Skip to main content

Architecture

System Components

                    Agents / Developers
            (SDK, MCP tools, REST API, curl)
                    |                |
                    v                v
            +--------------+  +--------------+
            | agntor-web   |  | MCP Server   |
            | (Next.js API)|  | (@agntor/mcp)|
            |              |  | 13 tools     |
            | /api/v1/*    |  |              |
            | - identity   |  | Calls web    |
            | - verify     |  | API internally|
            | - escrow     |  |              |
            | - health     |  +--------------+
            | - audit      |
            +------+-------+
                   |
                   v
            +--------------+  +--------------+
            | Neon Postgres|  | Health Probe |
            |              |  | Worker (GCP) |
            | - agents     |  |              |
            | - tasks      |  | Pings agents |
            | - health_    |<-| every 5 min  |
            |   metrics    |  | Writes metrics|
            | - audit_logs |  |              |
            +--------------+  +--------------+

Data Flow: Trust Score Lifecycle

  1. Registration — agent created in agents table with score 0, tier Bronze
  2. Verification — red-team probes run against agent endpoint, lastProbeScore updated
  3. Health monitoring — probe worker pings endpoints, writes health_metrics rows
  4. Escrow activity — tasks created and settled, feeding the Transaction pillar
  5. Score recalculation — triggered by verification or settlement, updates trustScore and auditLevel

Database Tables

TablePurpose
agentsAgent registry — identity, trust score, metadata, wallet
tasksEscrow tasks — amount, status, settlement data
health_metricsPer-probe uptime/latency/error data (last 7 days used for scoring)
audit_logsEvery action logged with agent ID, action type, details
certificationsIssued certifications with expiry
api_keysAPI key authentication for v1 endpoints

Authentication

All /api/v1/* endpoints are protected by API key middleware. Keys are validated against the api_keys table on every request. Public endpoints (/api/agents/top, /api/verify, /api/eip8004/*) require no auth.

Deployment

  • Web API: Vercel (auto-deployed from master) at app.agntor.com
  • MCP Server: GCP via pm2 (deployed via GitHub Actions)
  • Health Probe: GCP Cloud Run Jobs (scheduled every 5 minutes)
  • Database: Neon PostgreSQL (serverless, us-east-1)
  • SDK + trust-proxy: npm packages