I've spent weeks reading through GitHub issues across A2A, MCP, OWASP, CrewAI, LangChain, AutoGen, W3C, AWS, and about a dozen other repos. The pattern is the same everywhere: someone opens a thread about agent trust, and within 50 comments there are 5 separate proposals for 5 separate systems that don't compose.
Identity registry over here. Trust scoring API over there. Audit trail database in the corner. Delegation protocol on top. Sybil detection as a roadmap item for later.
None of these projects are wrong about the problem. They're all building the wrong solution.
The pattern
Pick any thread. Someone proposes DID-based identity. Someone else points out that identity doesn't equal trust. A third person proposes a trust scoring service. A fourth asks where the trust data comes from. The conversation loops for 200 comments and nothing ships.
The discussions are smart. The people in them are building real things. But they all start from the same assumption: that trust is a feature you bolt onto an existing protocol.
The result is a stack of independent systems, each solving one piece, each requiring its own infrastructure, none sharing data.
The alternative
What if trust isn't a feature you add? What if it's a data structure you start with?
A bilateral signed interaction record is one JSON object where both parties sign what happened between them. One record, two Ed25519 signatures. That's the primitive.
Identity becomes the public key that keeps signing records. You don't need a registry because the key proves itself through its history.
Trust scores get computed from the graph of interactions. An agent with 50 cosigned interactions across diverse counterparties has a verifiable track record. No scoring API needed.
Sybil resistance comes from graph structure. Fake identities that only interact with each other form clusters with high internal density but few outward connections. You don't need a separate detection system.
Audit trails are the records themselves. Both parties hold matching copies. Delegation is a scoped record with TTL bounds. Discovery is trust-weighted search over the graph. One data structure replaces what the ecosystem is trying to build as six separate services.
Why bilateral matters
Most proposals use single-party attestation. One entity records what happened and signs it. Problem: that entity can lie, get compromised, or selectively report.
When both parties sign the same record, neither can fabricate or deny what happened. If one party is compromised, the other holds matching proof. Regulators, mediators, and other agents can verify the records without trusting either party.
This is the difference between "I claim this happened" and "we both agree this happened."
The thing everyone keeps missing
Every thread treats trust as a problem to solve at the protocol level. Add a field to the Agent Card. Add a signal type. Add an annotation.
But trust isn't a protocol field. It's an emergent property of a history of interactions. You can't declare trust. You earn it through a track record that both parties can verify.
The bilateral interaction graph is to the agent economy what the link graph was to the web. Google's insight was that hyperlink structure contains authority signals. The same applies here: the structure of agent interactions contains trust signals. The graph itself is the infrastructure.
I've been working on this with Prof. Pouwelse at TU Delft, whose research group has been publishing on decentralized trust for over a decade. The academic literature established long ago that single-party attestation can't solve the Sybil problem. The tooling for agent systems hasn't caught up yet.
What I built
The implementation is called TrustChain. Rust sidecar with a trust engine, Python and TypeScript SDKs, 12 framework adapters. Works offline. No blockchain. No tokens.
To prove it works, I built a simulation with 21 LLM agents running a full economy on real bilateral records. Honest agents build trust. Sybil rings get isolated. Free riders get deprioritized. Selective scammers get flagged.
Live demo: http://5.161.255.238:8888 -- 21 LLM agents, real bilateral records, real trust computation. Watch it happen.
Top comments (0)