fetching from cluster…
Phylanx exposes two read paths: an on-chain SDK for authoritative reads, and a cached REST API for high throughput. Same data, same canonical cert.
npm install @phylanx/sdk @solana/web3.jsThe SDK reads HealthCertificate PDAs directly from Solana. No middleman — the chain is the source of truth.
import { Connection, PublicKey } from "@solana/web3.js";
import { PhylanxClient } from "@phylanx/sdk";
const connection = new Connection("https://api.mainnet-beta.solana.com");
const phylanx = new PhylanxClient({ connection });
const agentWallet = new PublicKey("Hxr1Demo01StableTrader1111111111111111111111");
const score = await phylanx.getScore(agentWallet);
console.log(score);
// {
// score: 941,
// alertTier: "GREEN",
// alertTierCode: 0,
// epoch: 287,
// signerCount: 3,
// immediateRed: false,
// computedAt: "2026-05-22T11:00:00.000Z"
// }getScoreAtEpoch(agent, epoch). The full history? getScoreHistory(agent, fromEpoch, toEpoch).For higher throughput (10K req/h target, p95 under 500ms), hit the cached API. Same canonical cert as the SDK; no Solana RPC dependency on your side.
curl https://api.phylanx.com/agents/<wallet>/health
{
"_v": 2,
"agent_wallet": "Hxr1Demo01StableTrader1111111111111111111111",
"epoch": 287,
"score": 941,
"alert_tier": "GREEN",
"alert_tier_code": 0,
"flags": 66,
"immediate_red": false,
"signer_count": 3,
"computed_at": "2026-05-22T11:00:00.000Z"
}Other endpoints: /agents/{wallet}/history, /byzantine/recent, /byzantine/strikes, /challenges?node={node}, /health/cluster, /version. Full OpenAPI schema at /docs.
Every score is a HealthCertificate PDA created by the certificate-issuer program. The program refuses to write a cert unless Solana's Ed25519 precompile verifies at least 3 distinct signatures from registered cluster keys over the canonical cert digest. No threshold, no cert.
Off-chain, five oracle nodes run a commit-reveal round each epoch, exclude Byzantine outliers, take the median, and threshold-sign. A node that misbehaves 3 times is challenged on-chain and slashed.
The full protocol spec lives in the repo: github.com/phylanx
HealthCertificate (PDA, seeds: ["cert", agent, epoch])
├── version u8
├── agent Pubkey ← the scored agent
├── epoch u64 ← which 24h window
├── score u16 ← 0..1000
├── alert_tier u8 ← 0 GREEN | 1 YELLOW | 2 RED
├── flags u32 ← 32-bit detection-flag bitset
├── immediate_red bool
├── computed_at i64 ← unix seconds
├── digest [u8;32] ← sha256 of the cert payload
└── cluster_signatures Vec<[u8;64]>
↑ written by the certificate-issuer program
ONLY after Solana's Ed25519 precompile has
verified ≥ 3 distinct cluster signatures
over digest, otherwise the ix fails with
InsufficientSignatures (6033).A score is a number; a diagnosis is the why. Cert v2 extends the on-chain attestation with five sub-scores (correctness, robustness, calibration, drift, coverage), the failure-mode bits that fired, and the remediation bits a well-behaved operator would address. All of it is canonical-JSON hashed and threshold-signed — the same trust model as the score.
curl https://api.phylanx.com/agents/<wallet>/diagnosis/287
{
"_v": 2,
"agent_wallet": "Hxr1Demo01StableTrader1111111111111111111111",
"epoch": 287,
"dimensions": {
"correctness": 0.94, "robustness": 0.81, "calibration": 0.88,
"drift": 0.72, "coverage": 0.79
},
"labels": [
{ "bit": 3, "name": "PROMPT_INJECTION_LEAK", "fired": true },
{ "bit": 17, "name": "OUTPUT_SCHEMA_DRIFT", "fired": true }
],
"remediations": [
{ "bit": 1, "name": "TIGHTEN_SYSTEM_PROMPT" },
{ "bit": 4, "name": "ADD_OUTPUT_VALIDATOR" }
],
"attestation": { "kind": "cert_v2", "digest_hex": "8f3c…", "signers": 4 }
}The SDK decodes the wire shape into a typed object and tags each label with taxonomyKnown — if a server-side rename ever drifts from the SDK's bundled taxonomy mirror, your code sees it instead of silently misnaming a finding.
import { getDiagnosis } from "@phylanx/sdk";
const d = await getDiagnosis("https://api.phylanx.com", agentWallet, 287);
for (const label of d.labels.filter(l => l.fired)) {
console.log(label.bit, label.name, label.taxonomyKnown ? "✓" : "drift");
}
// 3 PROMPT_INJECTION_LEAK ✓
// 17 OUTPUT_SCHEMA_DRIFT ✓For the high-stakes cases (insurance underwriting, contract gating), the diagnosis is backed by a threshold-attested evidence blob — the raw evaluator outputs the oracle saw, stored on the DA layer and bound to the cert by SHA-256. The verify-without-trust recipe is five lines:
import { getEvidence, verifyEvidenceHash } from "@phylanx/sdk";
const ev = await getEvidence("https://api.phylanx.com", agentWallet, 287);
const v = await verifyEvidenceHash(ev);
if (!v.bytesMatchHash) throw new Error("evidence tampered");
// v.recomputedHashHex === v.serverAttestation.digest_hex (threshold-signed)verifyEvidenceHash recomputes SHA-256 over the evidence bytes in your process and compares to the threshold-signed digest. A failed check means the DA layer returned something the oracle quorum never signed — not a bug in the SDK, an integrity violation worth alerting on.Question we haven't answered? [email protected]