Quantu agent registry
The Quantu CPI surface AgentTrust consumes — give_feedback discriminator, AgentAccount + AtomStats accounts, byte-offset reads, pinned commit.
AgentTrust reads two Quantu programs from 8004-solana:
agent-registry-8004— agent identity + thegive_feedbackinstruction TrustGate CPIs into.atom-engine— confidence-weighted reputation aggregation.AtomStatsPDA carries thetier_immediatebyte PolicyVault gates against.
Both pinned to commit bfb09ad.
give_feedback CPI
Discriminator: [145, 136, 123, 3, 215, 165, 98, 41].
pub struct GiveFeedbackArgs {
pub value: u64,
pub value_decimals: u8,
pub score: Option<u8>, // 0..=100
pub feedback_file_hash: Option<[u8; 32]>, // dispute_reason_hash for disputes
pub tag1: String, // ≤ 32 bytes
pub tag2: String, // ≤ 32 bytes
pub endpoint: String, // ≤ 64 bytes
pub feedback_uri: String, // ≤ 256 bytes
}remaining_accounts ordering for the CPI:
| Index | Account | Notes |
|---|---|---|
| 0 | agent_account | payee's AgentAccount PDA |
| 1 | asset | payee's Metaplex Core asset |
| 2 | collection | Quantu's collection asset |
| 3 | system_program | for AtomStats init rent |
| 4 | atom_config (optional) | Quantu's AtomConfig PDA |
| 5 | atom_stats (optional) | payee's AtomStats PDA |
| 6 | atom_engine_program (optional) | Quantu's atom-engine |
| 7 | registry_authority (optional) | Quantu's registry authority PDA |
Indexes 0..=3 are required; 4..=7 come as a group of 4 (all four or none). TrustGate's emit_feedback handler validates this in programs/trustgate/src/instructions/emit_feedback.rs.
The SDK's deriveQuantuFeedbackAccounts returns this account bundle correctly ordered.
AtomStats byte-offset reads
PolicyVault's CounterpartyTier policy reads AtomStats via a manual byte-offset parser pinned to commit bfb09ad. Schema-version canary at byte 560 catches drift.
| Offset | Width | Field |
|---|---|---|
| 549 | u8 | risk_score |
| 551 | u8 | tier_immediate (v1 demo default) |
| 555 | u8 | tier_confirmed (production) |
| 557 | u16 LE | confidence (basis points) |
| 560 | u8 | schema_version (must equal 1) |
Account size: 561 bytes. Tier domain: 0..=4 (ATOM_TIER_MAX = 4).
Full table: Reference → Byte offsets.
Mainnet vs devnet program IDs
| Program | Mainnet | Devnet |
|---|---|---|
agent-registry-8004 | 8oo4dC4JvBLwy5tGgiH3WwK4B9PWxL9Z4XjA2jzkQMbQ | 8oo4J9tBB3Hna1jRQ3rWvJjojqM5DYTDJo5cejUuJy3C |
atom-engine | AToMw53aiPQ8j7iHVb4fGt6nzUNxUhcPc3tbPBZuzVVb | AToMufS4QD6hEXvcvBDg9m1AHeCLpmZQsyfYa5h9MwAF |
The SDK's MAINNET_QUANTU_IDS and DEFAULT_DEVNET_QUANTU_IDS carry these. NETWORK env on the MCP server drives the right pair: MCP → Install.
Why byte-offset and not Borsh?
Two reasons:
- Zero Cargo dep on Quantu's crate. AgentTrust would otherwise pin to Quantu's published Anchor IDL or workspace package. A Quantu version bump that re-orders fields would silently change PolicyVault's reads through Borsh's positional encoding. The byte-offset parser is fragile against layout changes — but fragile-with-canary, not fragile-silent. The
schema_versionbyte at 560 fails loud rather than silently misread. - Bounded compute. Borsh deserialization allocates and walks the full struct. The byte-offset parser reads exactly the five bytes PolicyVault gates against —
risk_score,tier_immediate,tier_confirmed,confidence,schema_version. Cheaper compute units, smaller stack frame.
Trade-off: the parser must be re-pinned manually if Quantu bumps its layout. The pinned-commit comment in policy-vault/src/ext/atom_engine.rs documents the bump procedure.
TrustGate's CPI wrapper
TrustGate's emit_feedback PDA-signs the CPI:
let signer_seeds: &[&[u8]] = &[
TrustGateAuthority::SEED_PREFIX, // b"trustgate_auth"
facilitator.as_ref(),
&[bump],
];
invoke_give_feedback(&cpi_accounts, &args, signer_seeds)?;Quantu's give_feedback instruction expects the caller to be the agent's owner. TrustGate's PDA is registered as the feedback authority via Quantu's identity flow on first use (the set_agent_wallet instruction at identity/instructions.rs:506-541 in Quantu's source). The client account in the CPI is set to authority.to_account_info(), so Quantu sees a PDA-signed call rather than the facilitator's wallet directly.
CPI source: programs/trustgate/src/ext/agent_registry.rs.