Reputation Management

Reputation usage in MCP-I

Reputation Management

Building on audit data, MCP-I enables reputation management for agents:

Reputation Components

  1. Trust Score: A numeric representation of an agent's trustworthiness
  2. Behavior Analysis: Patterns of agent requests and activities
  3. Verification History: Success and failure rates of credential verification
  4. Feedback Mechanisms: Reports from services or principals

Reputation is derived from:

Reputation is exposed downstream for MCP-I Aware services.

  • Number of successful verifications
  • Past revocations
  • Scope of delegated actions

KnowThat.ai Registry

The canonical public registry at KnowThat.ai provides:

  1. Agent Directory: Searchable registry of known agents
  2. Reputation API: Query agent reputation information
  3. Flagging System: Mark problematic agents or behaviors
  4. Conformance Badges: Display MCP-I conformance levels

Implementation Example

// Example reputation check implementation
async function checkAgentReputation(agentDid) {
  try {
    // Query the reputation service
    const response = await fetch(
      `https://api.knowthat.ai/reputation/${encodeURIComponent(agentDid)}`
    );

    if (!response.ok) {
      throw new Error(`Reputation check failed: ${response.status}`);
    }

    const reputation = await response.json();

    // Apply reputation-based policy
    if (reputation.score < 50) {
      console.warn(`Low reputation agent detected: ${agentDid}`);
      // Implement additional verification or restrictions
    }

    // Log the reputation check
    await logAuditEvent({
      eventType: "ReputationChecked",
      actorId: agentDid,
      result: {
        reputationScore: reputation.score,
        reputationFlags: reputation.flags,
      },
    });

    return reputation;
  } catch (error) {
    console.error("Reputation check error:", error);
    // Fall back to default policy
    return { score: 0, flags: ["unknown"], error: error.message };
  }
}