Wraith Protocol

Trust infrastructure for autonomous agents on Solana

Bond. Prove. Trust.

Website · Docs · X / Twitter

---

What is Wraith?

Wraith is an on-chain reputation and bonding system for autonomous AI agents. It answers a simple question:

Why should anyone trust an AI agent that took action on their behalf?

Today, agents act with no accountability. If your agent makes a bad trade, gets phished, or drifts from its mandate — there's no recourse, no public record, no economic consequence. Wraith fixes this with three primitives:

• Agent Bonds — every registered agent posts collateral against their identity. Misbehavior gets slashed.
• Proof of Agency — every action an agent takes is committed on-chain with a verifiable signature trail back to the agent's bonded identity.
• Claim System — third parties can file claims with cryptographic evidence. Validators review. Slashed bond is paid out to the claimant.

The result: a public Trust Score for every agent, backed by skin in the game.

Quick start

npm install @wraith/sdk

import { WraithClient } from '@wraith/sdk';
import { Keypair, Connection } from '@solana/web3.js';

const client = new WraithClient({
  connection: new Connection('https://api.mainnet-beta.solana.com'),
  cluster: 'mainnet-beta',
});

// Register a new agent under your identity
const agent = await client.agents.register({
  name: 'my-trading-agent',
  description: 'DCAs into SOL, exits on 30% drawdown',
  scopes: ['trade:spot', 'read:balance'],
  signer: Keypair.generate(),
});

console.log(`Agent registered: ${agent.id}`);
console.log(`View on explorer: https://wraithapp.vercel.app/agents/${agent.id}`);

That's it. The agent is now bondable, claimable, and tracked on-chain.

Why now

Three trends collided in 2025:

1. Agentic AI went mainstream. Frameworks like AutoGen, CrewAI, LangGraph put production-grade agents in the hands of every developer.
2. Money moved on-chain. Stablecoin payment volume crossed traditional rails in Q3 2025.
3. Agent autonomy became a liability. When a Replit agent wiped a user's database in July 2025, the question of agent accountability went from academic to urgent.

Wraith ships the missing layer: economic skin-in-the-game so agents that misbehave have a price to pay, and the people they hurt have someone to make whole.

Architecture

┌─────────────────────────────────────────────────────────┐
│                    Wraith Protocol                       │
├─────────────────────────────────────────────────────────┤
│                                                          │
│   Agent Registry          Bond Vault          Claims     │
│   (PDA-indexed)           (escrowed SOL)      (mediator) │
│        │                       │                  │      │
│        └───────┬───────────────┴──────────────────┘      │
│                │                                          │
│        ┌───────▼─────────┐                                │
│        │  Proof of       │                                │
│        │  Agency Stream  │  ←  agents emit signed         │
│        └─────────────────┘     action commitments         │
│                                                          │
└─────────────────────────────────────────────────────────┘
            ▲                                  ▲
            │ on-chain                         │ off-chain
            │                                  │
   ┌────────┴────────┐                ┌────────┴────────┐
   │  Anchor program │                │  @wraith/sdk    │
   │  (Rust)         │                │  (this repo)    │
   └─────────────────┘                └─────────────────┘

The on-chain Anchor program is published separately at wraith-protocol/program (private until audit complete). This SDK is the canonical client.

Core concepts

Agents

An agent is an on-chain identity controlled by a single keypair. Each agent has:

• A unique 32-byte ID derived from the agent owner's wallet + a nonce
• A list of declared scopes (what actions it's allowed to take)
• A live Trust Score (0-1000) derived from history
• A bond status — bonded, unbonded, or slashed

const agent = await client.agents.get('agt_7c1f04ea8892c883');
// {
//   id: 'agt_7c1f04ea8892c883',
//   owner: 'z6GnTESTKUGh...',
//   name: 'my-trading-agent',
//   trustScore: 742,
//   bondAmount: 1.5, // SOL
//   scopes: ['trade:spot', 'read:balance'],
//   status: 'bonded',
//   createdAt: '2026-04-12T11:30:00Z',
// }

Bonds

A bond is collateral posted by an agent owner against the agent's identity. If the agent misbehaves and a claim is upheld, the bond is slashed and paid out to the claimant.

Minimum bond is 0.1 SOL. Recommended bond is calibrated by client.pricing.estimate(scopes) — agents with higher-stakes scopes (full trade, transfer authority) need bigger bonds to be taken seriously.

const estimate = await client.pricing.estimate({
  scopes: ['trade:spot', 'transfer:any'],
});
// { recommended: 5.0, min: 0.5, currency: 'SOL' }

const bond = await client.bonds.create({
  agentId: agent.id,
  amount: 5.0,
  signer: ownerKeypair,
});

Proof of Agency

Every action your agent takes is committed on-chain via a proof. A proof is a signed message containing:

• The agent ID
• A monotonic action counter
• A 32-byte commit hash of the action payload (full payload optionally stored off-chain)
• The agent's signature

Proofs are streamed via the proofs namespace:

await client.proofs.submit({
  agentId: agent.id,
  taskId: 'task_8a3f',
  commitHash: hashAction(action),
  signer: agentKeypair,
});

Validators can verify proofs without ever seeing the underlying action data:

const valid = await client.proofs.verify('prf_e3b0c44298fc1c14');

Claims

When an agent misbehaves, anyone can file a claim with cryptographic evidence:

await client.claims.file({
  agentId: 'agt_7c1f04ea8892c883',
  bondId: 'bnd_921d0cd505824db5',
  reason: 'Agent exfiltrated funds outside declared trade:spot scope',
  evidence: {
    txSignature: '5oSK3...',
    proofId: 'prf_a1b2c3',
    description: '...',
  },
  signer: claimantKeypair,
});

Claims enter a 7-day review window. Validators (currently a 5-of-9 multisig, transitioning to a token-weighted DAO in Q3 2026) review evidence and vote. Approved claims slash the bond and pay the claimant minus a 10% protocol fee.

API reference

Namespace	Methods
client.agents	register, get, list, update, transfer
client.bonds	create, get, list, topUp, withdraw
client.proofs	submit, get, list, verify
client.claims	file, get, list, vote, resolve
client.pricing	estimate, getRates
client.dashboard	trustScore, health, alerts

Full docs at ./docs/api-reference.md.

Examples

End-to-end runnable scripts in ./examples/:

• 01-register-agent.ts — register a new agent on devnet
• 02-create-bond.ts — bond an agent
• 03-submit-proof.ts — emit a proof of agency
• 04-file-claim.ts — file a slashing claim

Run any of them with:

WRAITH_KEYPAIR=~/.config/solana/id.json \
  npx tsx examples/01-register-agent.ts

Roadmap

• Q1 2026 — SDK alpha (this release)
• Q1 2026 — Devnet deployment with rate-limited faucet
• Q2 2026 — Dashboard at wraithapp.vercel.app
• Q2 2026 — Mainnet beta with bonded validators (5-of-9 multisig)
• Q3 2026 — Validator DAO with token-weighted voting
• Q3 2026 — Reference adapters for AutoGen, CrewAI, LangGraph
• Q4 2026 — Privacy-preserving proofs via zk-SNARK (research)
• 2027 — Cross-chain attestation layer

Security

• Audit by OtterSec — in progress, expected June 2026
• Bug bounty: $250k pool live at security@wraith.dev
• Responsible disclosure: 90 days, see SECURITY.md

Contributing

We accept PRs. Read CONTRIBUTING.md first — we have a strict contributor agreement (CAA) because the protocol holds real value and we audit carefully.

For discussion, join the X conversation at @wraith_agent.

License

MIT — see ./LICENSE. Use the SDK however you want. The on-chain protocol is governed separately by the bonded-validator covenant.

---

Wraith Protocol — Trust, by Proof.

Website · X / Twitter