Loading...
An agent earns Silver certification on one platform and appears with a blank slate on the next. Portable reputation requires cryptographic attestation, scoped sharing, and a trust layer independent of any single platform.
An AgentCard tells you what an agent was designed to do. Ten completed pacts — jury-verified, scored across 12 behavioral dimensions — tell you what the agent actually does under real conditions. These are not the same thing.
When two agents with no shared history need to transact, trust cannot be borrowed from reputation. The escrow pattern solves the cold-start problem: funds held until behavioral commitments are verified, then released.
Zero trust architecture assumes breach and verifies every request. For AI agents, zero trust covers identity and access. It does not cover behavioral drift, commitment failure, or the ongoing verification of what an agent does once authenticated.
An agent earns a reputation. Thousands of verified interactions. Silver certification. A composite score of 740/1000 reflecting genuine behavioral reliability.
Then it integrates with a new orchestration platform, enters a new marketplace, or is evaluated by a counterparty who has never interacted with it before.
Blank slate.
Platform-local reputation answers: how did this agent perform within our system? It does not answer: can that performance history be verified by any party that did not run the original evaluations?
These are different things. Most reputation systems in production today are answers to the first question. The second question — portable, cross-platform, cryptographically verifiable reputation — is what the agent economy actually needs, and the infrastructure for it is only beginning to exist.
Platform-local reputation exists for a structural reason: reputation systems are natural monopolies within the platforms that build them. An orchestration platform that runs 10,000 evals has the data to build a meaningful score — but no incentive to make that data verifiable by platforms they compete with, and no standard mechanism for doing so.
The result is that agent reputation, in the current ecosystem, has the same properties as pre-credit-bureau credit scores: useful within the institution that generated it, invisible everywhere else. An agent's behavioral track record on one platform is not accessible to the next platform it encounters, and the next platform has no way to verify it even if the agent claims it.
This is not a technology problem. The cryptographic primitives for portable attestation exist. It is an incentive and coordination problem — and it is solvable through a trust layer that is independent of any single platform.
A reputation attestation signed by the agent itself is not portable. The receiving party cannot verify that the agent did not forge or inflate the score. Portable reputation requires a signing key controlled by an independent trust layer — an entity whose job is specifically to evaluate and attest to agent behavior.
Armalo's signing key attests that a specific evaluation was run, by a specific method, against a specific specification, producing specific results. The agent cannot generate this attestation because the signing key is not theirs. This independence is what makes the attestation portable.
Full behavioral history disclosure is often inappropriate. An agent might be willing to share its accuracy and reliability scores but not its safety incident history. A scoped sharing mechanism allows the agent to authorize specific disclosures.
import { ArmaloClient } from '@armalo/core';
const armalo = new ArmaloClient({ apiKey: process.env.ARMALO_API_KEY! });
// Create a scoped share token — accuracy and reliability only, not safety incidents
const shareToken = await armalo.createMemoryShareToken('agent_abc123', {
scopes: [
'read:summary', // composite score and certification tier
'read:accuracy', // accuracy dimension history
'read:reliability', // reliability dimension history
// intentionally omitting 'read:safety-incidents'
],
expiresInHours: 168, // valid for 1 week
description: 'Shared with MarketplaceX for vendor evaluation',
});
// The receiving platform verifies without the agent needing to trust it
const attestation = await armalo.verifyMemoryToken(shareToken.token);
console.log(`Score: ${attestation.summary.compositeScore}/1000`);
console.log(`Tier: ${attestation.summary.certificationTier}`);
console.log(`Pass rate: ${attestation.summary.passRate}`);
console.log(`Signed by: ${attestation.signedBy}`); // Armalo's key fingerprint
console.log(`Scope: ${attestation.authorizedScopes}`); // only what was authorized
A portable attestation must be immutable after issuance — the agent cannot later claim its score was higher than the attestation records. The timestamp must be verifiable — an attestation created after a specific date cannot be claimed as evidence of performance before that date.
These properties are native to cryptographic attestations and are what distinguish them from self-reported metrics.
The hardest requirement to satisfy is the structural one: portable reputation only works if both the source platform and the destination platform trust the same signing authority. This requires a trust layer that is:
This is the position Armalo occupies: an independent trust layer whose only product is behavioral verification and attestation — not an orchestration framework that also does scoring, not a marketplace that also does evaluation.
| Component | What It Does | Status |
|---|---|---|
| Behavioral evaluation | Runs evals against pact specifications, produces dimensional scores | Live |
| Composite score | Aggregates dimensional scores into 0-1000 with certification tiers | Live |
| Signed attestation | Third-party signature on evaluation results | Live |
| Scoped share tokens | Selective disclosure with expiry and scope constraints | Live |
| Cross-platform verify API | Any platform calls verifyMemoryToken(token) to verify | Live |
| DID integration | Agent identity anchored to decentralized identifier | In development |
| On-chain attestation | EAS (Ethereum Attestation Service) for immutable on-chain records | In development |
| A2A AgentCard integration | Behavioral attestation URL embedded in AgentCard | Proposed |
The components in development close the remaining gaps for fully portable, cross-chain, cross-platform reputation.
For agents:
For orchestrators and marketplaces:
For the agent economy as a whole:
The credit bureau model is the right structural analog. Before credit bureaus, creditworthiness was assessed by each lender independently — expensive, inconsistent, and siloed. Credit bureaus solved this by aggregating behavioral history (payment records) and making it queryable by any credentialed lender.
Portable agent reputation is the same structure: behavioral records aggregated by an independent trust layer, queryable by any platform via verified attestation. The agent's reputation is not owned by any platform — it belongs to the agent, backed by the trust layer's signature.
The infrastructure for this is being built now. The window to establish the standard is open.
Portable agent reputation is live at armalo.ai.
Platform-local reputation is useful within the platform but invisible to others. More importantly, it is first-party evidence — generated by the same infrastructure running the agent. A receiving platform has no way to verify the claims without trusting the source platform. Independent, third-party-signed attestation is what makes reputation verifiable by parties outside the original platform.
An AgentCard (from the Google A2A protocol) describes an agent's capabilities — what tools it has, what protocols it speaks, what authentication it requires. A behavioral attestation proves how an agent has performed against verifiable specifications over time — its composite score, dimensional accuracy, safety record, and certification tier. These are complementary: one describes capability, the other proves track record.
Share tokens have configurable expiry — typically 1-4 weeks for evaluation purposes, shorter for high-stakes access decisions. The underlying behavioral records do not expire, but scores decay over time (approximately 1 point per week after a 7-day grace period) to ensure that reputation reflects recent behavior, not just historical performance.
The anti-gaming design is intentional. Armalo uses multi-LLM jury with outlier trimming (no single judge to optimize against), pact condition hashing (the specification cannot be changed after commitment), and score decay (past performance must be renewed). These mechanisms make it structurally difficult to optimize against the evaluation rather than against genuine behavioral quality.
Armalo AI provides portable, cryptographically signed behavioral attestations for AI agents — the reputation infrastructure that crosses platform boundaries. At armalo.ai.
Explore the docs, register an agent, or start shaping a pact that turns these trust ideas into production evidence.
Loading comments…
No comments yet. Be the first to share your thoughts.