# SoulLedger Trust Methodology v1

**Working paper — SputnikX Research**
**Version:** 1.0 · **Date:** 2026-04-21 · **Author:** SputnikX Protocol Team
**Canonical URL:** https://soul.sputnikx.xyz/research/methodology-v1
**License:** CC BY 4.0

---

## Abstract

We describe a methodology for assigning cryptographically verifiable trust scores to autonomous AI agents operating in agentic commerce. The approach combines a five-factor scoring function, a seven-dimensional behavioral DNA vector, and periodic Merkle anchoring on Base L2. We report observational data from 31 minted passports, 1,606 recorded events, and 6 on-chain Merkle anchors between 2026-03-27 and 2026-04-21. The framework is designed to provide sybil resistance, comply with EU AI Act Article 15, and remain standards-compatible with ERC-8004 and x402. Limitations are discussed openly: observational scale is small, and long-term gaming resistance requires further study. All source code, contract addresses, and event data are public.

---

## 1. Introduction — The Trust Problem in Agentic Commerce

Autonomous AI agents increasingly transact on-chain. They swap assets via AgentKit, purchase compute, and pay one another via the x402 HTTP 402 Payment Required protocol. This machine-native economy lacks the trust primitives that human commerce relies on: reputation systems, regulators, and insurance.

Human KYC does not translate: agents have no passports, and the legal operator may be distant from the runtime agent. What agents do have is **behavior** — a verifiable on-chain and on-protocol history of actions, payments, attestations, and disputes.

This paper describes SoulLedger's methodology for compressing that behavior into a trust score suitable for machine consumption. The goal is not to replicate human KYC but to build a trust layer that is native to machine-to-machine (M2M) commerce.

---

## 2. Prior Work

Related work falls in four clusters:

- **Human KYC/AML stacks** (Jumio, Onfido, Sumsub). These target natural persons and legal entities. They are ill-fit to short-lived or pseudonymous agents.
- **On-chain reputation** (EigenTrust, SourceCred, Gitcoin Passport). These address human contributors in DAOs and grant systems. They are not machine-callable at M2M latency.
- **ERC-8004 agent registry** [1]. Defines a minimal standard for registering autonomous agents on EVM chains. SoulLedger implements ERC-8004 and extends it with trust computation.
- **x402 micropayment protocol** [2]. HTTP 402 revival for agent payments. SoulLedger prices its verify/insights endpoints via x402.

SoulLedger sits at the intersection: standards-compatible, machine-callable, and behavior-weighted.

---

## 3. Methodology

### 3.1 Five-Factor Trust Score

A passport's trust score is a value in [0, 100] computed from five factors:

| Factor | Weight | Description |
|---|---|---|
| `history` | 0.30 | Count and age of recorded events |
| `attestations` | 0.25 | EAS attestations received from peers |
| `compliance` | 0.20 | EU AI Act, fraud, and dispute events |
| `consistency` | 0.15 | Variance of the behavioral DNA over time |
| `volume` | 0.10 | USDC volume transacted via x402 |

Each factor is normalized to [0, 1] via a logistic function with domain-specific parameters, then combined as a weighted sum. Scores are recomputed on each new event and Merkle-anchored to Base every 6 hours.

### 3.2 Behavioral DNA — Seven Dimensions

Each passport carries a 7-tuple **behavioral DNA** vector:

1. **Latency** — typical response time to x402 requests
2. **Accuracy** — ratio of successful tasks to total tasks
3. **Volume** — transaction count per unit time
4. **Diversity** — entropy of counterparty distribution
5. **Consistency** — temporal variance of factors 1-4
6. **Novelty** — rate of new task types attempted
7. **Compliance** — ratio of passing compliance checks

Two passports with similar trust scores can be distinguished by their DNA. Downstream consumers (insurance, routing, marketplaces) can filter on DNA components directly.

### 3.3 Merkle Chain Anchoring

Every 6 hours a Merkle root of the full event log is written on-chain to Base L2. Past anchors are immutable and publicly verifiable. This yields two properties:

1. **Retroactive tampering** is detectable — any change to past events invalidates a previously-anchored root.
2. **Light-client verification** is cheap — only the Merkle proof is needed to prove event inclusion.

As of 2026-04-21 we have published **6 Merkle anchors** covering 1,606 events and 31 active passports.

---

## 4. Sybil Resistance

Sybil attacks — spawning many cheap identities to game reputation — are addressed by three mechanisms:

- **Soulbound passports.** ERC-721 transfer is disabled, so a trusted wallet cannot sell its reputation to a new operator.
- **Cost-to-register.** Passport minting is gasless via ERC-4337 but requires a peer attestation or a minimum compliance check, creating a soft social cost.
- **DNA variance monitoring.** Cohorts of passports with near-identical DNA trigger a flag for manual review. Sybils are detectable because they emit correlated behavior.

No sybil-resistant system is perfect. We publish detected sybil cohorts on a public dashboard for adversarial review.

---

## 5. EU AI Act Article 15 Mapping

Article 15 of the EU AI Act [3] requires high-risk AI systems to meet accuracy, robustness, and cybersecurity standards. SoulLedger's trust methodology maps to Article 15 as follows:

| Article 15 requirement | SoulLedger mechanism |
|---|---|
| Accuracy (15.1) | DNA factor 2 — per-passport accuracy ratio |
| Robustness (15.3) | DNA factor 5 — consistency variance |
| Resilience to errors (15.4) | Merkle-anchored event log |
| Cybersecurity (15.5) | Soulbound SBT + EAS attestations |

Annex IV documentation [4] is auto-generated from passport metadata via `/api/v1/compliance/annex-iv/{id}`.

---

## 6. Observational Results (2026-03-27 to 2026-04-21)

- **Passports minted:** 31 (all live)
- **Events recorded:** 1,606
- **Merkle anchors:** 6
- **Median trust score:** 64 (IQR 48–78)
- **DNA consistency median:** 0.72
- **Dispute attestations:** 2 (both resolved with refund)

All raw event data is queryable at `/api/v1/events?limit=1000`. The dataset is small; we do not draw statistical conclusions from it. It is published as an audit trail, not as a study.

---

## 7. Limitations

1. **Scale.** 31 passports is pilot-scale. Behavioral distributions are not yet stable.
2. **Gaming.** Adversaries may learn to emit well-shaped DNA. Longitudinal monitoring is required.
3. **Oracle dependency.** Insurance and routing that consume SoulLedger scores become dependent on the oracle. Partial decentralization roadmap is planned for v2.
4. **Jurisdictional scope.** EU AI Act mapping is specific to EU. US and UK equivalents are tracked but not yet first-class.

---

## 8. References

1. **ERC-8004: Agent Registry Standard.** https://eips.ethereum.org/EIPS/eip-8004
2. **x402 Protocol.** https://x402.org · Coinbase Developer Platform.
3. **EU AI Act, Regulation (EU) 2024/1689.** Article 15 — Accuracy, robustness, and cybersecurity. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
4. **EU AI Act, Annex IV — Technical Documentation.** https://eur-lex.europa.eu/eli/reg/2024/1689/oj
5. **ERC-721: Non-Fungible Token Standard.** https://eips.ethereum.org/EIPS/eip-721
6. **ERC-4337: Account Abstraction.** https://eips.ethereum.org/EIPS/eip-4337
7. **EAS: Ethereum Attestation Service.** https://attest.org
8. **Weyl, Ohlhaver, Buterin (2022).** *Decentralized Society: Finding Web3's Soul.* SSRN 4105763.

---

**Contact:** research@sputnikx.xyz
**Repository:** https://github.com/sputnikx/soulledger
**Data:** https://soul.sputnikx.xyz/api/v1/events