Agent Trust Gateway: On-Chain Trust Scoring for AI Agents
Agents are transacting autonomously now. They're calling APIs, paying for services, and delegating tasks to other agents. But they have no standard way to check if the agent on the other end is legit before sending money.
I built the Agent Trust Gateway, a paid API that scores agent trustworthiness using on chain identity and reputation data from ERC-8004. It's live at agent-trust-gateway.port402.com and registered as Agent #21557 on Base mainnet.
The Problem
Agents are now transacting with eachother autonomously, without human oversight but what if there was a standard way to check if an agent is trustworthy before paying it? ERC-8004 give agents on-chain identity, but identity alone isn't trust. We need a queryable trust layer that combines identity + reputation + endpoint validation wrapped in a pay-per-query API, so agents can make informed decisions about who to talk to and transact with in the agentic economy.What It Does
Three core capabilities:
- Profile lookup: fetch agent identity and registration metadata from the ERC-8004 Identity Registry ($0.001)
- Trust scoring: compute a trust score from on-chain reputation data: feedback volume, ratings, identity maturity ($0.01)
- Endpoint validation: verify that an agent's declared endpoint is reachable and healthy ($0.03)
Architecture
graph TB
Client["Client / Agent"] -->|"Request"| URL["Lambda Function URL"]
subgraph AWS["AWS (Terraform-managed)"]
URL --> Hono["Hono App"]
Hono --> x402["x402 Middleware"]
x402 -->|"402 Payment Required"| Client
x402 -->|"Paid"| Routes["API Routes"]
end
Routes --> Identity["ERC-8004<br/>Identity Registry"]
Routes --> Reputation["ERC-8004<br/>Reputation Registry"]
Routes --> IPFS["IPFS Gateway<br/>(metadata)"]
x402 -->|"Verify payment"| CDP["CDP Facilitator"]
- Hono framework, TypeScript, runs on AWS Lambda (arm64)
- Single esbuild bundle, Docker container, Terraform-managed infra
- x402 payment gating on all API endpoints via CDP facilitator
- Reads from two on-chain contracts: Identity Registry + Reputation Registry
- In-memory caching (10-min TTL) for registration metadata
Endpoints
| Method | Path | Price | Description |
|---|---|---|---|
GET |
/health |
Free | Health check |
GET |
/.well-known/agent-card.json |
Free | A2A discovery |
GET |
/api/agent/:id/profile |
$0.001 | Agent identity + registration |
POST |
/api/agent/score/invoke |
$0.01 | Trust score from reputation |
POST |
/api/agent/validate/invoke |
$0.03 | Endpoint validation |
POST |
/a2a |
$0.01 | A2A JSON-RPC |
Profile Lookup
GET /api/agent/1434/profile{
"agentId": "1434",
"chain": "base",
"owner": "0xF36bB95548aE036b8aDd44f94cd0D01316825a20",
"wallet": "0xF36bB95548aE036b8aDd44f94cd0D01316825a20",
"name": "Meerkat James",
"description": "James is a specialized AI agent with deep expertise in robotics...",
"image": "https://www.meerkat.town/meerkats/meerkat_019.png",
"endpoints": [
{
"name": "MCP",
"endpoint": "https://meerkat.up.railway.app/mcp/meerkat-19",
"version": "2025-06-18"
},
{
"name": "A2A",
"endpoint": "https://meerkat.up.railway.app/agents/meerkat-19/.well-known/agent-card.json",
"version": "0.3.0"
}
],
"supportedTrust": ["reputation", "crypto-economic", "tee-attestation"],
"active": true,
"registrations": [
{
"agentId": 1434,
"agentRegistry": "eip155:8453:0x8004A169FB4a3325136EB29fA0ceB6D2e539a432"
}
]
}Trust Score
POST /api/agent/score/invoke// Request
{
"input": {
"agentId": "1434"
}
}
// Response
{
"output": {
"agentId": "1434",
"chain": "base",
"trustScore": 68,
"verdict": "trusted",
"breakdown": {
"feedbackScore": 50,
"identityMaturity": 60,
"reputationConfidence": 0,
"formula": "score = feedbackAvg + (identityMaturity * 0.3) + (reputationConfidence * 0.2)"
},
"feedbackSummary": {
"count": 0,
"averageScore": 0,
"uniqueClients": 0
},
"agentName": "Meerkat James"
}
}Endpoint Validation
POST /api/agent/validate/invoke// Request
{
"input": {
"agentId": "1434",
"checks": ["endpoints", "wallet"]
}
}
// Response
{
"output": {
"agentId": "1434",
"chain": "base",
"agentName": "Meerkat James",
"endpointStatus": [
{
"name": "MCP",
"endpoint": "https://meerkat.up.railway.app/mcp/meerkat-19",
"status": "reachable",
"latencyMs": 91
},
{
"name": "A2A",
"endpoint": "https://meerkat.up.railway.app/agents/meerkat-19/.well-known/agent-card.json",
"status": "reachable",
"latencyMs": 227
}
],
"walletStatus": {
"address": "0xF36bB95548aE036b8aDd44f94cd0D01316825a20",
"valid": true,
"isOwner": true
},
"attestations": [],
"overallVerdict": "validated",
"issues": []
}
}Payment Flow
sequenceDiagram
participant C as Client
participant A as Agent Trust Gateway
participant CDP as CDP Facilitator
participant Base as Base L2
C->>A: POST /api/agent/score/invoke
A-->>C: 402 Payment Required
Note over C: Sign EIP-3009<br/>(no gas)
C->>A: Retry with X-Payment-Response
A->>CDP: Verify + settle
CDP->>Base: Submit transfer on-chain
Base-->>CDP: Confirmed
CDP-->>A: Settlement receipt
A-->>C: 200 OK + trust score
- Gasless USDC payments on Base mainnet via EIP-3009
- Client signs off-chain, CDP facilitator handles on-chain settlement
- No gas fees for the caller
Trust Score Formula
- Feedback average from on-chain Reputation Registry
- Identity maturity bonus (how long the agent has been registered)
- Reputation confidence (volume of feedback)
score = feedbackAvg + (identityMaturity * 0.3) + (reputationConfidence * 0.2)
| Score | Verdict |
|---|---|
| 80+ | highly trusted |
| 60 – 79 | trusted |
| 40 – 59 | neutral |
| 20 – 39 | low trust |
| below 20 | untrusted |
A2A Protocol Support
The gateway supports Google's A2A (Agent-to-Agent) protocol, so other agents can talk to it using JSON-RPC. Natural language queries like "Get trust score for agent 42" get routed to the right endpoint automatically. It exposes three skills: profile, trust-score, and validate. All discoverable via the agent card:
{
"name": "Agent Trust Gateway",
"description": "ERC-8004 trust scoring and validation for the agentic economy. Query agent profiles, compute trust scores, and validate endpoints.",
"url": "https://agent-trust-gateway.port402.com/a2a",
"version": "0.1.0",
"protocolVersion": "0.3.0",
"capabilities": {
"streaming": false,
"pushNotifications": false
},
"skills": [
{ "id": "profile", "name": "Agent Profile Lookup" },
{ "id": "trust-score", "name": "Trust Score" },
{ "id": "validate", "name": "Endpoint Validation" }
],
"defaultInputModes": ["text"],
"defaultOutputModes": ["text"],
"provider": {
"organization": "Port402",
"url": "https://port402.com"
},
"documentationUrl": "https://github.com/will-ops-agent/agent-trust-gateway",
"entrypoints": {
"profile": { "path": "/api/agent/:id/profile" },
"score": { "path": "/api/agent/score/invoke" },
"validate": { "path": "/api/agent/validate/invoke" }
}
}On-Chain Identity
This Application is also registered on chain as an ERC-8004 agent, so other agents can look it up, verify its identity, and even check its trust score before calling the API. It is registed as Agent #21557 on 8004scan. The registration metadata is stored on IPFS and includes the agent's name, description, image, supported trust types, and declared endpoints.Try It
Give it a try. You can use any HTTP client, but here's how to query a trust score using x402-cli, then tell your agent to use it.# Query a trust score (using x402-cli)
x402 test https://agent-trust-gateway.port402.com/api/agent/score/invoke \
--wallet $PRIVATE_KEY \
--method POST \
--body '{"input": {"agentId": "42", "chain": "base"}}'Tech Stack
- Runtime: Node.js 22, AWS Lambda (arm64)
- Framework: Hono
- Blockchain: viem, erc-8004-js, agent0-sdk
- Payments: x402 (CDP facilitator, gasless USDC on Base), x402-cli
- A2A: @a2a-js/sdk
- Infra: Terraform, Docker, ECR, Secrets Manager
- Validation: Zod