Agent Vault currently has a devnet version. It has an internal v0.1.0 security review, but no external production audit and no mainnet release.
Program checks:
NO_DNA=1 cargo test --offline
NO_DNA=1 cargo test --offline --manifest-path tests/runtime/Cargo.toml -- --test-threads=1
NO_DNA=1 ./scripts/verify-devnet-onchain.shSDK preflight:
cd ../agent-vault-sdk
NO_DNA=1 npm run check
NO_DNA=1 npm run e2e:devnetnpm run e2e:devnet is preflight-only unless AGENT_VAULT_E2E_SEND=1 is set.
Program ID: 36u7KMBuxjExvU6V2nfTX5SnNdYMGUupFiYouLzrgpfW
8004 registry: 8oo4J9tBB3Hna1jRQ3rWvJjojqM5DYTDJo5cejUuJy3C
8004 collection: 6CTyGPcn8dMwKEqgtvx2XCpkGUd7uqCVK6937RSM5bhA
Release status: deployed
The release manifest is tracked in
docs/RELEASE_MANIFEST.devnet.json. Canonical
deployment verification is RPC-backed in the SDK devnet preflight: it checks the
program account, ProgramData account, deployed ELF hash and size, ProgramData
address, ProgramData upgrade authority, global config PDA, global config bump,
and expected global config fields against that manifest before signed SDK writes.
From the program repository:
NO_DNA=1 cargo test --offline
NO_DNA=1 cargo test --offline --manifest-path tests/runtime/Cargo.toml -- --test-threads=1
NO_DNA=1 cargo test --offline --manifest-path tests/runtime/Cargo.toml devnet_release_cost_report -- --nocapture --test-threads=1
NO_DNA=1 ./scripts/verify-devnet-onchain.sh
NO_DNA=1 ./scripts/verify-formal.shFull local release verification:
NO_DNA=1 ./scripts/verify-devnet-release.shThat script runs formatting, Clippy, unit tests, SBF build checks, LiteSVM
runtime tests, localnet e2e, Kani harnesses, and local release artifact hash/size
checks. verify-devnet-onchain.sh is read-only and verifies the live devnet
Program, ProgramData hash/size/authority, and global config against the manifest.
From the SDK repository:
NO_DNA=1 npm ci
NO_DNA=1 npm run check
NO_DNA=1 npm run e2e:devnetnpm run e2e:devnet defaults to preflight-only mode. It verifies the live devnet
deployment and exits before any write. Set AGENT_VAULT_E2E_SEND=1 only when
the signer is funded and you intentionally want to run the live write flow.
The program repo covers the full V0 program instruction surface through LiteSVM
runtime tests and scripts/localnet-e2e.py. The separate Agent-Vault-SDK repo
provides devnet preflight against the live deployment and gated send-mode
coverage for SDK transaction construction. initialize_global_config is sent
by SDK devnet e2e only when AGENT_VAULT_INIT_GLOBAL=1 creates a missing
global config; otherwise the e2e counts it as deployment-verified by the live
global-config preflight:
initialize_global_config
init_vault_config
create_wallet
update_wallet_label
deposit_sol
withdraw_sol
transfer_sol
close_wallet
reopen_wallet_for_recovery
create_wallet_ata
transfer_spl
wrap_sol
unwrap_sol
close_wallet_ata
execute_cpi_checked
The runtime devnet_release_cost_report test prints compute units, rent
snapshots, and release cost categories for the deterministic LiteSVM fixtures.
There is no mainnet release. Mainnet writes must remain blocked until a canonical mainnet manifest and upgrade policy are published and implemented in the SDK verification path.