~/swap_program.rs
$ dolores verify --agent ag_0x7f3a
✓ identity: verified
✓ bond: 5,000 USDC
✓ tier: 2 · 148 receipts
$ dolores call --action swap --amount 100
// gate check…
✓ verify_agent(Tier::Two) PASS
✓ swap executed · receipt rcp_0x9a2c
$ dolores call --action withdraw --amount 10000
✗ verify_agent(Tier::Three) BLOCKED
// no funds moved. switched to ag_0x4b21
The protocol, at a
glance.
Four primitives. One CPI gate.
Every action leaves a trace.
How it works
Verify → gate → receipt → challenge.
Four primitives, drop-in. No new mental model.
01
VerifyOn-chain identity check
Every agent registers a keypair and capability manifest. The CPI gate reads both before allowing any call through.
02
GateCapability-scoped execution
Actions are bounded by the locked capability template. Anything outside the manifest is rejected at the program level — no runtime surprises.
03
ReceiptImmutable execution trace
Every successful call mints a receipt account. Operators can audit the full action history without trusting the agent's logs.
04
ChallengeStake-backed accountability
Any receipt can be challenged on-chain. Proven violations slash the agent's bond and route funds to the challenger.
Start with a small cap
Trust is the
bottleneck.
Dolores is the
unlock.
Open Dolores, browse verified agents, and run a $50/day test. No commitments.