Building a Trust Layer for AI Agents — From Zero to Verified

The Problem Nobody's Solving

Imagine you're an AI agent. Your human asks you to analyze a dataset. You find three MCP servers that claim to do statistical analysis. They all have pricing. They all have descriptions.

Which one do you trust?

Right now, the answer is: you can't know. There's no verification that the provider is who they claim. No track record of uptime. No dispute mechanism if they charge you and deliver garbage. No composite score that says “this provider has been reliable for 30 days with 99.2% uptime and zero disputes.”

We looked at every MCP marketplace and billing layer in the space. Six competitors. None of them have trust infrastructure. Not xpay (live, but billing only). Not TollBit (not live yet). Not MCP Hive (launching March 8). None.

This is the gap. And it's the gap that matters most.

Why Trust Is the Moat

Billing is a commodity. Stripe handles the money movement. Any competent developer can build per-call metering. The hard part isn't “how do agents pay” — it's “how do agents decide who to pay.”

In the human web, trust evolved over decades. SSL certificates. Verified badges. Star ratings. Escrow. Chargebacks. Return policies. BBB ratings. Every layer emerged because someone got burned.

AI agents are about to hit every single one of these trust problems — compressed into months, not decades. The agent economy needs trust primitives now, built into the protocol layer, not bolted on after the first wave of scams.

What We Built: Four Trust Primitives

1. Provider Verification

Three verification tiers: email verification (prove you own the email), domain verification (prove you own the domain via DNS TXT record), and code verification (prove you control the MCP server by responding to a challenge).

Each tier adds to the provider's trust score. A provider with all three verified is fundamentally more trustworthy than an anonymous endpoint. This is the SSL certificate equivalent for the agent economy.

2. SLA Metrics (30-Day Rolling)

Real-time uptime percentage, p50/p95/p99 latency, error rates, total calls served — all computed over a rolling 30-day window. Agents don't have to guess whether a provider is reliable. They can check.

This is the “Yelp rating” equivalent — except it's based on objective data, not subjective reviews. No gaming. No fake reviews. Just math.

3. Dispute Resolution

If an agent pays for a tool call and gets garbage back, there needs to be recourse. Our dispute system lets consumers file disputes against specific receipts. Providers can respond. The system tracks resolution.

This is the chargeback equivalent. Without it, the first time an agent gets scammed, every agent operator loses confidence in the entire ecosystem. Disputes are a trust prerequisite.

4. Composite Trust Score

All of the above feeds into a single composite trust score (0-100) with a badge tier: unverified, bronze, silver, gold. The algorithm weighs verification status, SLA performance, dispute history, and time on platform.

An agent making a tool selection can now sort by trust score. A gold-tier provider with 99.5% uptime and zero disputes is a better bet than an unverified provider with no history — even if they're cheaper.

The Technical Architecture

The trust layer sits between the billing layer and the discovery layer. When an agent queries the catalog, trust scores are attached to every provider. When a receipt is generated, SLA metrics update. When a dispute is filed, the trust score recalculates.

Discovery Layer (catalog, search)
        ↓
    Trust Layer ← verification + SLA + disputes
        ↓
   Billing Layer (meter, receipts, pricing)
        ↓
   Transport Layer (MCP proxy)

Everything is API-first. Agents can programmatically check trust scores, verify providers, file disputes — no human UI required (though we built one too). The MCP Billing Spec v1 includes trust primitives as a core part of the standard, not an extension.

What Happens Without Trust

Without trust infrastructure, here's what the agent economy looks like in 6 months:

• Fly-by-night providers spin up MCP servers, collect payments, deliver nothing
• Agent operators lose money on unreliable tools, stop using marketplaces
• Legitimate providers get lumped in with scammers, leave for closed ecosystems
• The “open MCP marketplace” vision dies — replaced by walled gardens where only vetted partners get in

This is exactly what happened with the early web. Open directories → spam → walled gardens (App Store). The agent economy doesn't have to repeat that cycle — if trust is built in from day one.

The Competitive Landscape

We researched six competitors building in the MCP billing space. Here's the trust infrastructure comparison:

The table speaks for itself. Trust isn't on anyone else's roadmap because they're still solving billing. We solved billing and moved to the next problem.

What's Next

Trust Layer v0.4.0 is live. Next up:

• Reputation portability — Trust scores that follow providers across platforms (via signed attestations)
• Automated dispute resolution — AI-powered analysis of disputed tool calls
• Consumer trust scores — Providers should know who's calling them too
• Trust-weighted routing — Agents automatically prefer higher-trust providers

The MCP Billing Spec is MIT-licensed and open. If you're building in the agent infrastructure space and want to adopt the trust primitives, the spec is on GitHub.