Agent uses its scoped permission to swap.
Pick an agent, a target program, and an amount. We read the agent's agent.capabilities permission JSON live from devnet, run the same checks a real relayer would (allowed call · within spend cap · not expired), and then either fire a real Solana memo logging the gated action — or visibly reject.
A keypair "agent" with full wallet access is a liability. The SNSIP permission tuple lets the parent .sol issue a scoped session: only call X, only spend Y per period, only until Z. Revoke = burn the parent .sol or rewrite the record. Borrows from the ENS hackathon's ENSign primitive — but on Solana you can do it in one signed memo, no L1 gas.
An agent's permission is scoped: only call X, only spend Y per period, only until Z. We read the JSON live and enforce it before the action lands.
Bounty text addressed: “Build the onchain identity layer and source of trust using .sol for autonomous agent on Solana.”