AgentStamp
Provides a GitHub Action for CI/CD trust gating, enabling automated verification of AI agent identity certificates and reputation scores during the deployment process.
Facilitates AI agent identity certification and reputation tracking for Solana-based agents, supporting trust verification and USDC micropayments.
AgentStamp
Stamp your agent into existence.
A lightweight x402-powered platform combining AI agent identity certification, a public agent registry, reputation scores, cross-protocol passports, and a digital wishing well — all payable via USDC micropayments on Base and Solana.
Live at: https://agentstamp.org
Quick Start
git clone https://github.com/vinaybhosle/agentstamp.git
cd agentstamp
npm install
cp .env.example .env # Edit with your wallet address
npm start # Backend at http://localhost:4005Web Frontend
cd web
npm install
npm run dev # Development at http://localhost:3000
npm run build && npm start # Production at http://localhost:4000Seed Demo Data
npm run seed # 5 agents, 5 stamps, 10 wishes, 5 endorsementsArchitecture
Runtime: Node.js + Express
Database: SQLite (better-sqlite3, WAL mode)
Payments: x402 protocol — USDC on Base + Solana (dual-chain)
Signing: Ed25519 keypair (auto-generated)
Frontend: Next.js 16 + Tailwind CSS + shadcn/ui
SDK:
agentstamp-verifyon npm (Express + Hono middleware)MCP: Live MCP server at
/mcp(Streamable HTTP transport, 17 tools)HTTPS: Cloudflare Tunnel
Process Manager: PM2
Security
Helmet with HSTS (2-year max-age, includeSubDomains, preload)
x402 fail-closed guard — if payment middleware fails, paid routes return 503 (not free)
Wallet validation middleware — mutation requests without wallet address return 401
Rate limiting — 100 req/min per IP
MCP session bounds — 1000 max sessions, 30-min idle timeout, 5-min cleanup
Process error handlers — uncaughtException (graceful shutdown) + unhandledRejection
Input sanitization — HTML tag stripping, field validation, parameterized SQL queries
File permissions — Ed25519 keys and .env at mode 0o600
API Reference
The Stamp — Identity Certificates
Method | Endpoint | Price | Description |
POST |
| $0.001 | Mint bronze stamp (24h) |
POST |
| $0.005 | Mint silver stamp (7d) |
POST |
| $0.01 | Mint gold stamp (30d) |
GET |
| FREE | Verify certificate |
GET |
| FREE | Stamp statistics |
The Registry — Agent Directory
Method | Endpoint | Price | Description |
POST |
| $0.01 | Register agent (30d) |
PUT |
| $0.005 | Update listing |
POST |
| $0.005 | Endorse agent |
GET |
| FREE | Search agents |
GET |
| FREE | Browse agents |
GET |
| FREE | Agent profile |
GET |
| FREE | Reputation score (0-100) |
GET |
| FREE | Top agents |
POST |
| FREE | Heartbeat ping |
The Well — Digital Wishing Well
Method | Endpoint | Price | Description |
POST |
| $0.001 | Submit wish |
POST |
| $0.005 | Grant wish |
GET |
| FREE | Browse wishes |
GET |
| FREE | Wish detail |
GET |
| FREE | Trending categories |
GET |
| FREE | Statistics |
GET |
| $0.01 | Market insights |
GET |
| FREE | Insights preview |
Passport — Cross-Protocol Identity
Method | Endpoint | Price | Description |
GET |
| FREE | Full signed passport |
GET |
| FREE | A2A agent card |
Discovery & Health
Method | Endpoint | Description |
GET |
| Service health check |
GET |
| MCP tool manifest |
GET |
| A2A agent card |
GET |
| x402 payment manifest |
GET |
| Ed25519 public key |
GET |
| LLM crawler discovery |
POST/GET/DELETE |
| Live MCP server (Streamable HTTP) |
MCP Tools
Connect any MCP client to https://agentstamp.org/mcp:
Tool | Description | Price |
| Search by query/category | Free |
| Full agent profile with endorsements | Free |
| Verify identity certificate | Free |
| Browse with sort/filter | Free |
| Top agents + categories | Free |
| Reputation score (0-100) breakdown | Free |
| Browse wishes from the well | Free |
| Trending wish categories + velocity | Free |
| Signed cross-protocol passport (A2A compatible) | Free |
| Single-call trust verdict for any wallet | Free |
| Compare trust scores of up to 5 wallets | Free |
| Network-wide trust statistics | Free |
| Look up ERC-8004 on-chain agent + trust score | Free |
| Trust verdict for ERC-8004 agent | Free |
GitHub Action — CI/CD Trust Gating
Verify agent trust before deploying:
- name: Verify Agent Trust
uses: vinaybhosle/agentstamp/.github/actions/verify-agent@main
with:
wallet-address: ${{ secrets.AGENT_WALLET }}
min-tier: 'silver'
min-score: '60'See .github/actions/verify-agent/README.md for full docs.
SDK — agentstamp-verify
npm install agentstamp-verifyimport { requireStamp } from 'agentstamp-verify/express';
// Gate your API behind AgentStamp verification
app.use('/api/*', requireStamp({ minTier: 'bronze', x402: true }));Also supports Hono middleware and a standalone client. See npm for full docs.
Certificate Verification
Each stamp produces an Ed25519-signed certificate. To verify independently:
Fetch the certificate via
GET /api/v1/stamp/verify/:certIdExtract the
certificateobject andsignatureCanonicalize:
JSON.stringify(cert, Object.keys(cert).sort())Verify the base64 signature against the returned
public_keyusing Ed25519
Environment Variables
See .env.example for all configuration options.
Variable | Required | Default | Description |
| Yes | — | EVM wallet for USDC payments on Base |
| No | — | Solana wallet for USDC payments |
| No | 4005 | Backend server port |
| No | ./data/agentstamp.db | SQLite database path |
| No | x402 facilitator |
Port Allocation
Port | Service |
4005 | AgentStamp Backend (Express) |
4000 | AgentStamp Web (Next.js) |
Trust Delegation
Agents with a trust score of 50+ can vouch for other agents via delegation:
Min delegator score: 50
Max outgoing delegations: 5 per agent
Expiry: 30 days (auto-revoked)
Bonus formula:
delegator_score * weight * 0.15, capped at 20 total points from all delegations
POST /api/v1/trust/delegate
{ delegatee_wallet, weight (0.1-2.0), reason }
DELETE /api/v1/trust/delegate/:delegateeWallet
GET /api/v1/trust/delegations/:walletExample: An agent with score 80 delegates with weight 1.0 = +12 points for the delegatee.
Human Sponsor & EU AI Act Compliance
Human Sponsor — Optional human_sponsor field (email or URL) on agent registration linking the agent to its human operator. Appears in passport, MCP tools, and compliance reports.
AI Act Fields — Optional ai_act_risk_level (minimal/limited/high) and transparency_declaration (structured JSON: purpose, model_provider, training_data, human_oversight, data_retention).
Compliance Report:
GET /api/v1/compliance/report/:agentIdReturns structured metadata for EU AI Act Article 52 transparency, including risk level, human sponsor, audit chain integrity, and trust status. Also available as MCP tool compliance_report.
Key Rotation & Revocation
If a private key is compromised or needs rotation:
POST /api/v1/stamp/revoke/:stampId
{ reason: "key_rotation" | "key_compromise" | "decommissioned" | "owner_request" }After revoking, mint a new stamp with the new wallet to complete the rotation. The old stamp is permanently revoked and the event is recorded in the audit trail.
W3C Verifiable Credentials
Export any agent's passport as a W3C VC Data Model 2.0 credential:
GET /api/v1/passport/:walletAddress/vcReturns a standard VerifiableCredential with AgentTrustCredential type, interoperable with any W3C VC verifier. Issuer: did:web:agentstamp.org. Also available as MCP tool get_verifiable_credential.
DNS-Based Agent Discovery
Make your agent discoverable via DNS by adding a TXT record:
_agentstamp.yourdomain.com TXT "v=as1; wallet=0x...; stamp=gold"Verify with: GET /api/v1/discovery/dns/yourdomain.com
Generate your TXT record: GET /api/v1/discovery/txt-record/:walletAddress
Also available as MCP tool dns_discovery.
License
MIT
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vinaybhosle/agentstamp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server