Trust & Identity
Trust scoring, threat detection, agent authorities, and ownership handover
Trust Tier Transitions
Trust envelope & enforcement
Trust state lives on a per-treasury TrustIdentityAccount PDA (see Accounts),
created once by init_trust_identity. It carries a TrustTier (Trusted → Watch → Restricted → Lockdown)
derived from a decaying threat_score. Denials, anomalies, and fail-open abuse accumulate score; clean
activity decays it. The tier multiplier is applied on top of the reputation multiplier in
effective_daily_limit_usd, shrinking the operating envelope proportionally. Lockdown is the only
non-auto-recoverable state — it freezes execution, cancels pending, and arms break-glass.
| Instruction | Description | |
|---|---|---|
init_trust_identity | Creates the TrustIdentityAccount PDA for a treasury (one-time) with default settings. | New |
configure_trust_policy | Owner sets the tier thresholds, per-tier multipliers, and decay rate. | New |
restore_trust | Owner or guardian quorum steps the tier down by one. The only path out of Lockdown. | New |
Agent identity & ownership handover
Replaces the single ai_authority with a bounded list of scoped agent authorities and adds a
timelocked path to hand treasury control to a new owner (the owner key is a PDA seed and cannot
change in place).
| Instruction | Description | |
|---|---|---|
register_agent | Owner registers a secondary agent with allowed chains, tx types, and an optional per-agent daily cap. | New |
revoke_agent | Owner disables an agent authority (non-urgent path). | New |
emergency_revoke_agent | Owner or guardian immediately disables an agent (no timelock). For active-compromise response. | New |
nominate_successor_owner | Owner or guardian quorum nominates a new owner; timelocked 48 h. | New |
execute_ownership_handover | After the timelock: transfers one dWallet's ownership to the successor's CPI authority. Call once per dWallet; set finalize = true on the last call to decommission the old treasury. | New |
Agent capability manifest & tripwires
Turns each agent's scope into a full, declarative capability manifest — allowed chains, tx types,
DeFi protocols (bitmap), privileged instructions (bitmap), per-agent daily and per-transaction USD
caps, an optional recipient/asset allow-list, and an optional active-time window. The manifest is
checked on every agent action by the gate in propose_transaction; anything not granted is denied
and the breach registers a behavior signal that escalates the trust tier (the tripwire → consequence
link). Changes are asymmetric: tightening applies immediately, loosening requires a pre-armed
timelock so a compromised owner key cannot instantly widen an agent's powers.
| Instruction | Description | |
|---|---|---|
set_agent_capability | Replace an agent's capability manifest. Tightening applies now; loosening needs an armed, elapsed timelock. | New |
arm_capability_loosen | Arm the loosen timelock for an agent so a subsequent widening becomes permitted once it elapses. | New |
set_agent_tripwires | Tune the per-treasury behavior-signal weights that feed the trust tier when the gate trips. | New |
Trust tiers
- Trusted (default): Full operating envelope
- Watch: Reduced limits (50%), increased logging
- Restricted: Minimal limits (10%), multisig required on all proposals
- Lockdown: Execution frozen, break-glass armed, manual recovery only