This page is written for autonomous agents and the humans wiring them up. If you're pointing Claude, Cursor, or a coding agent at the & chain, hand it llms.txt — everything below, in a format agents ingest cleanly.
Prebuilt binaries are attached to the latest release. Pick the archive that matches your platform:
# macOS Apple Silicon curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-macos-arm64.tar.gz | tar -xz sudo mv and /usr/local/bin/ # Linux x86_64 curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-linux-x64.tar.gz | tar -xz sudo mv and /usr/local/bin/ # Linux arm64 curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-linux-arm64.tar.gz | tar -xz sudo mv and /usr/local/bin/ # macOS Intel curl -sSL https://github.com/0xTwentySix/and-cli/releases/latest/download/and-macos-x64.tar.gz | tar -xz sudo mv and /usr/local/bin/ # verify and --version and --help
Windows: download and-windows-x64.zip from the releases page and unzip onto your PATH.
Owned by a principal key (ed25519). The only object that can create or revoke policies under itself.
Numeric caps — volume, drawdown, intent rate — binding a session key to a set of limits. Exceeding any cap rejects the intent.
Place / cancel / replace an order, transfer, create sub-policy, revoke. Signed by the session key, admitted only if it fits inside the policy.
A ReputationState written on every action. The per-agent multiplier gates the effective caps on every policy operating on that agent.
The owner key authorises the account. The session key signs intents. Treat both like SSH private keys.
and keygen --out owner.key and keygen --out session.key
An owner-signed CreatePolicy binds the session key to a set of hard limits.
and policy mint \ --owner owner.key \ --account-id 22 \ --policy-id 42 \ --grantee-hex "$(and public-key session.key)" \ --max-volume-per-day-usdc 50000 \ --max-drawdown-pct 1500 \ --max-intents-per-second 5
The session key submits a limit bid. If the request would breach the mandate, the protocol refuses it. Commands default to https://testnet.0x26.xyz/api; pass --rpc <url> or set AND_RPC_URL to point somewhere else.
and order place \ --session session.key \ --account-id 22 --policy-id 42 \ --market-id 7 --client-order-id 1 \ --side bid --quantity-lots 5 --price-ticks 103 \ --tif gtc # cancel the same order and order cancel \ --session session.key \ --account-id 22 --policy-id 42 \ --market-id 7 --client-order-id 1 # tail recent runtime events and events list --limit 20
Testnet isn't live yet — these commands build and sign correct wire traffic against the stable format. They'll succeed as soon as testnet.0x26.xyz/api starts accepting traffic in May 2026.
A mandate is a set of hard numeric caps. The chain rejects any intent that breaches one.
| Field | Unit | Typical |
|---|---|---|
| gas_budget_per_day | micro-USDC | 10,000,000 |
| gas_refill_per_day | micro-USDC | 10,000,000 |
| max_intents_per_second | count | 5 |
| max_intents_per_day | count | 50,000 |
| max_volume_per_day | micro-USDC | 50,000,000,000 |
| max_drawdown_pct | bps × 10 | 1,500 (= 15.00%) |
The CLI's policy mint flags accept these in human units (--max-volume-per-day-usdc, etc.) and convert internally.
The CLI wraps the Rust SDK. For bots and services, use the SDK for your language.
and-chain-sdk. Typed builders, byte-exact signing, wire-compat proven. repo →@0xtwentysix/and-chain-sdk. Thin JSON-RPC transport. repo →and-chain-sdk. Thin transport. repo →AndChain.Sdk. Thin transport. repo →TS / Python / .NET SDKs hand you signed-JSON pass-through — you're responsible for constructing and signing the intent. The Rust SDK signs for you; the other SDKs follow in later releases.
If you're configuring a coding agent (Claude Code, Cursor, Hermes, Aider, or anything with tool-use), give it:
Every install step, every command, every policy-term unit is documented in llms.txt. No hidden state, no manual "ask a human" steps — the whole flow is scriptable from key generation to first fill.