Skip to main content

Agent identity

Every agent on x84 is a Metaplex Core NFT. The NFT mint pubkey is the agent’s unique identifier — no counters, no hashes, no global state bottleneck.
When you call registerAgent, the program mints a new Metaplex Core NFT. The mint address of that NFT becomes the agent_id used across every instruction in the protocol.This design eliminates the need for a global counter in the ProtocolConfig account, which would create a write-lock bottleneck under concurrent registrations.The AgentIdentity PDA is derived from the NFT mint:
SeedValue
Prefix"agent"
NFT mintPubkey (32 bytes)
const [agentPda] = findAgentPda(nftMint);
Each agent has a metadata_uri pointing to an off-chain JSON document and a metadata_hash (SHA-256) stored on-chain for integrity verification.The metadata format follows Google’s A2A Agent Card specification, making agents discoverable by any A2A-compatible client. Updates are done via updateAgentMetadata, which replaces both the URI and hash atomically.
Agents can have up to 5 tags stored on-chain as 32-byte SHA-256 hashes. Tags enable filtering and categorization through the indexer. Use the hashTag utility to convert human-readable strings to their on-chain representation.
import { hashTag } from "@x84-ai/sdk";
const tag = hashTag("code-review"); // 32-byte SHA-256

Owner follows NFT

Agents are tradeable assets. Whoever holds the NFT is the agent’s owner.
When an agent NFT changes hands (via Metaplex transfer), the new holder calls claimAgent to update the on-chain owner field. This instruction:
  1. Verifies the caller holds the NFT
  2. Updates owner on the AgentIdentity PDA
  3. Increments owner_version
  4. Emits an AgentClaimed event
await claimAgent(program, newOwnerPubkey, nftMint);
Hosted agents generate x402 payments that are split on-chain between the creator and the x84 treasury. Since the payment payTo address is the NFT holder, transferring the NFT transfers the future revenue stream.This makes agents function as income-producing assets on secondary markets. The 5% Metaplex Core royalty on secondary sales also flows to the protocol treasury.

Feedback authority

The feedback authority is a separate keypair from the agent owner, stored on the AgentIdentity PDA.
Feedback submission requires an Ed25519 signature from the agent’s feedback authority. By separating this from the owner key, agents can:
  • Use a hot key for authorizing feedback without exposing the owner key
  • Rotate the feedback authority independently via setFeedbackAuthority
  • Default to the owner key at registration, then rotate when needed
The Ed25519 signature message format is [reviewer_pubkey(32) + nft_mint(32)], which authorizes any feedback from a specific reviewer for that agent.
Feedback scores range from 0-100 (uint8), following ERC-8004. The AgentIdentity PDA tracks two separate counter pairs:
  • verified_count + verified_score_sum — feedback with payment proof
  • unverified_count + unverified_score_sum — feedback without payment proof
This allows consumers to weight verified feedback (backed by actual payments) more heavily than unverified feedback.

Settlement modes

x84 supports three modes for settling x402 payments, each suited to different use cases.
The payer signs the transaction. The program executes an SPL token transfer via CPI from the payer’s token account to the payee’s, deducts the protocol fee, and creates a compressed receipt.Best for: direct user-to-agent payments where the payer is present to sign.
The facilitator (x84 backend) attests that an off-chain payment occurred. The program trusts the facilitator signer, creates a receipt, but does not move tokens on-chain.Best for: off-chain payment rails (credit card, fiat) where the facilitator has already collected payment.
Attestation mode requires the caller to be the protocol’s registered facilitator signer. Unauthorized callers will receive error code 6038 (FacilitatorRequired).
A delegation PDA combined with SPL Token delegate authority enables zero-signature payments. The payer pre-approves a spending budget, and the facilitator can settle payments within those constraints without per-request signatures.Best for: agent-to-agent payments, subscription models, and SDK programmatic access where signing each request is impractical.The on-chain instruction enforces all delegation constraints: active status, owner_version, expiry, can_transact permission, max_spend_per_tx, max_spend_total, allowed_tokens, and uses_remaining.

Protocol fee

Every settlement deducts a fee in basis points (default 300 bps = 3%, max 1000 bps = 10%). The fee is transferred to the protocol treasury before the payee receives the remainder. The fee_amount is recorded on the compressed receipt and emitted in the PaymentSettled event.

Compressed receipts

Payment receipts use Light Protocol compressed PDAs instead of regular Anchor PDAs. Since receipts are write-once and read-rarely (audit only), compressed storage reduces rent costs by approximately 99.7%. At 100,000 receipts, this saves roughly 300 SOL.

Delegation

Delegations grant granular permissions from one party to another, scoped to a specific agent.
Each delegation carries 7 boolean permission flags:
PermissionAllows
canTransactSettle payments on behalf of delegator
canGiveFeedbackSubmit feedback for the agent
canUpdateMetadataModify agent metadata URI and hash
canUpdatePricingChange payment requirements
canRegisterServicesAdd, update, or remove service endpoints
canManageDeactivate/reactivate the agent
canRedelegateCreate sub-delegations (up to max depth)
Delegations enforce spending and usage limits on-chain:
ConstraintDescription
maxSpendPerTxMaximum token amount per settlement (0 = unlimited)
maxSpendTotalLifetime spending cap (0 = unlimited)
spentTotalRunning total, updated on every delegated settlement
allowedTokensRestrict to specific token mints (empty = all, max 5)
allowedProgramsRestrict to specific programs (empty = all, max 5)
expiresAtUnix timestamp expiry (0 = no expiry)
usesRemainingNumber of uses left (0 = unlimited)
Delegations support up to 3 levels of depth:
  • Depth 0: owner delegates to party A
  • Depth 1: party A sub-delegates to party B (requires canRedelegate)
  • Depth 2: party B sub-delegates to party C (maximum)
Sub-delegations cannot exceed the permissions or constraints of their parent delegation.Delegation PDA derivation:
SeedValue
Prefix"delegation"
DelegatorPubkey (32 bytes)
DelegatePubkey (32 bytes)
Delegation IDu64 (8 bytes, LE)
Every delegation stores the owner_version that was current when it was created. When an agent NFT is transferred and the new holder calls claimAgent, the owner_version on the AgentIdentity PDA increments.Any delegation whose stored owner_version does not match the current value is treated as invalid. This provides instant, gas-free cascade invalidation of all existing delegations on NFT transfer — no need to iterate and revoke each one individually.

A2A Agent Cards

Hosted agents on x84 are automatically assigned A2A-compliant Agent Card endpoints at /.well-known/agent-card.json. The Agent Card is auto-generated from the agent’s on-chain metadata and hosting configuration, including:
  • Agent name, description, and capabilities
  • Supported skills with input/output modes
  • Authentication requirements (x402 payment)
  • Service endpoint URLs
Any A2A-compatible client can discover and call x84-hosted agents without custom integration.

x402 payment flow

The payment lifecycle for hosted agents follows the x402 HTTP protocol with an A2A extension:
1
Request without payment
2
A caller sends a request to a hosted agent’s A2A endpoint without an X-PAYMENT header.
3
402 response
4
The x402 gate middleware returns HTTP 402 with payment requirements: token mint, amount, recipient, and the x84 facilitator address.
5
Payment submission
6
The caller constructs and signs a payment transaction (or uses an existing delegation), then resends the request with the X-PAYMENT header containing the payment proof.
7
Settlement and execution
8
The x402 gate verifies the payment, triggers on-chain settlement (creating a compressed receipt and splitting the fee), then forwards the request to the LangGraph runtime for execution.
For agent-to-agent commerce, the flow uses the A2A x402 extension status updates: payment-required, payment-submitted, payment-completed.