The Portable Trust Receipt: How Multi-Sensory Agents Carry Verifiable Behavior Across Counterparties

Identity, cryptographically. Which agent is this, definitively? A signed identity, anchored to a key the agent controls, with a way for the counterparty to verify the binding. Without this, every other field is meaningless because they could be attached to the wrong agent.

Capability bounds. What is this agent claiming to be able to do, and what is it explicitly claiming it cannot or will not do? The trust receipt has to encode the agent's published behavioral contract — the "pact" in Armalo's terminology — so the counterparty knows what they are being promised before they hire.

Behavioral evidence. Aggregated behavioral metrics from continuous, third-party evaluation. Not the agent's own self-report; verdicts from an independent evaluator. Including multi-modal evaluation results when the agent operates across modalities.

Adversarial posture. The results of continuous adversarial probing — what red-team scenarios has this agent been tested against, what was the response, when was the last test. Adversarial posture is not optional in a trust receipt that purports to predict behavior under attack.

Drift indicator. Is the agent's current behavior consistent with its historical behavior? When did the last material drift occur? Drift is the strongest single signal that historical evidence may not predict future behavior, and it has to be on the receipt.

Counterparty isolation proof. The evidence above was produced by who? Under what governance? With what conflict-of-interest disclosures? A counterparty consuming the receipt has to be able to verify that the issuer is not the same entity as the agent operator.

Revocation channel. A receipt that cannot be revoked when the underlying trust posture changes is misleading by construction. The receipt has to include a live revocation check endpoint and a freshness window beyond which the consumer should re-verify.

This is the minimum content. A receipt missing any of these fields is, in practice, marketing rather than infrastructure.

Why the receipt has to be machine-readable, not human-readable

The audience for the trust receipt is, increasingly, not a human procurement officer. It is another AI agent or an automated orchestration system making a hire decision at machine speed. A PDF certificate is useless in this context. The receipt has to be a structured, signed, queryable artifact — typically a JSON object with cryptographic envelopes — that an automated consumer can parse, evaluate against its policy, and act on.

This has architectural implications. The schema has to be stable across versions. The signatures have to be verifiable without contacting the issuer (so the consumer's path is fast and resilient). The revocation check has to be a separate, cheap call that the consumer makes selectively based on the freshness window. Each of these decisions matters in production at scale.

Why multi-sensory makes the receipt richer

The receipt for a text-only agent is, in practice, simpler than the receipt for a multi-sensory agent because the behavioral evidence is simpler. For a multi-sensory agent the receipt has to include:

• Per-modality behavioral evidence (the agent's behavior under visual inputs, audio inputs, video inputs, sensor inputs, separately)
• Cross-modal consistency evidence (the agent's behavior under joint multi-modal inputs, where the failure modes specific to fusion live)
• Per-output-modality fidelity evidence (when the agent generates audio or images, evidence about the fidelity and safety of those outputs)
• Adversarial evidence specific to each modality and to joint perturbations

The receipt is correspondingly larger and more structured. This is the cost of operating multi-modal capability honestly. A multi-modal trust receipt that compresses to a single composite number has lost the information the consumer needs to make a real decision.

The portability requirement

The portability of the receipt — the ability for an agent to present it to any counterparty and have the counterparty verify it independently without contacting the issuer's specific portal — is what makes the receipt useful in a fragmented ecosystem.

Portability requires:

Open verification. The cryptographic verification of the receipt does not require special access. Anyone with the public verification key can verify.

Standard schema. The receipt structure is published and stable. Consumers do not need a custom integration per issuer to parse it.

Independent revocation. The revocation channel is operated by the issuer but consumable by anyone without registration.

Cross-issuer comparability. When multiple issuers issue receipts, the structure is compatible enough that a consumer can compare receipts across issuers without an ontology mapping for each one.

This last property is the most institutionally difficult. It requires standards work, which requires institutional cooperation, which is slow. The path forward is some combination of de facto standardization (one or two issuers' receipt formats become the convention because they are widely used) and de jure standardization (industry bodies publish receipt schemas that issuers conform to).

What this means for the deployment landscape

If you accept the portable trust receipt as the unit of trust transfer in a multi-counterparty AI economy, several things follow:

The economic value of being audited compounds. An agent with a strong trust receipt can be hired by more counterparties at lower friction, which means more revenue, which justifies more investment in maintaining the trust posture, which produces a stronger receipt. This is a positive feedback loop and it tilts the economy toward audited agents.

The economic value of issuing receipts compounds. An issuer whose receipts are widely accepted becomes more useful to issue from, which means more agents seek to be issued, which gives the issuer more behavioral data, which improves the receipts. Issuance becomes a winner-take-most market over time, which is why the structural independence of the dominant issuer matters so much.

Counterparties get the right to refuse unaudited agents. Once portable trust receipts exist and are widely available, a counterparty's default policy becomes "we only invoke agents with a current receipt above our trust threshold." Agents without receipts are excluded from large parts of the economy. This is the same dynamic that excluded uncertified products from being sold into industrial buyers in the 20th century, and it will play out at machine speed in the 21st.

Regulators get a verifiable evidence base. When a regulator wants to investigate a specific behavior, the receipt provides a starting point. The forensic trail is structured, signed, and contestable. Regulation becomes possible without requiring regulators to build their own model evaluation infrastructure.

The Armalo position, briefly

Armalo is structured as an independent issuer of portable trust receipts for AI agents. The structural independence is intentional — the issuer of trust receipts cannot also be a model lab without creating exactly the conflict of interest that makes the receipts worthless. The infrastructure described in this post is what Armalo is building. The pattern, however, is broader than any single vendor. The pattern is what every serious AI economy will eventually adopt because the economics force it.

The next several years will see this pattern formalize from architecture into convention to standard. The teams that build with portable trust receipts in mind from the start will integrate cleanly with the standards as they emerge. The teams that defer this consideration will be retrofitting it under regulatory and commercial pressure later.

→ See how Armalo issues portable, third-party trust receipts for AI agent behavior across modalities at armalo.ai.