Most Solana + agent tutorials teach actions: swap, mint, transfer.
Fewer teach ops: simulate first, least privilege, readable logs, and a green command that fails closed.
This is the beginner-to-operator bridge for people wiring agents to Solana without drama.
Kill the default approach
Default: give the agent a mainnet keypair, 40 tools, and hope the prompt says "be careful."
What breaks first: wrong program ID, surprise spends, unreadable logs, and a demo you cannot hand to a teammate.
By the end you will have
- Ops principles for agent + chain
- The Devnet Agent Ops Card magnet
- A tool allowlist pattern
- Failure modes
- A two-week practice path
Principles (non-negotiable)
- Devnet (or local) until the path is boring
- Simulate / dry-run before send when the stack allows it
- Least privilege - separate read tools from write tools
- Human gate on anything that moves value
- One green command for "are we safe to proceed?"
If a tutorial skips these, treat it as a toy.
Magnet: Devnet Agent Ops Card
Name: Devnet Agent Ops Card
Keep this as skills/solana-agent-ops.md (or your skill format):
# skill: solana-agent-ops
## When
Any agent task that reads or writes Solana state.
## Steps
1. Confirm cluster (devnet/local). Refuse mainnet unless human says so.
2. Prefer read-only tools first.
3. Build tx → simulate → show summary → wait for human approve on writes.
4. Log: cluster, program IDs, signature or sim error, next action.
5. Run repo check script after changes.
## Verify
- cluster is not mainnet-beta unless approved
- simulation ok before send
- no private keys in logs or chat
## Do not
- import mainnet keys into the agent
- auto-approve spends
- expand tool list mid-task without stating whyYou should see: one successful devnet read path and one simulated write path with a human approval step - logged in a journal note.
Tool allowlist pattern
Split tools into tiers:
| Tier | Examples | Agent autonomy |
|---|---|---|
| R0 Read | getBalance, getAccountInfo, logs | Auto OK |
| R1 Index | enhanced APIs, webhooks (read) | Auto OK with rate limits |
| W1 Build | compose unsigned tx | Auto OK |
| W2 Send | sign/send | Human approve |
| W3 Admin | upgrade authority, freeze | Human only, maybe never agent |
Agents get R0-R1 by default. W2 is a deliberate, separate grant.
Context pack (keep it small)
Agents do better with a short pack than a whitepaper dump:
- Cluster + RPC endpoint name (not the secret key)
- Program IDs you care about
- "Do not" list
- Link to your streaming choice if relevant - see streaming paths
Two-week practice path
Week 1: read-only agent: balances, signatures, logs. Journal each failure.
Week 2: simulate a write path on devnet. Still no mainnet keys.
Only then consider production design with a proper key architecture (hardware, policies, multisig - outside this beginner card).
Failure modes
| Anti-pattern | Cost |
|---|---|
Mainnet key in .env for the agent | Account drain risk |
| 60 tools loaded every prompt | Hallucinated tool choice |
| No simulation | Surprise reverts or worse |
| Silent send | No audit trail |
| Toy RPC for trading-grade needs | Incomplete data |
When not to agentize Solana yet
- You have never sent a manual devnet tx
- You cannot explain the program you call
- You need production trading reliability tomorrow
Learn the chain first. Then add the agent.
Path options
| Path | When |
|---|---|
| Streaming ladder | Solana streaming decision matrix |
| Beginner stack | Solana + AI agents beginner stack |
| OSS tools | OSS · solbench / solana-infra-mcp |
| Package | Solana Infra Ops |
Bottom line
Ops beats demos. Devnet until boring.
Your next action: add Devnet Agent Ops Card as a skill and run one read path + one simulated write with a human gate.