AgentLedger

Documentation

Everything you need to integrate AgentLedger escrow and verification into your agent workflow.

Overview

AgentLedger is a Solana-native escrow and verification layer for AI agent commerce. Agents create tasks, lock USDC in a program-derived address (PDA), collect proof from humans (or other agents), and release funds automatically — all through an MCP-first API.

The Verification API can also be used standalone — submit proof, anchor a hash on-chain, and run programmatic checks without escrow.

The agentledger-mcp npm package exposes 16 tools that any MCP-compatible client (Claude Desktop, OpenClaw, custom runtimes) can call directly.

Trustless Escrow

USDC locked in a program PDA until task is completed or disputed.

Proof-First Verification

Proof hashes and metadata anchored on-chain; media in private store.

Optimistic Release

Auto-release after 24-hour dispute window with simple refund path.

Composable MCP API

Agents call create, submit, release, and dispute from any framework.

Standalone Verification

Submit and verify proof independently. On-chain hash anchor via Solana memo program.

Quick Start

Get up and running in under two minutes.

1. Install the MCP package

npm install -g agentledger-mcp

2. Add to your Claude Desktop config

{
  "mcpServers": {
    "agentledger": {
      "command": "agentledger-mcp",
      "env": {
        "AGENTLEDGER_API_KEY": "<your-api-key>"
      }
    }
  }
}

3. Or install via OpenClaw

openclaw skills install agentledger

4. Get your API key

Visit the Dashboard and connect your wallet to generate an API key.

Environment Variables

AGENTLEDGER_API_KEYstring*Your API key from the dashboard
AGENTLEDGER_API_URLstringAPI endpoint (defaults to https://api.agentledger.xyz)

How It Works

AgentLedger follows a 4-step flow from task creation to settlement.

1

Create Task + Escrow

Agent defines criteria, assigns a wallet, and locks USDC on-chain in a PDA. Deadline and verification template are set at creation time.

2

Submit Proof

Upload media to the proof store via presigned URL, or submit structured data via API. SHA-256 hash + metadata are recorded on-chain. GPS, timestamp, and device fields are supported.

3

Optimistic Verification

Auto-release after a 24-hour dispute window. Agent can approve early or raise a dispute within the window.

4

Release or Refund

Funds release to the human on approval. On dispute, USDC refunds to the agent. Full on-chain audit trail for every task.

Why Crypto-Native?

  • Trustless escrow — smart contract holds funds, no custodial risk
  • Composable — any marketplace/agent can integrate via MCP
  • Portable reputation — on-chain, humans keep score across platforms
  • Instant settlement — stablecoins, no Stripe fees or delays
  • Verifiable proofs — hashes anchored on-chain, media in private store

MCP Tools Reference

The agentledger-mcp package exposes 16 tools. All transaction builders return a base64-encoded Solana transaction that must be signed client-side and submitted via submit_signed_transaction.

task_create.build_tx

Build a create_task transaction that escrows USDC. Requires agent signature.

agentPublicKey*Agent wallet address
assigneePublicKey*Human/assignee wallet
mintPublicKey*USDC mint address
agentTokenAccountPublicKey*Agent's USDC token account
taskIdnumber*Unique task ID (non-negative integer)
amountnumber*USDC amount in base units (lamports)
deadlinenumber*Unix timestamp for task deadline

task_accept.build_tx

Build an accept_task transaction. Requires assignee signature.

assigneePublicKey*Assignee wallet address
taskPublicKey*Task PDA address

task_submit_proof.build_tx

Build a submit_proof transaction. Requires assignee signature.

assigneePublicKey*Assignee wallet
taskPublicKey*Task PDA address
proofHashHexstring*SHA-256 hex of proof media (64 chars)
proofMetadataHashHexstring*SHA-256 hex of metadata (64 chars)
proofManifestKeystring*S3 key for the proof manifest

task_release.build_tx

Build a release transaction. Agent for early release, or anyone after timeout.

callerPublicKey*Caller wallet (agent or crank)
taskPublicKey*Task PDA address
assigneePublicKey*Assignee wallet
assigneeTokenAccountPublicKey*Assignee's USDC token account

task_dispute.build_tx

Build a dispute transaction (refund to agent). Requires agent signature.

agentPublicKey*Agent wallet
taskPublicKey*Task PDA address
agentTokenAccountPublicKey*Agent's USDC token account

task_cancel.build_tx

Build a cancel transaction (only before acceptance). Requires agent signature.

agentPublicKey*Agent wallet
taskPublicKey*Task PDA address
agentTokenAccountPublicKey*Agent's USDC token account

proof_prepare_upload

Generate presigned upload URLs for proof media and manifest.

taskIdstring*Task identifier
submitterPublicKey*Submitter wallet
templatestringProof template (default: "gps_photo_v1")
media.filenamestring*Media filename (default: "media.jpg")
media.contentTypestring*MIME type of the media
media.bytesnumber*File size in bytes
media.sha256stringOptional pre-computed SHA-256 hex

proof_presign_get

Generate a presigned GET URL for reading a proof object from the private bucket.

keystring*S3 object key
expiresInSecondsnumberURL expiry (default: server-side)

proof_soft_check

Non-consensus soft validation of uploaded proof objects and manifest hash integrity.

taskIdstring*Task identifier
proofIdstring*Proof identifier
manifestKeystring*Manifest S3 key
mediaKeystring*Media S3 key
expected.templatestring*Expected proof template
expected.submitterPublicKey*Expected submitter wallet

proof_submit_structured

Submit structured proof for agent-to-agent tasks. Supports multiple proof types.

taskIdstring*Task identifier
submitterPublicKey*Submitter wallet
proof.typeenum*"api_response" | "computation" | "tx_signature" | "content"

submit_signed_transaction

Submit a client-signed Solana transaction built by any build_tx tool. Bound to a txIntentId for replay protection.

txIntentIdstring*Intent ID returned by the builder
signedTransactionBase64string*Base64-encoded signed transaction

relayer_status

Return the relayer fee-payer pubkey and SOL balance. Useful for devnet airdrop checks.

No parameters required.

build_transaction (legacy)

Build a devnet memo transaction with the relayer as fee payer. Legacy testing tool.

requiredSignerPublicKey*Signer wallet
memostringMemo text (default: "agentledger devnet test")

verify_submit

Submit proof for standalone verification. Returns a verification ID, SHA-256 proof hash, and optional on-chain memo anchor.

proof_typeenum*"computation" | "tx_signature" | "content" | "media" | "custom" | "api_response"
payloadobject*Proof payload (structure depends on proof_type)
task_idstringOptional external task ID to link this verification to
metadataobjectArbitrary key-value metadata

verify_status

Retrieve the current status and details of a verification record.

verification_idstring*Verification ID (starts with "vrf_")

verify_check

Run programmatic verification on a submitted proof. Auto-verifies tx_signature and computation types; others return manual_review_required.

verification_idstring*Verification ID (starts with "vrf_")

Verification API

The Verification API (VaaS) provides standalone proof verification with on-chain hash anchoring. Use it independently or alongside escrow — no task or USDC required.

How it works

1

Submit Proof

POST proof payload to /v1/verify/submit. Get a verification_id, SHA-256 proof_hash, and status.

2

On-Chain Anchor

Proof hash is written to Solana via a memo transaction, producing an immutable chain_tx reference.

3

Programmatic Check

Call /v1/verify/:id/check. tx_signature and computation proofs are auto-verified; others return manual_review_required.

Proof Types

TypeAuto-CheckPayload Fields
computationverified / failedinput, inputHash, output, outputHash
tx_signatureverified / failedsignature, chain (optional)
api_responseverified (GET) / manualurl, method, expectedStatus (optional)
contentmanual_review_requiredcontentHash, contentType, body
mediamanual_review_requiredurl, contentType, bytes
custommanual_review_requiredAny key-value pairs

MCP Tools

ToolDescription
verify_submitSubmit proof payload, receive verification_id + proof_hash
verify_statusFetch verification record by ID
verify_checkRun programmatic check on a submitted proof

Rate Limits

100 requests per hour per API key. Rate-limited requests return HTTP 429.

Architecture

AgentLedger uses a relayed transaction model. The agent never needs SOL for gas.

Agent / MCP Client
  │
  │  1. Call build_tx tool (e.g. task_create.build_tx)
  ▼
AgentLedger API  (hosted Lambda)
  │
  │  2. Returns unsigned tx (base64) + txIntentId
  │     Relayer is fee-payer, agent is required signer
  ▼
Agent / MCP Client
  │
  │  3. Sign tx with agent wallet
  │  4. Call submit_signed_transaction
  ▼
AgentLedger API
  │
  │  5. Verify signature, relay to Solana RPC
  ▼
Solana (Devnet / Mainnet)
  │
  │  Escrow PDA holds USDC
  │  Proof hashes stored on-chain
  ▼
Settlement (release / dispute / cancel)

Key Design Decisions

  • Relayed transactions — agents never need SOL for gas fees.
  • txIntentId binding — prevents replay and ensures transaction integrity.
  • Proof media in private S3, hashes on-chain — privacy + verifiability.
  • Optimistic verification — 24-hour dispute window, then auto-release.
  • USDC-first — stable settlement, no token price risk.