⚡Agentixxon Solana
HomeDeep DiveLive Dashboard
GitHub →
HomeDeep DiveLive Dashboard
Bounty Deep Dive

Wallet design,
security & AI integration.

A complete walkthrough of how autonomous AI agents own and operate Solana wallets — from keypair generation to encrypted keystores to live devnet transactions. Every BUY and SELL in this prototype produces a real, verifiable on-chain signature.

1. Why agents need their own wallets

Traditional Solana wallets (Phantom, Backpack) are built for humans. Every transaction requires a UI prompt, a manual review, and a button click. AI agents can't do any of that — they operate at machine speed, 24/7, and need to sign in milliseconds without blocking on human approval.

An agentic wallet is a wallet the agent fully controls: it holds the private key, decides when to sign, and broadcasts transactions autonomously. No human is in the loop at runtime. Agentixx runs a fleet of these wallets concurrently, each with independent state, independent balances, and independent on-chain history.

2. Keypair generation

Every agent gets a fresh ed25519 keypair generated via Keypair.generate() from @solana/web3.js, which internally calls Node.js crypto.randomBytes — seeded by the OS CSPRNG (/dev/urandom on Linux). This gives 256 bits of entropy, sufficient for real-world use.

lib/agentStore.ts
const { Keypair } = require("@solana/web3.js")

// Each agent runs this independently — no shared seeds
const keypair = Keypair.generate()
console.log(keypair.publicKey.toBase58()) // agent's on-chain address

Each agent gets an independent keypair. There is no shared master seed. Compromise of one agent's key does not affect any other agent in the fleet.

3. Encrypted keystore format

Private keys at rest are encrypted with AES-256-GCM. The encryption password is hardened through scrypt — a memory-hard KDF that makes brute-force attacks orders of magnitude more expensive.

keystores/alpha-trader.json
{
  "version": "1.0",
  "agentId": "alpha-trader",
  "publicKey": "9WzDXwBbmkg8ZTbNMqUxvQRAyrZzDsGYdLVL9zYtAWWM",
  "encryptedKey": "a1b2c3d4...",   // AES-256-GCM ciphertext
  "iv":  "f3a1...",                 // random 12-byte IV per save
  "authTag": "8c2d...",            // GCM tag — detects any tampering
  "network": "devnet"
}

The GCM auth tag is critical — if anyone modifies even a single byte of the encrypted key on disk, decryption throws before returning any key material. The IV is regenerated on every saveKeystore() call so no two keystores look alike.

4. Autonomous transaction signing — all three actions

Every trade action in this prototype produces a real, verifiable transaction on Solana devnet. There are no simulated signatures. Here is exactly what each action does on-chain:

BUY — a real SOL transfer from the agent wallet to the DEX treasury address. The agent signs with its own keypair autonomously, with no human prompt. The resulting signature is linked directly from the dashboard.

api/agents/[id]/trade/route.ts — BUY
// Agent wallet → DEX treasury: 0.01 SOL on-chain
signature = await sendSOL(keypair, DEX_TREASURY, 0.01)

// Returns a real, confirmed devnet signature:
// "4xK9...zW2p" — verifiable at explorer.solana.com/?cluster=devnet

SELL — a Memo program transaction. The agent signs a zero-lamport transaction that permanently records the sell decision as UTF-8 metadata on-chain. This is the standard pattern for audit-logging decisions when no counterparty transfer is possible without a deployed program.

lib/solana.ts — sendMemoTransaction()
const memoInstruction = new TransactionInstruction({
  keys:      [{ pubkey: keypair.publicKey, isSigner: true, isWritable: false }],
  programId: MEMO_PROGRAM_ID, // MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr
  data:      Buffer.from(JSON.stringify({
    action:    "SELL",
    agent:     "alpha-trader",
    price:     "72.45",
    amountSOL: 0.01,
    ts:        "2024-01-15T10:23:41Z",
  }), "utf-8"),
})

// Agent signs — confirmed on-chain, readable on Explorer
const signature = await sendAndConfirmTransaction(connection, tx, [keypair])
✓

Both BUY and SELL now produce verifiable on-chain signatures. Click any signature link in the dashboard to inspect the full transaction on Solana Explorer (devnet).

HOLD — no transaction. The decision is recorded in the agent's local trade history. The autonomous loop uses HOLD to signal "market neutral" without burning transaction fees unnecessarily.

Solana's recentBlockhash mechanism prevents replay attacks — each transaction includes a recent blockhash and is rejected by the network after ~90 seconds. The agent fetches a fresh blockhash before every transaction.

5. The autonomous decision loop

startAgentLoop(id, callback, intervalMs) runs the agent's decision callback on a fixed timer — every 15 seconds by default. The loop is started automatically for all funded agents on page load, and can be stopped per-agent from the dashboard.

The decision function autonomousDecision(price) implements momentum-based rules. It is the same function called by both the manual trade button and the autonomous loop, ensuring behavioral consistency regardless of how a trade is triggered.

api/agents/[id]/loop/route.ts — loop callback
startAgentLoop(id, async () => {
  // 1. Safety guard — stop loop if balance too low
  const balance = await refreshBalance(id)
  if (balance < MIN_BALANCE_SOL) {
    stopAgentLoop(id)
    return
  }

  // 2. Simulated price oracle (replace with Pyth in production)
  const price = +(20 + Math.random() * 80).toFixed(2)

  // 3. AI decision layer — pure function, easily swappable
  //    price < 40  → BUY  (undervalued signal)
  //    price > 70  → SELL (take-profit signal)
  //    otherwise   → HOLD
  const decision = autonomousDecision(price)

  // 4. Execute — calls the same trade route as a manual click
  await fetch(`/api/agents/${id}/trade`, {
    method: "POST",
    body:   JSON.stringify({ type: decision, auto: true }),
  })
}, 15_000)
ℹ

To upgrade to an LLM-driven agent, replace autonomousDecision(price) with an OpenAI or Anthropic API call. Pass the agent's balance, recent trade history, and price signal as context. The wallet layer below it stays identical — only the decision function changes.

The loop enforces a MIN_BALANCE_SOL = 0.05 reserve. If an agent's balance drops below this threshold, the loop halts automatically and logs a warning — preventing an agent from spending itself into dust and becoming unable to pay transaction fees.

6. Multi-agent fleet architecture

WalletRegistry manages a fleet of independent agents. Each agent has its own keypair, its own encrypted keystore file, and its own autonomous loop running concurrently. No state is shared between agents. A Map<string, NodeJS.Timeout> inloop.ts tracks which agents are running without any shared mutable state.

lib/agents/loop.ts
const runningLoops = new Map<string, NodeJS.Timeout>()

export function startAgentLoop(
  id: string,
  callback: () => Promise<void>,
  intervalMs: number
) {
  if (runningLoops.has(id)) return // already running — idempotent

  const tick = async () => {
    await callback()
    // Reschedule only if still running (stop() clears the map)
    if (runningLoops.has(id)) {
      runningLoops.set(id, setTimeout(tick, intervalMs))
    }
  }

  runningLoops.set(id, setTimeout(tick, intervalMs))
}

export function stopAgentLoop(id: string) {
  const timer = runningLoops.get(id)
  if (timer) { clearTimeout(timer); runningLoops.delete(id) }
}

export const getRunningLoops = () => [...runningLoops.keys()]

7. Security threat model

ThreatMitigation
Plaintext key on diskAES-256-GCM encryption — key never stored unencrypted
Tampered keystore fileGCM auth tag — any byte modification detected on load
Weak encryption passwordscrypt KDF — brute force made computationally expensive
Transaction replaySolana blockhash expiry (~90 seconds per tx)
Cross-agent contaminationIndependent keypairs per agent — no shared key material
Private key in logstoJSON() never exports key; logger redacts sensitive fields
Agent overspendingMIN_BALANCE_SOL = 0.05 reserve enforced before every loop tick
Simulated SELL signaturesAll SELLs are real Memo program txs — fully verifiable on Explorer
Loop runaway / crashUncaught errors logged and swallowed per tick — loop continues

8. Run it yourself

terminal
git clone https://github.com/emmyCode4495/agentixx
cd agentixx
npm install
cp .env.example .env.local

# Single agent demo — creates wallet, airdrops SOL, signs tx
npm run demo

# 3 agents trading concurrently on devnet
npm run multi-agent

# Full test suite
npm test

The demo runs entirely on Solana devnet — no real funds involved. Every BUY transaction and every SELL memo is verifiable on Solana Explorer (devnet). The autonomous loop fires every 15 seconds — open the dashboard and watch the trade count tick up in real time.

⚡Agentixx

Autonomous AI agent wallets on Solana devnet. Programmatic keypairs, on-chain signing, zero human intervention.

All systems operational

Tech Stack

ed25519Key Algorithm
AES-256Encryption
DevnetNetwork

Navigate

Deep DiveDashboardHealth↗GitHub

© 2026 Agentixx — Built on Solana

Powered bySolana