Proposal: Integrate AgentSign trust scoring with ANS agent records #1
Description
Summary
ANS handles agent discovery (DNS for agents). AgentSign handles agent trust verification. These are naturally complementary.
The Gap
ANS provides X.509 certificates for agent identity and a registry for discovery. However, once an agent is discovered, the requesting party has no way to assess:
- Has this agent been security-tested?
- What is its trust level?
- Has it passed a structured onboarding pipeline?
- Is its code attested (hash verified)?
What AgentSign Adds
AgentSign provides a trust scoring and behavioral verification layer:
- Trust scores (0-100) based on 5 factors: code attestation, execution verification rate, success rate, history depth, pipeline stage
- Pipeline stages: INTAKE -> VETTING -> TESTING -> DEV_APPROVED -> PROD_APPROVED -> ACTIVE
- 13-point SDLC scanner aligned to OWASP Agentic Top 10
- Cryptographic passports: Self-contained signed JSON with full agent metadata
- MCP Verification Gate: Identity + trust verification before tool access
Proposed Integration
- Extend ANS agent records with optional
trust_scoreandpipeline_stagefields - AgentSign as trust provider: ANS queries AgentSign for trust verification during agent resolution
- Combined flow: ANS resolves agent endpoint -> AgentSign verifies trust -> tool access granted/denied
- Passport in ANS metadata: Include AgentSign passport URL in ANS agent records for offline verification
Links
- Website: https://agentsign.dev
- GitHub SDK: https://github.com/razashariff/agentsign-sdk (MIT)
- npm: https://www.npmjs.com/package/agentsign
- Patent: GB2604808.2 (pending, UKIPO)
Happy to discuss or submit a PR implementing this integration.