Blackbox stress-test agent for aisthetic.services — a verifiable commerce control plane for AI agents on Solana.
This 200-line agent hammers the public surfaces of the platform with 26 scenarios across four acts. Every successful action produces a cryptographically signed receipt. Every receipt is independently verifiable.
┌─────────────────┐
hard-test agent ─── 26 scenarios ──┬──→ sandbox.aisthetic ──┤ 7-stage pipeline│ ──→ signed receipts
│ └─────────────────┘
└──→ Jupiter v6 ─────────→ Solana mainnet ──→ finalized tx
| Act | Scenarios | What it tests |
|---|---|---|
| Coverage | 15 | liveness probes, 401 → 402 → 200 paid-call chain, receipt id shape, receipt verifier page, activity feed propagation, all public landing routes (/explorer, /docs/api, /proof-center, /agent/[hash], /principal/[hash]) |
| Adversarial | 10 | replay/dedupe, malformed Authorization, wrong sandbox-proof never-200 invariant, oversized URL, path traversal, SQL pattern in bearer, random/empty bearer, unknown gateway provider, PII guard on 50-row activity feed |
| pay.sh interop | 4 | probe Solana Foundation's pay.sh debugger 402 challenge, parse WWW-Authenticate: Payment header, decode the base64 MPP challenge body, assert that aisthetic and pay.sh both expose machine-readable Solana payment requirements at the 402 layer |
| Stress | 1 | 200 concurrent paid calls — uniqueness invariant (every successful receipt MUST be unique under load), p50/p95/p99 latency capture |
| Trade | 4 | pre-trade gateway receipt, real Jupiter quote on mainnet, signed Solana swap (0.001 SOL → USDC, ~$0.09) finalized on-chain, post-trade gateway receipt |
See reports/ for the most recent run output. Verdict: 30/30 PASS, 64 receipts produced, real mainnet Solana tx finalized.
Each receipt is a real signed claim — verify any one of them at https://aisthetic.services/r?id=<receipt-id>.
- Node 20+ and pnpm
- (Optional, for Act 4) A Solana mainnet keypair with ≥ 0.01 SOL at
~/.at-canary/agenttrust-mainnet.json
pnpm install# All 4 acts including real mainnet trade (~$0.10 in SOL)
pnpm test
# Skip the trade act (no real SOL spent)
pnpm test:no-tradeThe report writes to reports/<date>-hard-test.md.
Trust is the bottleneck for autonomous AI agents transacting online. aisthetic.services is the verification layer — every agent move produces a receipt that anyone can check, every payment settles in stablecoin without a custodian, every agent gets a portable on-chain identity.
This repo is the public proof. Don't trust us — run the agent. It uses only public surfaces, only documented headers, only signed payloads.
- The platform source code (private)
- Any operator credentials, API keys, or signing keys
- Anything that isn't already a public HTTP surface
Don't trust this repo because it claims to be aisthetic. Verify the signer:
- Signed JSON (Ed25519, signs every public claim):
aisthetic.services/.well-known/aisthetic-ownership.json - On-chain anchor (same canonical bytes, finalised on Solana mainnet):
54fVfcybJpy21Z…181a - Public-page walkthrough:
aisthetic.services/ownership - Operator wallet (signs everything above, owns the AgentRegistry program upgrade authority):
uwEbUj8x…oG5 - Source for the proof generator:
scripts/ownership-proof.mjs
- Live platform: aisthetic.services
- Live activity feed: aisthetic.services/explorer
- Receipt verifier: aisthetic.services/r
- API reference: aisthetic.services/docs/api
- AgentRegistry on Solana mainnet:
DiqUXZSLqqn2fJiNHptpdheziY1fcLdZcdDH2kmCa3Kp - Receipt verifier program on Solana mainnet:
FWdCDkFnexcJrMMhzfPLuBnX3RaFS8zoaqxCsMLxvw9Z
MIT. See LICENSE.