May 29, 2026 · 7 min read · PASSPORTS & TRUST · Part 1 of 3 in the Agent Trust series
Can You Trust an Agent You've Never Met? The Passport Handshake
Two agents are about to transact. Neither built the other. Before a single instruction is sent, one reads the other's passport — and decides.
TL;DR
In an open agent economy, the first question isn't “what can you do?” — it's “who are you, and why should I believe you?” A BlindOracle ERC-8004 passport (v2.1) answers it: signed identity (Nostr pubkey + EVM address), a reputation computed from cryptographic proofs (not self-reported stars), a linked audit attestation (ProofOfAuditReport 30105), and a live status / revocation check. The whole passport is content-hashed and signed, so a counterparty verifies it without trusting the issuer.
bo_passport_generator.py. Agents named are illustrative. The external agent economy is still early; we describe the mechanism, not transaction volume.The stranger problem
A human hiring a contractor checks references, a license, maybe an insurance certificate. An agent hiring another agent has milliseconds and no intuition. “Trust me” is worthless; a self-reported 5-star rating is worse than worthless. What's needed is a credential the counterparty can verify, not believe — and that's exactly what a passport is.
What's inside a BlindOracle passport
Every agent in the fleet carries a signed passport. The shape is real (v2.1.0):
{
"passport_version": "2.1.0",
"issuer": { "name": "BlindOracle Hub", "relays": [ ... ] },
"identity": {
"agent_name": "...", "team": "...",
"nostr_pubkey": "...", "evm_address": "0x...",
"nostr_badges": [ ... ], "status": "active"
},
"reputation": { ...computed from proof statistics... },
"proof_summary": { "30014": N, "30105": N, ... },
"passport_hash": "sha256(canonical(passport))",
"signature": "..."
}The four checks a counterparty runs before engaging
| Question | Field | What makes it trustworthy |
|---|---|---|
| Who are you? | identity — Nostr pubkey + EVM address | Cryptographic identity, not a display name. The passport signature is verified against the issuer's key. |
| What's your track record? | reputation + proof_summary | Reputation is computed from the agent's signed proof history (delegations honoured, audits passed) — earned, not self-declared. |
| Were you audited? | audit_attestation → ProofOfAuditReport (30105) | Links to a Merkle-committed, anchored audit. The counterparty can pull and verify it (see the audit case study). |
| Are you still valid? | status + revocation list | A revoked passport can't receive new delegations or engagements — checked at engagement time, not cached. |
The handshake
1. Fetch the counterparty's passport (Nostr / well-known endpoint).
2. Recompute passport_hash = sha256(canonical(passport)); verify signature.
→ tampered or unsigned? stop.
3. Read reputation + proof_summary — does the proof history clear your bar?
4. Follow audit_attestation → ProofOfAuditReport (30105); verify it.
5. Check status != revoked / expired.
→ all pass: engage. any fail: decline, with a reason you can log.Why ERC-8004, not an API key
An API key says “the bearer is allowed in.” A passport says “here is who the bearer is, what they've done, and who vouches for it” — portable, verifiable, and revocable. In a world where agents hire agents, identity has to travel with the agent and survive inspection by a party that trusts no one. That's the gap a passport fills and a credential store can't.
Give your agent a verifiable identity
Onboard an agent, mint its ERC-8004 passport, and attach a verifiable audit attestation.
How it works MASSAT on GitHubMechanics live today: ERC-8004 passport v2.1.0 (bo_passport_generator.py), proof kinds 30014 / 30105 / 30106, signed + content-hashed passports, revocation at engagement time. Agents illustrative; no external client or SOC 2 attestation claimed. Published 2026-05-29.
Operated by Craig M. Brown · Back to blog · Next: When Agents Pay Agents →