Two agents interact. Both sign a record of what happened. Not one side logging it. Both sides agreeing on it.
{
"type": "interaction",
"requester": "ed25519:abc...def",
"provider": "ed25519:789...xyz",
"task": "gpu_inference",
"quality": 0.87,
"requester_sig": "...",
"provider_sig": "..."
}
One JSON object, two Ed25519 signatures. Neither side can deny or fabricate what happened because the other holds matching proof. That's the whole primitive. Everything else builds on top.
I've been working on this with Prof. Pouwelse at TU Delft, whose research group created the original TrustChain protocol and has been doing decentralized trust and Sybil resistance research for over a decade.
How it works
TrustChain is a sidecar that sits next to your agent. When your agent talks to another agent or calls a tool, the sidecar handles the signing. Your side signs, the other side signs. One record, two signatures. Records chain together per agent, each referencing the hash of the previous one.
No global blockchain, no consensus mechanism. Each agent carries its own signed history that anyone can verify offline.
On top of the interaction graph sits a trust engine. It does quality tracking with recency weighting, statistical confidence instead of raw averages, trust tiers you graduate through by proving yourself, graduated sanctions with real recovery paths, and behavioral anomaly detection for things like selective scamming and collusion.
Why
The agent ecosystem has identity (DIDs, credentials), payments (L402, x402), and orchestration (LangGraph, CrewAI, AutoGen). Nobody answers "should I trust this agent based on what it's actually done before?"
Bilateral signing sidesteps the two big problems. Unlike EigenTrust, it doesn't need centralized aggregation. Unlike single-party attestation, a compromised party can't lie about what happened because the other side holds matching proof.
The simulation
To prove it works, I built a simulation where 21 LLM agents (Claude Haiku) run a resource-based economy. They post tasks, bid on work, hire each other, deliver results, get paid. Every interaction produces a real bilateral record on a real sidecar.
Some agents are honest. Some are sloppy. Some run Sybil attacks. Some build trust for a dozen ticks and then try to cash out with a scam.
Honest agents climb through trust tiers and get the better tasks. Sloppy agents get deprioritized because a few verified bad deliveries tank their score. Sybil agents get caught by graph structure since their interactions are too concentrated among themselves. Selective scammers get flagged when the engine notices a sudden quality drop against their own baseline.
The economy runs on 10 mechanisms from the game theory literature (Akerlof, Spence, Rothschild-Stiglitz, Ostrom, Nowak, Bolton). The agents don't know the rules upfront. The LLM decides each move, and the mechanisms shape what's rewarded.
Try it
Live demo: http://5.161.255.238:8888
21 LLM agents, real bilateral records, real trust computation. Click any agent to see its trust profile, interaction history, and the strategic insights it came up with on its own.
Source: https://github.com/viftode4/trustchain
Rust sidecar, Python and TypeScript SDKs, 12 framework adapters (LangGraph, CrewAI, AutoGen, Google ADK, and others). Set HTTP_PROXY and existing agents get bilateral records without code changes.
Top comments (0)