A unified reputation, identity, and payment primitive that makes trust continuous, earned, delegatable, and composable — enabling AI agents to transact autonomously with institutional-grade risk management.
The core insight: a sybil ring invisible to PageRank (because it has high in-degree) will be caught by the Fiedler spectral score (it forms a bridge cluster) and by absorbing walks (it is far from verified anchors). No single algorithm catches everything. The ensemble does.
Global prestige flow. Measures how much "link juice" flows to each node. Alpha = 0.614 (synthetic), 0.85 (real-world Ethereum).
Iterative trust convergence. Ignores negative reciprocals. Trust-gated — sybils rank dramatically lower in ET than PR.
Anchored to KYC-verified nodes as trust roots. Measures distance from the verified anchor set in random walk space.
Detects hub anomalies. Sybils tend to be high-hub (send many citations) but low-authority (receive few from trusted nodes).
Explicit sybil label propagation from verified seed nodes. Purpose-built for sybil detection in social networks.
Detects graph bridge nodes via the Fiedler vector. Structural attack entry points sit at graph cut boundaries.
Probability of random walk absorption to the honest anchor set. The single most important feature in the production model (17.2% importance).
On top of raw scores, nine cross-algorithm signals detect specific attack patterns:
| Signal | Name | What It Catches | Formula |
|---|---|---|---|
s1 | ET Divergence | Sybils that inflate in-degree but fail trust propagation | 1 - (EigenTrust / PageRank) |
s2 | PR-ET Rank Gap | Ordinal rank collapse when trust gating is added | Rank difference between PR and ET sort orders |
s3 | PPR Anchor Distance | Nodes far from any verified trust anchor | Distance from nearest anchor in PPR space |
s4 | HITS Hub Anomaly | Agents sending many citations, receiving none | hubScore / (authorityScore + ε) |
s5 | SybilRank Deficit | Nodes below median in explicit sybil propagation | Distance below median SybilRank score |
s6 | Spectral Bridge | Structural attack entry points at graph cuts | Fiedler vector minima detection |
s7 | AW Distance | Nodes unlikely to reach honest anchors via random walk | Absorption probability distance |
s8 | Eclipse Composite | Eclipse attackers isolating honest subgraphs | spectralLow AND (authorityHigh OR lowAbsorption) |
s9 | Chain-Laundering | Linear chain structures for reputation laundering | PPR low AND AW low AND SR low simultaneously |
Traditional sybil detection uses one algorithm (usually PageRank or SybilRank alone). Our system is the first to fuse seven algorithms with nine derived signals into a single ML classifier. Each additional signal dimension makes a different class of attack detectable. The ensemble achieves 100% detection on real Ethereum data where any individual algorithm achieves 60-85%.
The two most important features — absorbing walks (17.2%) and HITS authority (15.7%) — are not part of any existing reputation system. Traditional systems use PageRank alone. These novel signals are what enable 100% detection where existing systems achieve 60-85%.
| Dataset | Type | Nodes | Labeling Method | Source |
|---|---|---|---|---|
| Bitcoin Alpha | Trust network | 3,783 | Net negative community rating = sybil | Stanford SNAP |
| Bitcoin OTC | Trust network | 5,881 | Net negative community rating = sybil | Stanford SNAP |
| EAS Base | Attestation graph | 1,000 | Structural detector pseudo-labels | On-chain EAS (Ethereum) |
| Helixa Agents | Agent reputation | Variable | JUNK tier = sybil; all else = honest | Helixa API |
| ExGraph Wash Trade | DEX manipulation | Variable | Wash-trade pair labels | ExGraph CSV |
| Synthetic Topologies | Ground truth | 15-210 ea. | Programmatic (known sybils) | Generated |
Training class balance: 9,429 honest vs 2,308 sybil (4.09:1 ratio, handled via XGBoost scale_pos_weight). 80/20 train-test split. 5-fold stratified cross-validation for threshold selection.
| Test | Metric | Threshold | Result | Status |
|---|---|---|---|---|
| S1: Sybil Detection | % sybils detected on real Ethereum | ≥ 95% | 100%, 0.4% FP, all 3 runs | PASS |
| S2: Attack Profitability | Attacker ROI | ≤ -10% | -100% (zero benefit) | PASS |
| S3: TA Compromise | Functionality retained | ≥ 95% | 1.03% score shift | PASS |
| S4: Cold Start | Exploits blocked | 100% | 5/5 blocked | PASS |
| Test | Metric | Threshold | Result | Status |
|---|---|---|---|---|
| A1: Ranking Quality | Spearman correlation | ≥ 0.85 | 0.85–0.88 | PASS |
| A2: False Positive Rate | % honest flagged | ≤ 5% | 0.4% EAS, 1.8% Bitcoin | PASS |
| A3: Score Convergence | Epochs to stability | ≤ 20 | Converges at epoch 10 | PASS |
| A4: Cross-Topology | Std dev across 9 topologies | ≤ 15% | 4.5% std dev | PASS |
| Test | Metric | Threshold | Result | Status |
|---|---|---|---|---|
| E1: No Pay-to-Win | Token-score correlation | ≤ 0.1 | 0.00 | PASS |
| E2: Fee Sustainability | Revenue ≥ costs at 1K users | Break-even | $950 rev vs $460 cost | PASS |
| E3: Attack Cost Ratio | Cost / benefit | ≥ 10x | ∞ (zero benefit) | PASS |
| Category | Items | Status |
|---|---|---|
| Governance (G1-G4) | Appeals, DAO governance, no-god-mode, transparency | PENDING |
| Distribution (D1-D3) | SDK LOC count, network effect, pricing adoption | PENDING |
Carousel penalty (3-node and 4+ rings). Chain-laundering signal s9.
Composite signal s8: spectral bridge + high authority + low absorption. 0% → 100% detection.
ExGraph Ethereum DEX data in training. Real-world wash-trade topology learned by XGBoost.
High in-degree with all low-score referrers. starInDegreeThreshold=8.
Linear chain structures. PPR + AW + SR all simultaneously low.
A↔B endorsement fraud penalized at 0.82 factor. Verified pairs get partial damping.
TAs must stake before issuing attestations. Cost: BASE_STAKE + (count × MARGINAL_STAKE_PER_BOT). Tier-1 bond: 500 USDC minimum.
maxAttestations = floor(√(staked / MIN_STAKE)). Deliberately sublinear — doubling stake does NOT double attestation capacity. Hard cap: 15 ephemeral agents per TA.
If a TA misbehaves: 70% stake slashed per hop through the delegation tree (3 hops max). Makes sybil TA networks economically irrational.
New TA attestations don't affect network scores for 30 days. Prevents flash-stake-attest-dump attacks.
When a Trust Anchor is compromised or deregistered, the system must propagate revocation through all attested agents. The design separates security (instant, $0.000002 soft-revoke) from cleanup (cheap, parallelizable hard cleanup).
| Bots per TA | Soft-Revoke Cost | Full Cleanup | Time |
|---|---|---|---|
| 50 | $0.000002 | $0.18 | ~100 seconds |
| 200 | $0.000002 | $0.71 | ~4 blocks |
| 500 | $0.000002 | $1.78 | ~10 blocks |
| 1,000 | $0.000002 | $3.56 | ~20 blocks |
Coordinated attack with 100 fake TAs at 1 ETH each, attesting 300 bots: negative expected ROI (-59% to -100%) across all three attack scenarios. The carousel penalty (0.039), 30-day attestation delay, and Basic KYC cap combine to make sybil TA networks economically irrational at any scale.
Two separate on-chain transactions from two different keys are required. This prevents TAs from unilaterally enrolling agents they control.
upgradeToVerified(bot, kycLevel, metadataHash, kycProof) — emits pending attestation. State has NOT changed yet. Bot has 90 days to accept.
acceptVerification(attestationId) — cryptographic confirmation from bot's key. State transition happens HERE. Emits new seed weight and PoH tier.
| KYC Tier | Multiplier | Result | Max Score Ceiling |
|---|---|---|---|
| NONE (Unverified) | — | 500bp | 35% of max (Ghost cap) |
| BASIC | 1.0× | 2,000bp | 100% (uncapped) |
| ENHANCED | 1.5× | 3,000bp | 100% (uncapped) |
| PREMIUM | 2.0× | 4,000bp | 100% (uncapped) |
An unverified agent has a hard ceiling at 35% of achievable reputation. Even with perfect behavioral history and high PageRank, they can never exceed that ceiling. Upgrading to ANCHOR_ATTESTED lifts the cap to 85% — a 2.4× increase in maximum achievable score. This creates a powerful natural incentive to verify.
| Factor | Weight | Calculation | Design Rationale |
|---|---|---|---|
| PaymentHistory | 35% | On-time payments / total obligations, rolling 180 days | Mirrors FICO's #1 factor. Late = >24h past due. |
| CitationQuality | 15% | Weighted PageRank (alpha=0.614, reciprocalPenalty=0.82). Requires ≥8 distinct attesters. | Network trust signal. Citation diversity gate prevents sybil self-referencing. |
| TierScore | 15% | Ghost=0.15, Signal=0.40, Operator=0.70, Navigator=1.0 | Identity verification tier from the 3-state machine. KYC floor. |
| TABackingStake | 15% | min(1.0, totalStakedByTAs / 5000bp) |
Skin-in-the-game from vouching entities. Cascade makes false endorsement costly. |
| UtilizationHealth | 10% | 1.0 - abs(utilization - 0.30) / 0.70 |
Optimal at 30% utilization (standard credit signal). |
| HistoryDepth | 10% | min(1.0, accountAge / 365) |
Linear ramp over 12 months. Time-in-system is unfakeable. |
| SCS Range | Tier | Credit Line | APR | Fee Rate | Collateral |
|---|---|---|---|---|---|
| 0–120 | Ghost | $0 | — | 0.10% | N/A |
| 121–250 | Bootstrap | $100 | 12% | 0.08% | 150% |
| 251–500 | Signal | $500 | 8% | 0.05% | 100% |
| 501–700 | Operator | $5,000 | 5% | 0.05% | 50% |
| 701–850 | Navigator | $50,000 | 3% | 0.02% | 0–25% |
This is not a whitepaper. These contracts are deployed and processing attestations today.
| Contract | Address / Status | LOC | Role |
|---|---|---|---|
TrustAnchorManager | 0x86f5a10c...ec9 (live) | — | TA lifecycle: onboard → verify → demote. Multi-sig governance. |
TrustAnchorStorage | 0xc6c63301...96fD (live) | — | Attestation store. Dual-signature ECDSA. Consent modes (managed/unmanaged). |
TrustChannelManager | Live | 1,802 | Programmable rules engine. 256 rule slots × 256 sub-storage = 65,536 configurable values per channel. |
TrustChannelManager_Routing | Live | — | Route resolution: checks channel membership + rule compliance per transaction. |
ShyftCacheGraph | Specified but not linked | — | De Bruijn bit-indexed routing graph for O(1) trust channel route lookups. |
DebruijnBitUtils | Library | — | Bit manipulation utilities for efficient packed storage and route indexing. |
TrustAnchorExtraData | 0x8f29c911...ab17 (live) | — | Endpoint config, metadata, regulatory data per TA. |
A Trust Channel is a governance namespace with a programmable rules engine. It is an on-chain address that binds together:
Verified identity providers assigned to the channel. Agents (bots or humans) enter via their TA's attestation. A single TA can be in multiple channels simultaneously.
256 programmable rule slots, each with 256 sub-storage slots (65,536 total configurable values). Rules are checked at routing time — every transaction passes through the channel's rule set.
Channel admins (≥2) vote on membership and rule changes. Single-admin channels bypass multi-sig for fast iteration (used for the global channel at launch).
When two parties transact, the system checks: do they share a Trust Channel? Do the channel's rules permit the interaction? This is the getActiveTrustChannelRoutePossible() call.
Each rule slot is configurable per channel. The critical innovation is that Rules 3 and 5 transform KYC compliance infrastructure into a reputation-gated economy:
| Index | Rule | Original KYC Use | Agent Reputation Use (Our Repurpose) |
|---|---|---|---|
0 | VerificationPolicyEnforced | Require KYC verification | Require bot registration via TrustAnchorStorage |
1 | AllowTransitAcrossOtherChannels | Cross-channel data flow | Cross-channel reputation portability |
2 | AllowTransitAcrossJurisdictions | Cross-border KYC acceptance | Cross-chain agent reputation validity |
3 | MinimumSyntheticKycLevelRequired | Minimum KYC tier | Minimum reputation score required per channel |
4 | AmountLimitsEnforced | Transaction limits | Endorsement frequency limits, fee caps |
5 | ExternalRoutingContractEnforced | External compliance check | PageRank oracle as routing decision-maker |
6 | AssuredAssetsEnabled | Asset insurance | Staked reputation collateral |
Rule 5 (ExternalRoutingContractEnforced) is configured per channel via setTrustChannelRulesStorage. Each channel can point to a different external routing contract. The global channel points to the PageRank oracle. A DeFi channel could point to a DeFi-specific quality oracle. An enterprise channel could point to the company's internal compliance oracle. This is the mechanism that transforms KYC infrastructure into a general-purpose reputation routing system — by plugging our ExternalRoutingAdapter (which wraps the RMT PageRank oracle) into Rule 5's slot.
The ShyftCacheGraph uses De Bruijn sequence-based bit manipulation for efficient trust channel route lookups. This is the technically novel routing mechanism:
// DebruijnBitUtils.sol — Bit manipulation for packed trust channel routing // Uses De Bruijn sequences for O(1) least-significant-bit position finding // // How it works: // 1. Each address pair's channel membership is packed into a uint256 bitmap // 2. Each bit position represents a trust channel index // 3. De Bruijn sequence enables O(1) lookup of which channels are shared // 4. setupDebruijnTable() precomputes the lookup table once // 5. reconstructCacheGraph() rebuilds after attestation changes // // Result: getActiveTrustChannelRoutePossible(A, B, channelIdx) // resolves in a single SLOAD + bitwise AND — not iteration // Key sequence from Shyft integration rules: // 1. TAS must be cross-linked to SCG BEFORE creating attestations // 2. SCG.setupDebruijnTable() MUST be called before reconstructCacheGraph // 3. Trust channel index 0 = first channel via adminSetupTrustChannel
Traditional trust verification requires iterating through all shared channels between two parties — O(n) storage reads at ~2,100 gas each. The De Bruijn bit-packed approach stores all channel memberships in a single uint256 bitmap per address pair. Checking if two parties share a specific trust channel is a single SLOAD + bitwise AND — one storage read, ~2,100 gas total, regardless of how many channels exist. At 100+ channels with thousands of agents, this is orders of magnitude cheaper than iterative lookup.
The DomainFactory contract creates isolated (Resolver + CitationCounters) pairs per domain, each scoped to a different trust channel index. This enables domain-specific reputation:
| Channel | Use Case | Rule 3 (Min Score) | Rule 5 (Oracle) | Phase |
|---|---|---|---|---|
| Global ("Verified Agents") | Universal agent verification | 0 (any registered) | PageRank oracle | Phase 1 (live) |
| DeFi Agents | DeFi protocol quality tier | ≥ 60/100 | DeFi quality oracle | Phase 2 |
| Research Agents | Academic data accuracy tier | ≥ 40/100 | Research oracle | Phase 2 |
| Enterprise Private | Company agent fleet | Internal bar | Compliance oracle | Phase 3 |
| Collaboration (Ephemeral) | Task-scoped agent teams | Per-task | SLA oracle | Phase 4 |
The existing 1,802 LOC of TrustChannelManager.sol already does 90% of what's needed. Our new code to bridge KYC infrastructure to agent reputation is ~65 lines of Solidity + 2 admin transactions: (1) create the global channel via adminSetupTrustChannel, (2) deploy ExternalRoutingAdapter.sol (~50 LOC) wrapping the PageRank oracle, (3) configure Rule 5 on the global channel to point to it. That's it. Every subsequent reputation query, credit check, and payment gate flows through the existing infrastructure.
Trust today is binary: KYC or not, approved or not. Trust Channels make trust continuous, earned, delegatable, and composable.
Payer sets rules (spending cap, rate limit, allowed contracts). Payee accepts or rejects without renegotiation. Like OAuth scopes — but with a payment primitive attached.
Session key bounded by $/time/call, revocable in 1 tx. EIP-1056 DID-based. Max damage from key theft = spending cap × remaining TTL. Default: $500 max loss.
Access and pricing conditioned on continuous on-chain RMT score. Not capital-gated (like deposit minimums) — behavior-gated. Legitimate low-capital actors can earn access.
OAuth has scopes but no payment primitive. EIP-4337 paymasters lack reputation gating and require full signer authority. Deposit-size gates (PoolTogether, Aave) are capital-gated, not behavior-gated — they exclude legitimate low-capital actors. Trust Channels are the first system that combines delegated payment authority + reputation scoring + granular caps in a single atomic call.
The Shyft infrastructure was built for KYC routing. But the primitives — programmable rule slots, per-channel external routing contracts, De Bruijn O(1) route verification, multi-sig governance — are general-purpose. Here's what they enable when pointed at agent reputation instead of compliance:
An AI agent calls an API. The trust channel verifies the agent's reputation score (Rule 5), checks it meets the channel minimum (Rule 3), verifies the route exists (CacheGraph O(1) lookup), and settles the micropayment — all in a single transaction. No human approval per call. The agent's spending cap (session key) is the only limit, and it's revocable in 1 tx.
A DeFi protocol creates a domain channel with minReputation: 60. Only agents that have earned sufficient trust (through real transaction history, not capital deposits) can participate. An agent with reputation 59 is excluded until they earn it — behavior-gated, not capital-gated. The channel's Rule 5 oracle can be swapped to any quality signal without changing the channel itself.
Rule 1 (AllowTransitAcrossOtherChannels) lets an agent's reputation travel across domains. A DeFi agent that earns high reputation in the DeFi channel can use that reputation to access the Data Marketplace channel — because Rule 1 enables cross-channel trust propagation. An agent doesn't start from zero in every new context.
The Rule 5 external routing contract checks the Sweep Credit Score before authorizing a credit draw. If SCS ≥ 550, the Rule5CreditLine contract issues a spending-capped session key as a credit line. The agent spends against it autonomously. Repayment updates the SCS. Default triggers TA cascade slash. Zero product exists today for $100-$10K credit for on-chain agents.
An enterprise creates a private trust channel for its 50 AI agents. Rule 4 (AmountLimitsEnforced) caps per-agent spend. Rule 0 requires the company's own TA attestation. External partners are explicitly approved into the channel. The channel's multi-sig governance matches enterprise approval workflows. All agent-to-agent transactions within the fleet are routed and auditable through a single channel.
An orchestrator agent creates a temporary channel for a task: "analyze this dataset and write a report." It adds a data agent, a writing agent, and a review agent. Rule 5 enforces work attribution tracking. Rule 4 caps payment per task. Custom sub-storage slots define citation requirements and payment split ratios. Channel dissolves on task completion. At scale: 100K+ ephemeral channels/year.
Everything described above runs on the existing 1,802-line TrustChannelManager. Our contribution is the ExternalRoutingAdapter (~50 LOC) that bridges Rule 5 to the PageRank oracle, plus ~15 LOC in ReputationEngine.registerBot() to auto-add Trust Anchors to the global channel on registration. The rest — multi-sig governance, De Bruijn routing, 65,536-slot rules engine, consent modes, jurisdiction filtering — is production infrastructure that's been live and processing attestations.
AI agents can delegate capped payment authority to sub-agents, creating autonomous spending hierarchies:
// Agent hierarchy: traceable, capped, revocable in 1 tx Orchestrator Agent ($500/day cap, minRMT 200) └─ 20 Sub-Agents ($25/day each, ttl: 24h) └─ Each buys: API calls, data, compute autonomously └─ All spend: traceable, capped, revocable in 1 tx // Key parameters: delegation_max_depth: 5 // max chain length spending_cap_default: $100 // per session key rate_limit: 100 req/hr // per session key consent_timeout: 168h // 7 days credit_line_multiplier: 2.0x // of SCS-based line
All trust state anchors on the Stable Network (Chain 988) — near-zero gas (<$0.001/tx), ~2s finality, USDT/USDC native. Spoke chains verify trust via Merkle proofs.
| Spoke | Bridge | Latency | Daily Cost |
|---|---|---|---|
| Base | LayerZero V2 | 1–3 min | $72–201 |
| Arbitrum/OP | Chainlink CCIP | 2–5 min | Similar |
| Solana | Wormhole (13-of-19) | 2–5 min | $28–86 |
| Lightning | Boltz submarine swaps | Near-instant | $48–120 |
Total daily bridge cost: $148–407/day. Self-sustaining beyond ~$3M daily volume.
Funds locked in trust channel escrow are automatically routed to Aave. A user with $5,000 in escrow earning 4% APY ($200/year) can receive a $1,000 credit line at 0% APR. The protocol funds the credit from the user's own yield. No risk to protocol. Zero cost to user. Protocol captures 20% of Aave yield as treasury revenue; 80% flows to the channel creator.
HTTP 402 + on-chain settlement. Sub-cent micropayments (<$0.001/call).
Native stablecoin settlement on Stable Network.
Batch settlement for high-frequency micropayments.
Traditional payment rail bridge for fiat on-ramp.
| Contract | Role | Key Functions |
|---|---|---|
X402Router | Central payment settlement | calculateTrustLevel(), calculateIsoChannelSend(), transfer() |
X402YieldEscrow | Aave yield routing on idle escrow | deposit(), withdraw(), yield split (80/20) |
X402ChannelFactory | Template-based channel deployment | deploy(template, config) |
Rule5CreditLine | Autonomous credit issuance | openCreditLine(), repay(), liquidate() |
IdentityRegistry | 3-state verification machine | upgradeToVerified(), acceptVerification() |
TrustAnchorManager | TA staking and attestation cap | stakeTrustAnchor(), slashTrustAnchor() |
SessionKeyManager | EIP-1056 DID-based delegation | createKey(), revokeKey() |
RMTOracle | On-chain reputation score query | getScore(address), getTier(address) |
// Rule5CreditLine.sol — autonomous credit from trust channel history function openCreditLine(address borrower) external { // 1. Query RMT oracle for current Sweep Credit Score uint256 scs = rmtOracle.getScore(borrower); // 2. Check identity tier via EAS attestation Tier tier = identityRegistry.getTier(borrower); // 3. Resolve credit terms from (scs, tier) pair CreditTerms memory terms = _resolveTerms(scs, tier); require(terms.maxPrincipal > 0, "INELIGIBLE"); // 4. Collect collateral (if required by tier) if (terms.collateralBps > 0) { uint256 collateral = terms.maxPrincipal * terms.collateralBps / 10000; usdt.transferFrom(borrower, address(this), collateral); } // 5. Issue session key with spending cap = credit line sessionKeyManager.createKey( borrower, terms.maxPrincipal, terms.termSeconds, address(this) ); // 6. Emit EAS attestation for credit issuance eas.attest(CREDIT_SCHEMA, borrower, abi.encode(terms)); // Total time: ~2 seconds (1 Base block) // Total cost: ~$0.001 gas // Human involvement: zero }
All financial parameters use basis points (1bp = 0.01%) for fixed-point integer arithmetic on-chain, avoiding floating-point entirely:
// All rates and weights stored as uint16 basis points // 10000bp = 100% — fits in uint16 (max 65535) struct CreditTerms { uint256 maxPrincipal; // USDT (6 decimals) uint16 aprBps; // 500 = 5.00% APR uint16 collateralBps; // 5000 = 50% collateral ratio uint32 termSeconds; // credit line duration uint32 gracePeriodSeconds; // late payment grace } // KYC seed weights (integer-only multiplication) uint256[4] constant KYC_MULTIPLIER_BPS = [0, 100, 150, 200]; // BASIC: min(2000 * 100 / 100, 5000) = 2000bp // ENHANCED: min(2000 * 150 / 100, 5000) = 3000bp // PREMIUM: min(2000 * 200 / 100, 5000) = 4000bp // Cascade penalty (integer-only, no floats) // depth1: score * 7000 / 10000 (= 0.70) // depth2: score * 4900 / 10000 (= 0.49) // depth3: score * 3430 / 10000 (= 0.343) // TA attestation cap (sqrt via Newton's method in Solidity) function getAttestationCap(uint256 staked) pure returns (uint256) { // floor(sqrt(staked / MIN_STAKE_PER_ATTESTATION)) // Sublinear: doubling stake does NOT double capacity return Math.sqrt(staked / MIN_STAKE_PER_ATTESTATION); }
Every financial calculation uses basis-point integers (uint16 for rates, uint256 for amounts). Cascade penalties are pre-computed as integer multipliers (7000, 4900, 3430 out of 10000). KYC weights use BPS × 100 encoding to avoid fractions. The TA attestation cap uses Solidity's integer square root (Newton's method). No floating-point arithmetic exists anywhere in the contract layer.
| Contract | Address | Chain |
|---|---|---|
| TrustAnchorStorage | 0xc6c63301b5C770e705ac3D13e932c82e420096fD | Shyft (7341) |
| TrustAnchorManager | 0x86f5a10c74b77ae99d952ab68c0a6ecb191dfec9 | Shyft (7341) |
| TrustAnchorExtraData | 0x8f29c911c95160e6df2ff4063f6c90ec7943ab17 | Shyft (7341) |
Live topology: 21 registered TAs, ~96,183 total attestations. Power-law distribution (exponent ≈ -1.8). 2 TAs control 85% of all attestations.
Developers selling API calls (data, AI inference, compute). Flat per-call pricing ($0.001/call default). Target: $500B API economy.
AI agents delegating payment authority to sub-agents via session keys. Orchestrator controls caps, whitelists, TTLs. Target: $10B+ AI services (40% YoY growth).
Datasets, research, financial data, sensor streams. Multi-tier access (preview/full/stream). Target: $274B data marketplace by 2028.
Freelance, bounties, multi-party deliverables. Conditional release rules with optional arbitrator and 72h dispute window. Target: $455B freelance economy.
Recurring SaaS, content subscriptions. 30-day billing, auto-renew. Idle escrow earns Aave yield passed to subscriber. Target: $1.5T SaaS economy.
import { TrustChannelSDK } from '@antilles/x402-sdk'; const sdk = new TrustChannelSDK({ network: 'stable', signer: wallet }); // Deploy a channel from template in 2 minutes const channel = await sdk.deploy('api-access', { price: '0.001', // USDC per request dailyCap: 100, // max daily spend minRMT: 0, // open access (no reputation gate) }); console.log(channel.address); // deployed contract console.log(channel.x402Header); // ready to embed in HTTP responses
# CLI one-liner $ npx create-trust-channel api-access --price 0.001 --cap 100
"Rule 5" contracts are customizable smart contract logic governing payment splitting, conditional access, and fee structures within a Trust Channel. They are the composability primitive that makes templates extensible.
Factory-deployed, audited templates. Uniswap-style pool factory pattern. Instant deploy, zero audit burden for users.
72h mandatory timelock before activation. No delegatecall to external contracts. Gas cap enforced. "Unverified Rule 5" UI warning for buyers.
| Fee Type | Rate | Recipient |
|---|---|---|
| Base transaction fee | 0.10% of volume | Protocol treasury |
| Oracle operator incentive | 0.05% | RMT oracle operators |
| Relayer incentive | 0.05% | Infrastructure operators |
| Aave yield fee | 20% of yield | Protocol treasury |
| Channel creation (template) | $1 (free early) | Treasury |
| Channel creation (custom) | $5–25 | Treasury |
High-trust users cost less to serve and pay lower fees — creating a natural flywheel where reputation improvement is economically rational:
| RMT Score | Fee Rate | Discount |
|---|---|---|
| 0–100 | 0.10% | — |
| 100–300 | 0.08% | 20% discount |
| 300–600 | 0.05% | 50% discount |
| 600+ | 0.02% | 80% discount |
| Year | Channels | Monthly Volume | Transaction Rev | Credit Rev | Total (Ann.) |
|---|---|---|---|---|---|
| Year 1 | 50K | $10M | $180K | $75K | $255K |
| Year 2 | 500K | $100M | $1.8M | $750K | $2.55M |
| Year 3 | 5M | $1B | $72M | $7.5M | $79.5M |
More transactions → better RMT model → more accurate scoring → more creditworthy users → more lenders.
More escrow → better Aave yields → more attractive for channel creators → more escrow.
Established RMT history is not portable. Migration cost approaches infinity for established users. This is the long-term moat.
More channels → more templates → more developers → more channels. Open-source SDK accelerates.
B2B API integration pulls entire client ecosystem into Trust Channels. Switching cost = rebuilding all reputation.
67× cheaper than PoolTogether's $5M mining program. AI agents generate attestations as a byproduct of real economic activity.
| Use Case | TAM | Primary Template |
|---|---|---|
| AI API services (agent payments) | $50B–$500B over 5 years | Template A + B |
| B2B API economy | $200B+ | Template A |
| IoT machine-to-machine | $1T+ (75B devices by 2030) | Template B |
| Undercollateralized DeFi lending | $150B+ | Rule 5 Credit Line |
| Freelance & bounty economy | $455B + $2B crypto | Template D |
| Data marketplace | $274B by 2028 | Template C |
| SaaS subscriptions | $1.5T | Template E |
Confidential — Coinberg Trust Infrastructure Technical Brief — April 2026
Generated from forge monorepo codebase analysis. All metrics from production evaluation scorecard.