces. See the individual package
READMEs for transport-level examples:

- TS: https://www.npmjs.com/package/@0xtwentysix/and-chain-sdk
- Python: https://pypi.org/project/and-chain-sdk/
- .NET: (`AndChain.Sdk` on GitHub Packages)

If you want typed mandate / intent builders in one of these languages, use
the Rust CLI as a sidecar, or call the Rust SDK via FFI.

## Policy terms — what you can express

A mandate is a set of hard numeric caps. Exceeding any one rejects the intent
at admission.

| Field                        | Unit          | Typical value |
|------------------------------|---------------|---------------|
| `gas_budget_per_day`         | micro-USDC    | 10_000_000    |
| `gas_refill_per_day`         | micro-USDC    | 10_000_000    |
| `max_intents_per_second`     | count         | 5             |
| `max_intents_per_day`        | count         | 50_000        |
| `max_volume_per_day`         | micro-USDC    | 50_000_000_000 |
| `max_drawdown_pct`           | bps × 10      | 1_500 (= 15%) |

The CLI `policy mint` flags accept these in more human units
(`--max-volume-per-day-usdc`, etc.) and convert for you.

## Intent kinds

- `PlaceOrder` — limit or market order on a matched book.
- `CancelOrder` — cancel by `(market_id, client_order_id)`.
- `ReplaceOrder` — cancel + re-place atomically.
- `Transfer` — move token between accounts.
- `CreateSubPolicy` — delegate a narrower mandate to another session key.
- `RevokePolicy` — owner-signed, invalidates a policy.
- `Cancel` — legacy single-order-id cancel.

All intents carry: `chain_id`, `account_id`, `policy_id`, `nonce`,
`expires_at`, optional time-window `predicate`.

## Signing — for implementers going direct

1. Build the `Intent` struct (Borsh-derivable).
2. `intent_hash = SHA256(borsh::to_vec(&intent))`.
3. Build `SessionPayload { intent_hash, policy_id, chain_id }`.
4. `signing_bytes = borsh::to_vec(&session_payload)`.
5. `signature = ed25519_sign(session_secret, signing_bytes)`.
6. Submit `{ intent, signature_hex }` via `kombat_submitIntent`.

Owner calls use a similar scheme: `signing_bytes = borsh::to_vec(&(account_id, chain_id, &owner_call))`
signed with the owner secret.

The Rust SDK does all of this. If you're porting to another language,
reproduce the byte ordering exactly — the chain's admission verifier is
Borsh-strict.

## Status

- Testnet: **coming May 2026.**
- Mainnet: TBD.
- Tooling (CLI, SDKs): available now, wire-format-stable.
- The six primitives: five ship in v1, composition primitives in v1.1.

## Where to ask questions

- Issues on the CLI: https://github.com/0xTwentySix/and-cli/issues
- Issues on the Rust SDK: https://github.com/0xTwentySix/and-chain-rust/issues