npm - @agenttrust-sdk/mcp - Versions diffs - 0.2.1 → 0.2.3 - Mend

@agenttrust-sdk/mcp 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/dist/embedded-docs/integration-guides/facilitator-adapters.mdx ADDED Viewed

@@ -0,0 +1,85 @@
+---
+title: Facilitator adapters
+description: Add a new x402 facilitator without rewriting AgentTrust routes or policy.
+---
+The adapter layer is the reason AgentTrust is not locked to Pay.sh. Pay.sh is live today; Dexter is the next worked path; atxp_ai and MCPay are marked roadmap through explicit stubs.
+## Mental model
+```txt
+HTTP request
+  -> routes/{verify,settle}
+  -> FacilitatorRegistry
+  -> active FacilitatorAdapter
+  -> VerifyContext
+  -> policy decision
+  -> settlement proof validation
+  -> feedback emission
+```
+Routes, policy logic, and registry reads stay unchanged. Protocol quirks live in one adapter file.
+## The five-method contract
+| Method | Why it exists |
+| --- | --- |
+| `parseRequest(req)` | translate the facilitator's request body and headers into `VerifyContext` |
+| `formatChallenge(decision, ctx)` | render Allow / Deny / RequireValidation in that facilitator's wire format |
+| `formatSettlement(ctx)` | return protocol-specific settlement metadata or an unsigned transaction skeleton |
+| `validatePaymentProof(proof, ctx)` | verify proof shape and cross-check it against the verify-time context |
+| `emitFeedback(ctx, settlement)` | emit the AgentTrust feedback record after settlement |
+If an adapter needs a sixth method, that is a contract change, not a one-off escape hatch.
+## Status map
+| Facilitator | Repo status | Meaning |
+| --- | --- | --- |
+| Pay.sh | concrete adapter | ready path for the demo and production dependency factory |
+| Dexter | stub / in flight | worked example for proving adapter portability |
+| atxp_ai | stub | roadmap, not silently unsupported |
+| MCPay | stub | roadmap, not silently unsupported |
+## Add a facilitator
+1. Read the facilitator's wire format. Identify challenge headers, proof headers, body shape, recipient encoding, payment ID hints, and Allow / Deny responses.
+2. Define strict Zod schemas for the request body and proof payload.
+3. Implement one `FacilitatorAdapter` class.
+4. Re-export it from `trustgate/server/src/facilitators/index.ts`.
+5. Register it with `FacilitatorRegistry`.
+6. Add unit tests that mirror Pay.sh coverage.
+7. Add a demo under `examples/<name>-demo` if the integration needs a runnable walkthrough.
+## Registry wiring
+```ts
+import {
+  FacilitatorRegistry,
+  PaySh,
+} from "@agenttrust/trustgate-server";
+const registry = new FacilitatorRegistry();
+registry.register(new PaySh(payShDeps));
+registry.setDefault("pay-sh");
+```
+Request-time selection can come from `X-Facilitator`, environment defaults, or a programmatic default. The active adapter is the only code that knows about the chosen facilitator.
+## Security checklist
+Every adapter must preserve the same proof-of-payment checks:
+- replay defense
+- self-pay defense
+- amount, mint, and recipient cross-checks
+- network match
+- expiry window
+- idempotent feedback emission
+- stable reason codes on Deny
+Pay.sh's `proof-validator.ts` and `feedback.ts` are the reference pattern.
+## Target integration time
+The architecture target is under two hours for a facilitator that already has a clear x402 wire spec. If adding a facilitator forces route edits, policy edits, or registry read changes, the adapter boundary failed and should be fixed before the integration is considered done.

package/dist/embedded-docs/integration-guides/pay-sh-adapter.mdx ADDED Viewed

@@ -0,0 +1,110 @@
+---
+title: Pay.sh adapter
+description: The live Pay.sh + AgentTrust integration path.
+---
+Pay.sh is the first concrete AgentTrust facilitator adapter. It translates Pay.sh's x402 headers and `PaymentRequirements` body into the `VerifyContext` that the on-chain policy path understands.
+Pay.sh launch reference: [Solana Foundation launch note](https://solana.com/news/solana-foundation-launches-pay-sh-in-collaboration-with-google-cloud).
+## What the adapter does
+| Stage | Pay.sh / x402 surface | AgentTrust action |
+| --- | --- | --- |
+| Initial request | no payment proof | emit `402 Payment Required` with a base64 x402 v2 envelope |
+| Challenge | `paymentRequirements.extra.agentTrust` | include payer agent, payee agent, payee recipient, policy ID, `issuedAt`, and `serviceSignature` |
+| Retry | `PAYMENT-SIGNATURE` or `X-PAYMENT` | parse proof and rebuild `VerifyContext` |
+| Policy | `VerifyContext` | run the gate decision |
+| Allow | signed payment proof | validate transfer fields, emit feedback, forward resource |
+| Deny | gate decision | return `402` with reason code and reason name |
+## Files to read
+| File | Purpose |
+| --- | --- |
+| `trustgate/server/src/facilitators/pay-sh/index.ts` | the five-method `PaySh` class |
+| `trustgate/server/src/facilitators/pay-sh/schemas.ts` | strict Zod wire schemas |
+| `trustgate/server/src/facilitators/pay-sh/sig.ts` | SERVICE challenge signature helpers |
+| `trustgate/server/src/facilitators/pay-sh/proof-validator.ts` | replay, self-pay, amount, mint, recipient checks |
+| `trustgate/server/src/facilitators/pay-sh/feedback.ts` | idempotent feedback emission |
+| `examples/pay-sh-demo/src/middleware.ts` | Express route bridge from Pay.sh retry to AgentTrust |
+## SERVICE-signed challenge
+The SERVICE emits a signed challenge when it returns the Pay.sh `402` response. The signature binds:
+- `issuedAt`
+- network
+- amount
+- asset
+- `payTo`
+- payer agent
+- payee agent
+- payee recipient
+- policy ID
+- payment ID hash
+`PaySh.parseRequest()` verifies that signature against the facilitator public key before it accepts the request. This closes the race window where a forged `paymentRequirements` envelope could be raced against the legitimate one.
+## Run the demo
+```bash
+pnpm --filter ./examples/pay-sh-demo dev
+```
+```bash
+pay --sandbox curl https://demo.agenttrust.tech/protected
+```
+The demo uses three deterministic counterparties:
+| Counterparty tier | Expected result |
+| --- | --- |
+| 0 | `402 Deny` with `CounterpartyTierBelowMin` |
+| 1 | `402 Deny` with `CounterpartyTierBelowMin` |
+| 3 | `200 Allow` with `X-Payment-Receipt` |
+Get the exact payer agent keys:
+```bash
+curl -s https://demo.agenttrust.tech/health | jq '.counterparties'
+```
+## Production wiring
+The demo proves the pipeline without requiring devnet RPC in CI. The server package carries the real devnet Anchor route: `trustgate/server/src/chain.ts` loads deployed program IDLs, `/verify` simulates `gate_payment`, and `/settle` delegates proof validation plus feedback emission through the active adapter.
+Production swaps three dependency seams:
+```ts
+const adapter = new PaySh({
+  signingNetwork: "solana-devnet",
+  feePayer: facilitator.publicKey,
+  validateOnChainTx,
+  emitFeedbackCpi,
+  priorEmissionLookup,
+  replayCache,
+  signDecision,
+});
+```
+| Dependency | Production implementation |
+| --- | --- |
+| `validateOnChainTx` | parse the confirmed SPL transfer transaction from RPC |
+| `emitFeedbackCpi` | build and send `trustgate::emit_feedback` through Anchor |
+| `priorEmissionLookup` | read the `FeedbackEmissionLog` PDA by payment hash |
+| `signDecision` | sign canonical decision bytes with the facilitator key |
+## Failure cases to keep
+Do not remove these checks when adapting Pay.sh into a production server:
+- reject unknown schema fields at the root
+- reject zero or u64-overflow amounts
+- reject network mismatch
+- reject `payTo` / `payeeRecipient` mismatch
+- reject expired challenges
+- reject replayed proof bindings
+- reject transfer authority equal to facilitator fee payer
+These checks are part of the adapter, not the route layer.

package/dist/embedded-docs/integration-guides/x402-facilitator.mdx ADDED Viewed

@@ -0,0 +1,79 @@
+---
+title: x402 facilitator
+description: Add AgentTrust decisions to an x402 facilitator without coupling to one vendor.
+---
+This guide is for a facilitator that already accepts x402 payment requests and wants AgentTrust decisions before settlement. If you are using Pay.sh, start with the [Pay.sh adapter guide](/integration-guides/pay-sh-adapter). If you are adding a new facilitator, start with the [adapter pattern](/integration-guides/facilitator-adapters).
+## Integration points
+| Step | Facilitator action | AgentTrust call |
+| --- | --- | --- |
+| 1 | receive x402 request or retry proof | `FacilitatorAdapter.parseRequest` |
+| 2 | translate into payer, payee, mint, amount, and policy ID | `VerifyContext` |
+| 3 | check policy | `gate_payment` or `gatePayment()` |
+| 4 | return x402 denial or validation need | `adapter.formatChallenge` |
+| 5 | settle payment | one signed transaction path |
+| 6 | emit feedback | `adapter.emitFeedback` |
+## Minimal Express mount
+```ts
+import express from "express";
+import { mountTrustGate } from "@agenttrust-sdk/trustgate/express";
+const app = express();
+app.use(express.json());
+await mountTrustGate(app, {
+  rpcUrl: process.env.SOLANA_RPC_URL!,
+  facilitatorKeypair,
+  defaultPolicyId: 1,
+  network: "solana-devnet",
+  atomicityEnforced: true,
+});
+```
+## Verify request shape
+```http
+POST /verify
+Content-Type: application/json
+{
+  "payerAgentAsset": "payer-agent-asset-pubkey",
+  "payeeAgentAsset": "payee-agent-asset-pubkey",
+  "amount": "1000000",
+  "mint": "mint-pubkey",
+  "policyId": 1
+}
+```
+For Pay.sh, the adapter reads this context from `paymentRequirements.extra.agentTrust`, verifies `serviceSignature`, derives `paymentIdHash` from `extra.memo`, and rejects mismatched `payTo` / `payeeRecipient` values.
+## Denial response
+```http
+HTTP/1.1 402 Payment Required
+X-Payment-Network: solana-devnet
+X-Agent-Trust-Decision: Deny
+X-Payment-Required: denied
+X-Payment-Reason-Code: 6
+X-Payment-Reason-Name: CounterpartyTierBelowMin
+```
+## Validation response
+```http
+HTTP/1.1 402 Payment Required
+X-Payment-Network: solana-devnet
+X-Agent-Trust-Decision: RequireValidation
+X-Payment-Required: validation
+X-Capability-Required: <32-byte-capability-hash>
+```
+## Settlement rule
+The facilitator must keep the policy gate, token transfer, and feedback emission in one signed Solana path once the settlement builder is wired. The SDK makes that requirement explicit with `atomicityEnforced: true`.
+Source: `trustgate/server/src/facilitators`, `trustgate/server/src/x402.ts`, `trustgate/sdk/src/express.ts`.

package/dist/embedded-docs/programs/policy-vault/counterparty-tier-policy.mdx ADDED Viewed

@@ -0,0 +1,15 @@
+---
+title: Counterparty tier policy
+description: Quantu AtomStats trust-tier and risk checks used by the PolicyVault composer.
+---
+`In progress`
+The CounterpartyTier policy reads Quantu AtomStats fields through a manual byte parser, then checks trust tier, risk score, and confidence before payment release.
+| Source | Path |
+| --- | --- |
+| evaluator | [`programs/policy-vault/src/policies/counterparty_tier.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/policies/counterparty_tier.rs) |
+| AtomStats parser | [`programs/policy-vault/src/ext/atom_engine.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/ext/atom_engine.rs) |
+| proof | [`programs/policy-vault/src/proofs/inv_counterparty_tier_monotone.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/proofs/inv_counterparty_tier_monotone.rs) |

package/dist/embedded-docs/programs/policy-vault/index.mdx ADDED Viewed

@@ -0,0 +1,68 @@
+---
+title: PolicyVault
+description: The policy composer that returns Allow, Deny, or RequireValidation.
+---
+PolicyVault is the decision engine for AgentTrust. It reads payer, payee, policy, velocity, kill-switch, and optional attestation data, then returns a `GateDecision`.
+## Composer order
+The order is fixed and fail-fast:
+| Order | Policy | Why it runs there |
+| --- | --- | --- |
+| 1 | `KillSwitch` | cheapest global stop |
+| 2 | `Spending` | pure amount and calendar bounds |
+| 3 | `Velocity` | sliding-window spend bound keyed by payer tier |
+| 4 | `CounterpartyTier` | reads payee AtomStats trust data |
+| 5 | `RequireValidation` | reads the attestation PDA last |
+```rust
+pub fn compose_decision(input: ComposerInput) -> ComposerResult {
+    // KillSwitch -> Spending -> Velocity -> CounterpartyTier -> RequireValidation
+    // On Allow, deltas are returned for the Anchor wrapper to apply.
+    // On Deny or RequireValidation, deltas are None.
+}
+```
+## Decision shape
+```rust
+pub enum GateDecision {
+    Allow,
+    Deny(DenyReason),
+    RequireValidation([u8; 32]),
+}
+```
+`DenyReason::code()` is stable for clients even though the Borsh enum order is internal to Anchor.
+## Policy kinds
+| Policy | Inputs | State mutation on Allow |
+| --- | --- | --- |
+| Spending | `amount`, UTC day, ISO week | daily and weekly counters |
+| Velocity | `amount`, slot window, payer tier | `VelocityLedger.cumulative_amount` |
+| CounterpartyTier | payee tier, risk, confidence | none |
+| RequireValidation | subject, capability hash, attestor, expiry | none |
+| KillSwitch | per-agent paused flag | none |
+## Safety rule
+The Anchor handler snapshots all accounts before composing, then applies returned deltas only when the decision is `Allow`.
+```rust
+match result.decision {
+    GateDecision::Allow => {
+        spending::apply_deltas(&mut ctx.accounts.policy_account, d);
+        velocity::apply_deltas(&mut ctx.accounts.velocity_ledger, d);
+    }
+    GateDecision::Deny(_) | GateDecision::RequireValidation(_) => {}
+}
+```
+## Formal checks
+<KaniProofBadge />
+Source: `programs/policy-vault/src/policies/composer.rs`.

package/dist/embedded-docs/programs/policy-vault/kill-switch-policy.mdx ADDED Viewed

@@ -0,0 +1,15 @@
+---
+title: KillSwitch policy
+description: Multisig-gated pause control for PolicyVault decisions.
+---
+`In progress`
+KillSwitch is the first policy in the composer. When it is paused, the composer cannot return `Allow`.
+| Source | Path |
+| --- | --- |
+| evaluator | [`programs/policy-vault/src/policies/killswitch.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/policies/killswitch.rs) |
+| pause instruction | [`programs/policy-vault/src/instructions/set_killswitch.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/instructions/set_killswitch.rs) |
+| proof | [`programs/policy-vault/src/proofs/inv_paused_implies_no_allow.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/proofs/inv_paused_implies_no_allow.rs) |

package/dist/embedded-docs/programs/policy-vault/require-validation-policy.mdx ADDED Viewed

@@ -0,0 +1,15 @@
+---
+title: RequireValidation policy
+description: Capability-attestation checks for payments that need validation evidence.
+---
+`In progress`
+RequireValidation returns `RequireValidation` when the required capability is missing, and returns `Deny` when the supplied attestation is expired, revoked, or not issued by an accepted attestor.
+| Source | Path |
+| --- | --- |
+| evaluator | [`programs/policy-vault/src/policies/require_validation.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/policies/require_validation.rs) |
+| attestation parser | [`programs/policy-vault/src/ext/validation_registry.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/ext/validation_registry.rs) |
+| proof | [`programs/policy-vault/src/proofs/inv_validation_expiry_correct.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/proofs/inv_validation_expiry_correct.rs) |

package/dist/embedded-docs/programs/policy-vault/spending-policy.mdx ADDED Viewed

@@ -0,0 +1,15 @@
+---
+title: Spending policy
+description: Per-transaction, daily, and weekly limits enforced before payment settlement.
+---
+`In progress`
+The Spending policy gates a payment against configured per-transaction, daily, and weekly limits. Allow-path deltas are applied only after the full PolicyVault composer returns `Allow`.
+| Source | Path |
+| --- | --- |
+| evaluator | [`programs/policy-vault/src/policies/spending.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/policies/spending.rs) |
+| composer | [`programs/policy-vault/src/policies/composer.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/policies/composer.rs) |
+| policy init | [`programs/policy-vault/src/instructions/init_policy.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/instructions/init_policy.rs) |

package/dist/embedded-docs/programs/policy-vault/velocity-policy.mdx ADDED Viewed

@@ -0,0 +1,15 @@
+---
+title: Velocity policy
+description: Sliding-window payment counters with tier-adjusted limits.
+---
+`In progress`
+The Velocity policy applies a rolling counter before a payment can proceed. The composer carries velocity deltas only on the all-policies-allowed branch.
+| Source | Path |
+| --- | --- |
+| evaluator | [`programs/policy-vault/src/policies/velocity.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/policies/velocity.rs) |
+| account state | [`programs/policy-vault/src/state/velocity_ledger.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/state/velocity_ledger.rs) |
+| proof | [`programs/policy-vault/src/proofs/inv_velocity_counter_le_limit.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/proofs/inv_velocity_counter_le_limit.rs) |

package/dist/embedded-docs/programs/trustgate.mdx ADDED Viewed

@@ -0,0 +1,53 @@
+---
+title: TrustGate
+description: The x402 facilitator program that emits ERC-8004 feedback through Quantu.
+---
+TrustGate is the on-chain feedback bridge for x402 facilitators. It owns a per-facilitator PDA, signs feedback CPI calls into Quantu, and records idempotency by payment hash.
+Pay.sh uses this path through the `PaySh` adapter. Other facilitators should reach the same on-chain instruction through their own adapter rather than adding facilitator-specific branches to routes.
+## Instructions
+| Instruction | Purpose |
+| --- | --- |
+| `init_authority(facilitator)` | creates the facilitator PDA |
+| `emit_feedback(...)` | CPI into Quantu `agent_registry_8004::give_feedback` |
+| `dispute_payment(...)` | emits negative-score feedback for disputed payments |
+## PDA signer
+TrustGate signs CPI with:
+```txt
+["trustgate_auth", facilitator_pubkey, bump]
+```
+That PDA is the feedback authority, not the payee agent. This prevents self-feedback while allowing a facilitator to write receipt-grade feedback after settlement.
+## Feedback idempotency
+`FeedbackEmissionLog` is initialized at:
+```txt
+["feedback_log", payment_id_hash]
+```
+Reusing the same payment hash fails account initialization, so retries cannot double-emit feedback.
+## x402 mapping
+The SDK and server map PolicyVault outcomes into response headers:
+| Decision | HTTP | Headers |
+| --- | --- | --- |
+| `Allow` | `200` | `X-Agent-Trust-Decision: Allow` |
+| `Deny` | `402` | reason code and reason name |
+| `RequireValidation` | `402` | required capability hash |
+## Source
+- Program: `programs/trustgate/src/lib.rs`
+- CPI wrapper: `programs/trustgate/src/ext/agent_registry.rs`
+- Server route layer: `trustgate/server/src/routes/verify.ts`
+- Pay.sh adapter: `trustgate/server/src/facilitators/pay-sh/index.ts`

package/dist/embedded-docs/programs/validation-registry.mdx ADDED Viewed

@@ -0,0 +1,49 @@
+---
+title: ValidationRegistry
+description: Capability namespaces, attestors, requests, responses, and revocations.
+---
+ValidationRegistry is the attestation leg of AgentTrust. PolicyVault reads `ValidationAttestation` accounts when `RequireValidation` is enabled.
+## Accounts
+| PDA | Role |
+| --- | --- |
+| `CapabilityNamespace` | names a validation capability and schema URI |
+| `AttestorProfile` | records an attestor identity URI |
+| `ValidationRequest` | opens a request for an agent and capability |
+| `ValidationAttestation` | stores a response, expiry, and revoked flag |
+## Instructions
+| Instruction | Notes |
+| --- | --- |
+| `register_namespace` | permissionless, caller computes `SHA256(name_utf8)` |
+| `register_attestor` | self-registration with display URI |
+| `request_validation` | subject owner or third party opens a request |
+| `respond_to_validation` | attestor writes the attestation |
+| `revoke_validation` | original attestor sets `revoked = true` |
+The program source currently exposes five instructions. The docs reserve the sixth slot for the next attestor-management extension.
+## Attestation message
+The response path uses a domain-separated message:
+```txt
+AGENTTRUST_ATTEST || subject || capability || payload || expires
+```
+PolicyVault does not trust arbitrary attestations. `RequireValidation` checks the subject, capability hash, expiry, revoked flag, and allowed attestor list.
+## Byte fields consumed by PolicyVault
+| Field | Offset |
+| --- | --- |
+| subject asset | `8` |
+| capability hash | `40` |
+| attestor | `72` |
+| expires at slot | `208` |
+| revoked flag | `216` |
+Source: `programs/validation-registry/src/lib.rs`.

package/dist/embedded-docs/reference/byte-offset-reference.mdx ADDED Viewed

@@ -0,0 +1,20 @@
+---
+title: Byte-offset reference
+description: Fixed offsets used by AgentTrust cross-program readers.
+---
+`In progress`
+| Account | Field | Offset |
+| --- | --- | --- |
+| `AtomStats` | `risk_score` | `549` |
+| `AtomStats` | `trust_tier` | `551` |
+| `AtomStats` | `confidence` | `557..558` |
+| `ValidationAttestation` | `subject` | `8` |
+| `ValidationAttestation` | `capability` | `40` |
+| `ValidationAttestation` | `attestor` | `72` |
+| `ValidationAttestation` | `expires` | `208` |
+| `ValidationAttestation` | `revoked` | `216` |
+Sources: [`programs/policy-vault/src/ext/atom_engine.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/ext/atom_engine.rs), [`programs/policy-vault/src/ext/validation_registry.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/ext/validation_registry.rs)

package/dist/embedded-docs/reference/changelog.mdx ADDED Viewed

@@ -0,0 +1,19 @@
+---
+title: Changelog
+description: Documentation-facing release notes for the Frontier build.
+---
+`In progress`
+| Date | Change |
+| --- | --- |
+| 2026-05-06 | Pay.sh adapter layer documented with SERVICE-signed challenges and proof validation. |
+| 2026-05-06 | `examples/pay-sh-demo` added as the Pay.sh + AgentTrust x402 walkthrough. |
+| 2026-05-06 | FacilitatorAdapter contract added for Pay.sh today and Dexter / atxp_ai / MCPay roadmap adapters. |
+| 2026-05-06 | Atomic settlement narrative updated: policy check, SPL transfer, and feedback stay tied to one settlement path. |
+| 2026-05-02 | PolicyVault composer and all five policies completed. |
+| 2026-05-02 | Five Kani invariants proved green in CI. |
+| 2026-05-02 | TrustGate Anchor program and Express x402 service shipped. |
+| 2026-05-02 | `@agenttrust-sdk/trustgate@0.1.0` published. |
+Source: [`execution.md`](https://github.com/agenttrust-labs/agenttrust/blob/main/execution.md)

package/dist/embedded-docs/reference/devnet-program-ids.mdx ADDED Viewed

@@ -0,0 +1,24 @@
+---
+title: Devnet program IDs
+description: Current AgentTrust devnet deployment addresses.
+---
+These are the pinned devnet program IDs for the Frontier build.
+<ProgramIdsTable />
+## TypeScript constants
+```ts
+import { DEFAULT_DEVNET_PROGRAM_IDS } from "@agenttrust-sdk/trustgate";
+```
+The SDK currently exposes PolicyVault and TrustGate by default. ValidationRegistry is read by PolicyVault through its account parser and is listed here for deploy verification.
+## Anchor declarations
+| Program | Source |
+| --- | --- |
+| `policy_vault` | `programs/policy-vault/src/lib.rs` |
+| `trustgate` | `programs/trustgate/src/lib.rs` |
+| `validation_registry` | `programs/validation-registry/src/lib.rs` |

package/dist/embedded-docs/reference/discriminator-constants.mdx ADDED Viewed

@@ -0,0 +1,16 @@
+---
+title: Discriminator constants
+description: Pinned instruction and account constants used across AgentTrust.
+---
+`In progress`
+| Constant | Value |
+| --- | --- |
+| Quantu `give_feedback` discriminator | `[145, 136, 123, 3, 215, 165, 98, 41]` |
+| TrustGate authority seed | `trustgate_auth` |
+| Feedback log seed | `feedback_log` |
+| Capability namespace seed | `capability` |
+| Validation attestation parser size | `290` bytes |
+Sources: [`programs/trustgate/src/ext/agent_registry.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/trustgate/src/ext/agent_registry.rs), [`programs/validation-registry/src/state`](https://github.com/agenttrust-labs/agenttrust/tree/main/programs/validation-registry/src/state)

package/dist/embedded-docs/reference/formal-verification.mdx ADDED Viewed

@@ -0,0 +1,19 @@
+---
+title: Formal verification
+description: Kani proof harnesses that guard PolicyVault invariants.
+---
+`In progress`
+AgentTrust runs five Kani harnesses for the current PolicyVault safety surface.
+| Harness | Property |
+| --- | --- |
+| `paused_implies_no_allow` | paused KillSwitch cannot allow |
+| `velocity_counter_le_limit` | allow-path counter stays within limit |
+| `counterparty_tier_monotone` | looser tier requirement cannot fail after tighter pass |
+| `validation_expiry_correct` | expired attestation cannot allow |
+| `multisig_threshold_enforced` | threshold requires distinct signing members |
+Sources: [`programs/policy-vault/src/proofs`](https://github.com/agenttrust-labs/agenttrust/tree/main/programs/policy-vault/src/proofs), [`.github/workflows/kani-prove.yml`](https://github.com/agenttrust-labs/agenttrust/blob/main/.github/workflows/kani-prove.yml)

package/dist/embedded-docs/reference/mainnet-program-ids.mdx ADDED Viewed

@@ -0,0 +1,16 @@
+---
+title: Mainnet program IDs
+description: Quantu program IDs used by AgentTrust on Solana mainnet.
+---
+`In progress`
+AgentTrust currently targets its own programs on devnet and reads Quantu trust data from the Quantu registry and Atom engine IDs below.
+| Program | Mainnet ID |
+| --- | --- |
+| `agent-registry-8004` | `8oo4dC4JvBLwy5tGgiH3WwK4B9PWxL9Z4XjA2jzkQMbQ` |
+| `atom-engine` | `AToMw53aiPQ8j7iHVb4fGt6nzUNxUhcPc3tbPBZuzVVb` |
+Source: [`docs/plan/research/02-quantu-erc8004-archaeology.md`](https://github.com/agenttrust-labs/agenttrust/blob/main/docs/plan/research/02-quantu-erc8004-archaeology.md)

package/dist/embedded-docs/reference/quantu-agent-registry.mdx ADDED Viewed

@@ -0,0 +1,15 @@
+---
+title: Quantu Agent Registry
+description: Quantu ERC-8004 accounts and feedback CPI used by AgentTrust.
+---
+`In progress`
+TrustGate emits feedback through Quantu `agent-registry-8004::give_feedback`, while PolicyVault reads Quantu AtomStats for counterparty policy checks.
+| Surface | Source |
+| --- | --- |
+| feedback CPI | [`programs/trustgate/src/ext/agent_registry.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/trustgate/src/ext/agent_registry.rs) |
+| AtomStats parser | [`programs/policy-vault/src/ext/atom_engine.rs`](https://github.com/agenttrust-labs/agenttrust/blob/main/programs/policy-vault/src/ext/atom_engine.rs) |
+| research notes | [`docs/plan/research/02-quantu-erc8004-archaeology.md`](https://github.com/agenttrust-labs/agenttrust/blob/main/docs/plan/research/02-quantu-erc8004-archaeology.md) |