AgentTrust
Back to blog

AGENTTRUST

How does an agent bootstrap onto Solana in one transaction?

Mohit ·

Bootstrapping an on-chain identity for an AI agent usually takes three or four signed transactions. You register the identity, mint the asset, init the authority, init the policy, and then you babysit a script that knows how to recover when one of those steps already exists. AgentTrust collapses the whole flow. One prompt to Claude. One signed transaction. Seven on-chain instructions. Idempotent on retry.

7instructions

One signed devnet transaction

6PDAs

Created on-chain in the same tx

~0.03SOL

Rent plus fees on devnet

What the call looks like

The MCP tool that does the work is agenttrust_init_policy. From a fresh wallet, in plain English to Claude Code or Claude Desktop:

ts
Use agenttrust_init_policy to bootstrap a brand-new agent for me.
Omit agent_asset so the tool generates a fresh identity.
Set policy_id to 1, enable Spending only (bitmask 2), and cap
per-transaction spend at 1 USDC.

The tool generates an ephemeral asset Keypair, prepends every missing prerequisite, and lands the policy. The envelope it returns is structured. Every PDA, every Explorer URL, the effective spending caps after default-fill, the list of self-healed steps:

json
{
  "txSignature": "2fmKhYuM...2UV",
  "explorerTxUrl": "https://explorer.solana.com/tx/2fmKhYuM...2UV?cluster=devnet",
  "agentAsset": "2v7Bu6yhw7mkXtdjLXoVfBNz3CDs8n79aRD9gzumvF97",
  "agentAssetExplorer": "https://explorer.solana.com/address/2v7Bu6yhw7mkXtdjLXoVfBNz3CDs8n79aRD9gzumvF97?cluster=devnet",
  "policyPda": "...",
  "policyExplorer": "...",
  "velocityPda": "...",
  "effectiveSpending": {
    "perTxMax": "1000000",
    "dailyMax": "1000000",
    "weeklyMax": "1000000"
  },
  "selfHealed": true,
  "healedSteps": [
    "register_agent_via_cpi",
    "init_authority",
    "init_killswitch"
  ]
}

The wallet pays for the new MPL Core asset and signs the bootstrap tx. The asset secret is held in memory long enough to sign one Quantu CPI, then dropped. No later instruction in the AgentTrust or Quantu surface needs the asset to sign again.

The seven instructions

Open the explorerTxUrl and you see seven program logs in order. Each one is a real instruction in the same atomic transaction. The ordering is canonical. It will not change between releases.

  1. RegisterAgentViaCpi. TrustGate is the entry point. It orchestrates the Quantu onboarding so the caller never has to learn Quantu's instruction names or program IDs. The CPI dispatch happens inside the AgentTrust program boundary.
  2. RegisterWithOptions. Quantu's agent_registry_8004 creates the agent_account PDA and prepares for the asset mint. The ephemeral asset Keypair signs this CPI exactly once.
  3. CreateV2. MPL Core mints the asset under the asset pubkey TrustGate generated a moment ago. The mint and the registry record now point at the same pubkey, so any later reader can resolve the asset back to its identity.
  4. InitializeStats. Quantu's atom_engine creates the atom_stats PDA. This is the byte-551 trust-tier record the CounterpartyTier policy reads at gate time. Tier starts at zero. Feedback from settled payments accrues into it.
  5. InitAuthority. AgentTrust's PolicyAuthority PDA lands with a single member (your signer) and threshold one. This is the seed of the multi-sig surface that v1.1 will expand. For now the wallet that paid for the bootstrap is the sole authority.
  6. InitKillswitch. The AgentTrust KillSwitchState PDA lands. Without this prepend, the agent's first simulate_payment would hit Anchor error 3012 on the missing PDA. The 0.4.4 release added this step to the self-heal cascade. Before that, the bootstrap was six instructions and the seventh was a footgun.
  7. InitPolicy. The PolicyAccount plus the VelocityLedger for the (agent_asset, policy_id) pair. The actual point of the call. The spending caps you set in the prompt land here. The velocity ledger starts empty and will be appended to by every gate_payment Allow.

Six PDAs created, one MPL Core asset minted, one CPI fired through TrustGate into Quantu, all under one wallet signature. The total cost on devnet is roughly 0.03 SOL of rent and fees.

Why this matters: idempotency

Re-run the same call against the same wallet and the envelope comes back with healedSteps: []. Every init constraint on the Anchor side fails fast when the PDA already exists. The tool's pre-flight checks fetchNullable on each upstream account and skips the prepend when the account is already there. The wallet always converges to the same on-chain state regardless of where it started.

Cold-start your serverless function and replay the call. Nothing breaks. Nothing duplicates. Spin up a second agent host pointed at the same keypair, race the two against each other, and the slower one comes back with an empty healedSteps array. That's the property a bootstrap path needs. Operators in retry loops should not have to write dedup logic around an SDK entry point. Cap defaults follow the same principle. Set one spending cap and the unspecified peers default to the max of what you specified, not to zero. Zero is a hostile always-deny because v1 policies are immutable post-init. The runtime picks the value that keeps the explicit cap binding and leaves the others permissive.

The two MCP surfaces

What you do with it

The agent is now a real Quantu identity. It has a policy that bounds its spending. It has a velocity ledger that the next gate_payment call will write to. It has an atom_stats record that any counterparty can read to decide whether to accept payment from it.

That makes it eligible to pay and be paid through any x402 facilitator that consumes AgentTrust gates. Pay.sh, the Solana Foundation's first x402 facilitator launched May 5 2026 with Google Cloud, has a day-one AgentTrust adapter. The same init_policy envelope you just looked at unlocks the full /verify plus /settle round-trip through the facilitator. One signature got you from a funded wallet to a fully atom-functional agent identity. The next step is the SDK. Mount the Express middleware, point it at the policy you just created, and the facilitator does the rest. Read /sdk for the wiring.

The devnet program IDs are public. Verify the trace yourself. Beat B of the demo-video recording lands this exact transaction on devnet.

Devnet program IDs
TrustGateHF8zHfoyA7b5mhLViopTnRMprc6ZT5KActHTdkFrih2N
PolicyVault8Y6fGeNEHgmWmbt8JsRcF72jxbeBfJhomMjG6SuoJQTR
ValidationRegistryCx4RFa6ysw3qXYhugPkF8pFSWBkmKq59h2dWgF2tKhtv
Quantu agent_registry8oo4J9tBB3Hna1jRQ3rWvJjojqM5DYTDJo5cejUuJy3C
Quantu atom_engineAToMufS4QD6hEXvcvBDg9m1AHeCLpmZQsyfYa5h9MwAF

Install the MCP and try it.

bash
npx -y @agenttrust-sdk/mcp@latest

One prompt to Claude. One signature. Seven instructions. Read /architecture when you want to know how TrustGate routes the CPI under the hood.