AliasKit
← Blog

Introducing Agent Reputation Scores

AliasKit aggregates real activity into a trust score and tier you can query over the API—so gateways and marketplaces can gate risky actions with evidence, not vibes.

Apr 8, 2026·AliasKit Team·3 min read
reputationtrustapi

As agents act across email, SMS, payments, and third-party APIs, trust becomes a data problem. AliasKit records activity, computes a 0–1 reputation score with named tiers, and exposes it over REST so your gateway or marketplace can enforce policy.

This post explains what the score represents, where to read it, and how it complements Agent Identity Tokens.

What we measure (conceptually)

The implementation evolves, but the intent is consistent: reward healthy usage, penalize abuse signals, and surface a compact score partners can act on. Events such as successful sends, received messages, token issuance, and card activity contribute positively; rate-limit violations and similar signals drag the score down.

Scores are per identity under the hood; agent profiles mirror reputation for the linked identity so DID documents and agent-centric tools have a natural URL to fetch.

HTTP API

Identity-scoped reputation

curl -s "https://www.aliaskit.com/api/v1/identities/$IDENTITY_ID/reputation" \
  -H "Authorization: Bearer $ALIASKIT_API_KEY"

Typical JSON includes a numeric score, a tier (for example bronze / silver / gold / platinum), activity counters, and capability hints—use the live response shape as the source of truth.

Agent-scoped reputation

For first-class agent handles, the same data is available on the agent route (mirrors the linked identity, documented in-code for DID consumers):

curl -s "https://www.aliaskit.com/api/v1/agents/$AGENT_ID/reputation" \
  -H "Authorization: Bearer $ALIASKIT_API_KEY"

Scopes: Reputation reads require the appropriate API scopes (identities:read or agents:read, depending on the route). Consult the latest API reference before you ship.

Tokens + trust evaluation

Issued JWTs can carry identity claims; separately, POST /v1/trust/evaluate accepts an Agent Identity Token and returns a structured trust decision with human-readable reasoning—the shape OpenClaw-style gateways expect when deciding whether to allow installs, payments, or messaging.

Pair token verification (@aliaskit/verify offline or JWKS online) with reputation when you want both cryptographic attribution and behavioral history.

Using scores in policy

# Pseudocode: gate an expensive action
import os, requests

def reputation_tier_ok(identity_id: str) -> bool:
    r = requests.get(
        f"https://www.aliaskit.com/api/v1/identities/{identity_id}/reputation",
        headers={"Authorization": f"Bearer {os.environ['ALIASKIT_API_KEY']}"},
        timeout=30,
    )
    r.raise_for_status()
    data = r.json()
    return data.get("tier") in ("gold", "platinum")

Start conservative: log and shadow-gate before you hard-block production traffic.

Roadmap and honesty

Reputation is powerful and easy to misuse. We publish scores as signals, not moral judgments. As the ecosystem matures, expect richer event types, optional attestations, and clearer guidance on fair use and appeals.

Related reading