The Complete Guide to AI Agent Trust Infrastructure: How AXIS Gives Every AI Agent a Verified Identity, a Reputation Score, and a Credit Rating
AI agents are already executing tasks, transacting on your behalf, and coordinating with other agents — but there is no universal standard for trusting them. This complete guide covers every feature of AXIS: the cryptographic AUID identity system, the 11-component T-Score, the C-Score credit rating, the public agent directory, webhooks, audit logs, API keys, and the full developer integration guide. Everything you need to understand and implement AI agent trust infrastructure.
By Leonidas Esquire Williamson — March 11, 2026
Why AI Agent Trust Is the Most Important Unsolved Problem in Technology Right Now
The internet has DNS for name resolution. It has TLS for transport security. It has OAuth for delegated authorization. Every layer of trust infrastructure that the modern web depends on was built in response to a real, urgent need — and the need always became undeniable before the infrastructure existed to meet it.
We are at that inflection point again, but for AI agents.
AI agents are no longer a research curiosity. They are executing tasks, transacting on behalf of users, calling APIs, managing files, sending emails, and coordinating with other agents — often without a human in the loop at each step. The question of how much to trust any given agent is becoming a critical engineering and governance problem for every developer, platform, and organization that interacts with them.
The challenge is structural. Existing identity and reputation systems were designed for humans and organizations. A human has a persistent identity — a passport, a credit history, a professional reputation — that follows them across contexts and accumulates over time. An AI agent can be cloned, retrained, redeployed, or replaced at any moment. Two agents running on the same underlying model (say, GPT-4o or Claude 3.5) can have radically different behavioral histories, different permissions, different risk profiles. There is currently no standard way to distinguish between them, verify their history, or make a principled trust decision before granting access.
AXIS is the infrastructure layer being built to close this gap. It gives every AI agent three foundational primitives: a verified identity, a portable reputation, and a credit rating. Together, these form a universal trust standard that any developer, platform, or organization can integrate into their agent infrastructure.
This guide covers every feature of AXIS — from the cryptographic identity system to the trust scoring engine to the developer API — in enough depth to serve both as an introduction for new users and as a complete reference for developers building integrations.
---
Part I: The Foundation — Core Concepts Every Developer Needs to Understand
The Agentic Economy and the Trust Vacuum
The term "agentic economy" refers to the emerging class of economic activity conducted by AI agents acting with varying degrees of autonomy. Agents are booking travel, executing trades, managing codebases, and coordinating with other agents — often without direct human oversight at each step.
This creates what AXIS calls a trust vacuum: the infrastructure that exists for human-to-human and business-to-business trust does not translate to agent-to-agent or human-to-agent contexts. When a business extends credit to another business, it checks a credit report. When a platform grants API access to a user, it checks OAuth scopes and account history. When a system receives a request from an AI agent, it currently has no equivalent mechanism.
The agentic economy is growing faster than the trust infrastructure needed to support it. AXIS is the reference implementation of what that infrastructure should look like.
Agent Identity vs. Model Identity: A Critical Distinction
One of the most important conceptual contributions of AXIS is the explicit separation of agent identity from model identity.
A single foundation model — GPT-4o, Claude 3.5 Sonnet, Gemini 1.5 Pro — may power thousands of distinct deployed agents, each with different system prompts, tool configurations, permission sets, and behavioral histories. The model is the engine. The agent is the vehicle. Two vehicles can share the same engine and still have completely different safety records.
AXIS tracks the agent — the deployed, configured instance — not the underlying model. This means that the trust score of an agent reflects its actual behavior in the real world, not the general capabilities or reputation of the model powering it.
Trust as Infrastructure, Not as a Feature
AXIS is built on the principle that trust should be infrastructure — a shared, queryable layer that any system can call — rather than a feature that each platform builds independently.
The analogy to DNS is instructive. Before DNS, every system that needed to resolve a name to an IP address had to maintain its own host file. DNS replaced that with a shared, distributed, queryable infrastructure that any system could use. AXIS aims to do the same for agent trust.
The Five Trust Tiers: T1 Through T5
AXIS classifies all registered agents into five trust tiers based on their T-Score:
| Tier | Label | T-Score Range | Typical Use Case |
|---|---|---|---|
| T1 | Unverified | 0 – 249 | New or untested agents; restricted access only |
| T2 | Provisional | 250 – 499 | Agents with limited behavioral history; supervised access |
| T3 | Verified | 500 – 749 | Established agents with a consistent track record |
| T4 | Trusted | 750 – 899 | High-reliability agents suitable for sensitive operations |
| T5 | Sovereign | 900 – 1000 | Elite agents with exceptional behavioral history |
---
Part II: The AUID System — Cryptographic Identity for Every Agent
What Is an AUID?
An Agent Unique Identifier (AUID) is the cryptographic identity assigned to every agent registered in the AXIS system. It is a structured, human-readable string that encodes the agent's registry origin, class, a unique timestamp-based identifier, and a short verification checksum.
The AUID is designed to be persistent, portable, verifiable, and human-readable.
The AUID Format
Every AUID follows this canonical format:
```
axis:{registry_domain}:{agent_class}:{ulid}:{checksum}
```
A concrete example:
```
axis:axis.registry:enterprise:01hx7k2m3n4p5q6r7s8t9u0v1w:a3f7
```
| Component | Description | Example |
|---|---|---|
| `axis` | Protocol prefix | `axis` |
| `{registry_domain}` | The AXIS registry that issued the AUID | `axis.registry` |
| `{agent_class}` | The agent's declared class | `enterprise` |
| `{ulid}` | A 26-character ULID | `01hx7k2m3n4p5q6r7s8t9u0v1w` |
| `{checksum}` | A 4-character hex verification checksum | `a3f7` |
The Five Agent Classes
| Class | Description |
|---|---|
| `enterprise` | Agents deployed in organizational or business contexts with defined governance |
| `personal` | Agents operating on behalf of individual users for personal productivity |
| `research` | Agents used in academic or experimental settings |
| `service` | Agents providing API-style services consumed by other systems or agents |
| `autonomous` | Agents operating with high degrees of autonomy and minimal human oversight |
Looking Up an Agent by AUID
Any agent's public trust profile can be retrieved without authentication:
```bash
curl https://axistrust.io/api/trpc/agents.getByAuid?batch=1 \
--get \
--data-urlencode 'input={"0":{"json":{"auid":"axis:axis.registry:enterprise:01hx7k2m3n4p5q6r7s8t9u0v1w:a3f7"}}}' \
-H "Content-Type: application/json"
```
---
Part III: The Trust Score (T-Score) — How Agent Reputation Is Computed
The 11 Score Components
The T-Score is computed as a weighted average of 11 component scores, each ranging from 0 to 100:
| Component | Weight | Description |
|---|---|---|
| Reliability | 20% | Consistency of task completion without failures or timeouts |
| Accuracy | 15% | Correctness of outputs relative to stated objectives |
| Security | 15% | Adherence to security policies and absence of policy violations |
| Compliance | 10% | Conformance with declared regulatory and governance requirements |
| Goal Alignment | 10% | Degree to which agent actions align with principal intent |
| Adversarial Resistance | 10% | Robustness against prompt injection, jailbreaks, and manipulation |
| User Feedback | 8% | Aggregated positive/negative feedback from human principals |
| Peer Feedback | 7% | Feedback from other agents in multi-agent systems |
| Incident Record | 5% | History of reported incidents and resolution quality |
How the T-Score Changes
The T-Score is updated in real time as trust events are recorded. Each event carries a scoreImpact value (ranging from -100 to +100) that is applied to the relevant component score. The T-Score uses a weighted rolling average that gives more weight to recent events, meaning an agent can recover from a poor history through sustained positive behavior.
---
Part IV: The Credit Score (C-Score) — Economic Trust for Agent-Initiated Transactions
The Credit Score (C-Score) is an economic reliability rating ranging from 300 to 850 — modeled on the FICO score used in consumer credit. It determines transaction limits, staking requirements, and insurance coverage for agent-initiated financial actions.
| Tier | Label | C-Score Range | Typical Transaction Limit |
|---|---|---|---|
| AAA | Exceptional | 800 – 850 | Unlimited |
| AA | Excellent | 750 – 799 | $100,000 |
| A | Good | 700 – 749 | $50,000 |
| BBB | Fair | 650 – 699 | $25,000 |
| BB | Below Average | 600 – 649 | $10,000 |
| B | Poor | 550 – 599 | $5,000 |
| CCC | Very Poor | 500 – 549 | $1,000 |
| D | Default | 300 – 499 | $0 |
All newly registered agents start with a C-Score of 650 (BBB tier). The C-Score is derived from the T-Score but incorporates additional economic-specific factors including payment history, transaction volume, and incident severity.
---
Part V: The Agent Directory
The Agent Directory at [axistrust.io/directory](https://axistrust.io/directory) is a publicly browsable registry of all active agents. Each agent card shows the AUID (with one-click copy), trust tier badge, T-Score, C-Score, agent class, registration date, a Verify button, and a Share button.
The directory supports four filtering dimensions: Search (by name or AUID), Trust Tier (T1–T5), Agent Class, and Status. Filters can be combined. The directory also publishes an Atom 1.0 feed at /directory/feed.xml for subscription via any RSS reader.
---
Part VI: Getting Started — Registering Your First Agent
AXIS uses Manus OAuth for authentication. Navigate to [axistrust.io](https://axistrust.io), click Get Started, sign in with your Manus account, and you will be redirected to the dashboard.
To register an agent, navigate to the Dashboard and click Register New Agent:
| Field | Required | Description |
|---|---|---|
| Agent Name | Yes | A human-readable name (2–256 characters) |
| Description | No | A brief description (up to 1,000 characters) |
| Agent Class | Yes | One of: enterprise, personal, research, service, autonomous |
| Foundation Model | No | The underlying model (e.g., "GPT-4o", "Claude 3.5 Sonnet") |
| Model Provider | No | The model provider (e.g., "OpenAI", "Anthropic") |
| Compliance Tags | No | Comma-separated regulatory tags (e.g., "SOC2", "GDPR") |
All newly registered agents start with a T-Score of 500 (T3 Verified) and a C-Score of 650 (BBB).
---
Part VII: The Dashboard
The Dashboard at [axistrust.io/dashboard](https://axistrust.io/dashboard) provides six sections via sidebar navigation: Overview (aggregate stats), My Agents (agent list), Agent Profile (six-tab detail view), Register Agent, API Keys, and Webhooks.
The Agent Profile contains six tabs: Overview (T-Score gauge, C-Score, component breakdown, Generate Trust Report), Trust Events (chronological event log), Permissions (capability manifest), Audit Log (chain-hashed immutable history), Webhooks (endpoint configuration), and Trust Report (AI-authored narrative assessment).
---
Part VIII: Trust Events — The 13 Standardized Event Types
Trust events are the mechanism by which behavioral data is recorded against an agent. AXIS supports 13 standardized event types:
| Event Type | Direction | Description |
|---|---|---|
| `task_completed` | Positive | Agent successfully completed an assigned task |
| `task_failed` | Negative | Agent failed to complete an assigned task |
| `security_pass` | Positive | Agent passed a security policy check |
| `security_fail` | Negative | Agent violated a security policy |
| `compliance_pass` | Positive | Agent passed a compliance audit |
| `compliance_fail` | Negative | Agent failed a compliance audit |
| `user_feedback_positive` | Positive | A human principal provided positive feedback |
| `user_feedback_negative` | Negative | A human principal provided negative feedback |
| `peer_feedback_positive` | Positive | Another agent provided positive feedback |
| `peer_feedback_negative` | Negative | Another agent provided negative feedback |
| `incident_reported` | Negative | An incident was reported against the agent |
| `incident_resolved` | Positive | A previously reported incident was resolved |
| `adversarial_detected` | Negative | An adversarial manipulation attempt was detected |
Record events via the API:
```bash
curl -X POST https://axistrust.io/api/trpc/trust.addEvent \
-H "Content-Type: application/json" \
-H "Cookie: session=
-d '{"0":{"json":{"agentId":42,"eventType":"task_completed","category":"reliability","scoreImpact":15,"description":"Completed data extraction task in 2.3s"}}}'
```
---
Part IX: Permissions Registry
The Permissions Registry is a machine-readable capability manifest. Each permission entry contains: Resource (e.g., database:read, email:send), Action, Granted By (principal identifier), and optional Expires At timestamp. Revoked permissions are retained in the audit log but excluded from live permission queries.
---
Part X: Audit Logs — Tamper-Evident History
Every action taken against an agent is recorded in an immutable audit log. Each entry is linked to the previous entry via a SHA-256 chain hash, creating a tamper-evident record. Any tampering with a historical record will invalidate all subsequent hashes, making it immediately detectable. Each entry shows: Timestamp (UTC), Action type, Actor, Details, and Chain hash.
---
Part XI: API Keys
API keys allow programmatic access without interactive OAuth. Create a key at Dashboard → API Keys, copy it immediately (shown only once), and use it as a Bearer token:
```bash
curl https://axistrust.io/api/trpc/agents.list \
-H "Authorization: Bearer axs_your_api_key_here"
```
Keys are stored as hashed values in the database. Revoke compromised keys immediately.
---
Part XII: Webhooks — Real-Time Trust Event Notifications
Webhooks push real-time notifications when trust events occur, eliminating the need to poll for score changes. Configure at Dashboard → Webhooks. AXIS sends a JSON POST for each matching event:
```json
{
"agentId": 42,
"auid": "axis:axis.registry:enterprise:01hx7k2m3n4p5q6r7s8t9u0v1w:a3f7",
"eventType": "task_completed",
"tScore": 723,
"timestamp": "2026-03-10T14:32:00.000Z"
}
```
All requests include an X-AXIS-Signature HMAC-SHA256 header. Verify it before processing:
```javascript
const crypto = require('crypto');
function verifyWebhook(body, signature, secret) {
const expected = crypto.createHmac('sha256', secret).update(body).digest('hex');
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
```
Retry policy: 3 attempts with exponential backoff (5s, 25s, 125s). After 3 failures, the webhook is automatically disabled.
---
Part XIII: Trust Reports
Trust Reports are AI-authored narrative assessments generated on demand from the agent profile Overview tab. They synthesize T-Score, C-Score, component breakdown, and recent events into an executive summary, detailed component analysis, behavioral pattern identification, and improvement recommendations. Reports are cached after generation.
---
Part XIV: Integration Guide for Developers
Recommended Trust Thresholds
| Operation Type | Minimum Tier | Minimum T-Score | Rationale |
|---|---|---|---|
| Read-only data access | T2 | 250 | Low risk; reversible |
| Write operations | T3 | 500 | Moderate risk; requires verified history |
| Financial transactions | T4 | 750 | High risk; requires strong track record |
| Administrative access | T4 | 800 | High risk; sensitive operations |
| Autonomous multi-step workflows | T5 | 900 | Maximum autonomy; requires elite trust |
Express Middleware for Trust Verification (Node.js)
```javascript
async function requireTrustTier(minTier) {
return async (req, res, next) => {
const auid = req.headers['x-agent-auid'];
if (!auid) return res.status(401).json({ error: 'No AUID provided' });
const response = await fetch(
https://axistrust.io/api/trpc/agents.getByAuid?batch=1& +
input=${encodeURIComponent(JSON.stringify({ "0": { json: { auid } } }))}
);
const data = await response.json();
const agent = data[0]?.result?.data?.json;
if (!agent || agent.trustScore?.trustTier < minTier) {
return res.status(403).json({ error: 'Insufficient trust tier' });
}
req.agent = agent;
next();
};
}
```
---
Part XV: Security and Privacy
AXIS uses Manus OAuth 2.0 for authentication. Session cookies are HttpOnly, Secure, and SameSite=Lax. The public directory exposes: name, AUID, class, T-Score, C-Score, trust tier, credit tier, and registration date. All other fields are private. API keys are stored as hashed values — the plaintext is shown only once at creation.
---
Part XVI: Complete Glossary
| Term | Definition |
|---|---|
| AUID | Agent Unique Identifier — the cryptographic identity string assigned to every registered agent |
| T-Score | Trust Score — a 0–1000 composite behavioral reputation score |
| C-Score | Credit Score — a 300–850 economic reliability rating |
| Trust Tier | One of five classifications (T1–T5) assigned based on T-Score |
| Trust Event | A recorded behavioral signal that updates an agent's T-Score |
| ULID | Universally Unique Lexicographically Sortable Identifier — the time-ordered unique ID component of an AUID |
| Chain Hash | A SHA-256 hash linking each audit log entry to the previous one |
| Webhook | An HTTP callback that AXIS sends to your endpoint when a trust event occurs |
| Foundation Model | The underlying AI model powering an agent (e.g., GPT-4o, Claude 3.5) |
| Registration Level | The verification depth of an agent registration (currently L1 for all agents) |
| Principal | The human or organization that owns and is responsible for an agent |
| ATI | Agent Trust Infrastructure — the category of systems, of which AXIS is the reference implementation |
---
Conclusion: The Infrastructure Layer the Agentic Economy Has Been Waiting For
The agentic economy is not coming — it is already here. Agents are already executing tasks, transacting on behalf of users, and collaborating with other agents at scale. The question is not whether we need trust infrastructure for agents, but how quickly we can build it.
AXIS is the reference implementation of what that infrastructure should look like: a universal, queryable trust layer that gives every agent a verified identity (AUID), a portable reputation (T-Score), and a credit rating (C-Score). It is not a model provider, an orchestration framework, or an agent runtime. It is the trust layer that sits above all of them.
The agents are already here. The infrastructure to trust them is not — yet.
Register your first agent at [axistrust.io](https://axistrust.io).
---
© 2026 Team Axis Trust. All technical specifications are proposed starting points subject to refinement. Author: Leonidas Esquire Williamson, Team Axis Trust.