WRIT Protocol
Anonymous Know Your Agent (KYA) layer for Solana. Proves a human is behind a wallet without revealing who, bounds what agents can do under scoped delegations, and exposes a single CPI call for verification.
| Layer | Program | Responsibility |
|---|---|---|
| L4 | writ_gate | External CPI surface. Packs state from L1–L3 into AgentStatus. |
| L3 | reputation | Behavior scoring, 0–10,000. Staked dispute resolution. |
| L3 | delegation | Scoped permissions: program whitelist, budget, expiry, actions. |
| L1 | writ_registry | ZK verification, nullifier storage, soulbound identity token. |
The problem
Autonomous agents on Solana already move real money. The infrastructure for what an agent can do is mature. The infrastructure for who is operating one is nonexistent.
Every agent is a black box. Counterparties cannot tell whether a wallet is backed by a human with reputational skin in the game, or by code with no owner and nothing to lose. Protocols that want to gate access — liquidity pools, airdrops, lending markets, matchmaking — have no primitive to check this without outsourcing to an off-chain identity provider.
What WRIT answers
Three questions, packed into one CPI return value:
- Is a real human behind this wallet? Proven in zero knowledge. No PII stored.
- What is this agent allowed to do? Scoped by program, budget, expiry, and action type.
- Has this agent earned trust over time? On-chain reputation score from 0 to 10,000.
Minimal integration
Any Anchor program can gate any instruction by adding one CPI. The return value is a 64-byte AgentStatus struct that fits in two scratch slots.
use anchor_lang::prelude::*;
use writ_gate::{cpi, program::WritGate, state::AgentStatus};
#[program]
pub mod your_program {
use super::*;
pub fn sensitive_swap(ctx: Context<SensitiveSwap>, amount_in: u64) -> Result<()> {
// One CPI. One branch. No off-chain dependency.
let status: AgentStatus = cpi::verify(
CpiContext::new(
ctx.accounts.writ_gate_program.to_account_info(),
cpi::accounts::Verify {
agent: ctx.accounts.agent.to_account_info(),
gate_state: ctx.accounts.gate_state.to_account_info(),
},
),
)?.get();
require!(status.is_valid, ErrorCode::NotHumanBacked);
require!(status.score >= 500, ErrorCode::InsufficientReputation);
require!(
status.scope.allows(&ctx.program_id, amount_in),
ErrorCode::OutOfScope,
);
do_swap(ctx, amount_in)
}
}verify CPI is read-only. It never mutates WRIT state, so it composes safely inside atomic transactions and multi-CPI flows. If you need to atomically debit the scope budget, use verify_and_record instead.Protocol specs
Design commitments
Privacy is not optional
The registry stores one field per human: a Poseidon nullifier. It cannot be reversed to a wallet, a device, or a real-world identity. Proofs are generated in the browser; only the proof and the nullifier commitment ever touch the chain. No biometric data is collected.
No off-chain oracle
The verifier runs on-chain via Solana's alt_bn128_pairing syscall. There is no external signer, no rollup, no trusted enclave. If Solana is live, verification works.
Delegation is bounded by default
An agent never gets a blank check. Each delegation carries four constraints (programs, SOL budget, expiry, action mask) and is revocable in one transaction. Five concurrent delegations per writ caps the blast radius of a compromised human.
Reputation is earned, not declared
The 0–10,000 score is computed from behavior reports submitted by other programs. Disputes use staked resolution. Age weighting rewards longevity up to 1.5× at 180 days.
Where to go next
Quickstart — gate one instruction in five minutes.
Concepts — why KYA is a distinct primitive from KYC.
Architecture — the four programs, their PDAs, and the CPI flow in detail.
Deployments — devnet program IDs and RPC config.