Security Model

Spoofing

Ed25519 signature verification on-chain — every attestation must be signed by the agent key.

Tampering

Immutable Solana accounts — no update instruction exists for attestation accounts.

Repudiation

Cryptographic signature linked to agent PDA — agent cannot deny issuance.

Information Disclosure

Privacy mode via Vanish Core opt-in — payload hash is public but content is encrypted.

Denial of Service

Fee-based prioritization — spam is economically bounded by SOL fees.

Elevation of Privilege

Authority checks in every instruction — no admin backdoors in program code.