Extension Proposal: Agent Trust Scoring via MCP-T

[realpercivallabs]

Problem

UCP enables agents to discover merchants, negotiate capabilities, and complete purchases. The protocol secures identity through namespace binding and capability negotiation. What it doesn't currently address is agent reputation: should a merchant trust a specific agent to complete a transaction autonomously?

As the agent ecosystem grows, merchants will face the same problem app stores faced a decade ago: how do you tell the difference between a reliable agent and a malicious one? Current options are binary (allow/deny based on namespace) rather than graduated (trust-tiered based on behavioral history).

Proposed Extension: MCP-T Trust Scoring

MCP-T (Model Context Protocol, Trust Extension) is an open spec (CC-BY-4.0) that adds trust scoring to the MCP ecosystem. It's designed to be composable with any protocol that needs trust decisions, including UCP.

How it works with UCP

Merchants add trust requirements to their /.well-known/ucp profile using UCP's reverse-domain extension mechanism:

{
  "extensions": {
    "ai.percival-labs.mcp-t": {
      "required": true,
      "trust_endpoint": "https://trust-provider.example.com/mcp-t/v1",
      "thresholds": {
        "browse": { "composite_min": 0 },
        "checkout": {
          "composite_min": 600,
          "dimension_mins": { "behavioral_fidelity": 700 }
        }
      },
      "escalation_policy": "agents_below_threshold_require_human_approval"
    }
  }
}

During UCP capability negotiation, the agent (or merchant server) queries the trust provider:

{
  "jsonrpc": "2.0",
  "method": "trust/verify",
  "params": {
    "subject_id": "did:key:z6Mk...",
    "domain": "financial",
    "threshold": { "composite_min": 600 },
    "nonce": "checkout-session-id"
  }
}

Agents that meet the threshold proceed autonomously. Agents below the threshold trigger UCP's existing requires_escalation state.

Trust Dimensions (10 default)

Dimension	What It Measures
verification	Identity and credential verification
tenure	Operational history and continuity
performance	Task completion and service quality
commitment	Economic stake (skin in the game)
community	Endorsements from other trusted entities
consistency	Behavioral stability over time
transparency	Openness to inspection
compliance	Regulatory adherence
security	Vulnerability posture
behavioral_fidelity	Declared vs. observed behavior (does the agent do what it says?)

Key Design Choices

• Implementation-agnostic: The spec defines the trust data format and query protocol, not the scoring algorithm. Any trust provider can implement it.
• Transport-agnostic: HTTPS, Nostr, IPFS, SSE bindings defined. UCP's HTTPS integration is straightforward.
• Progressive adoption: Level 0 (read-only queries) requires no infrastructure. Level 2 adds economic staking. Level 3 adds zero-knowledge proofs.
• Privacy-preserving: trust/verify returns binary pass/fail without revealing the actual score. ZK proofs (Level 3) extend this further.

Relationship to Other UCP Discussions

• Proposal: Should UCP track decision provenance for agent security? #56 (Decision Provenance): MCP-T's behavioral traces complement input provenance by tracking what agents actually did, not just what influenced their decisions.
• Business Verification Extension - Trust Signals for Agentic Commerce #146 (Business Verification): MCP-T is the agent-side counterpart. Merchant verification + agent trust scoring together give both sides of the transaction accountability.

Resources

• Full spec: https://github.com/Percival-Labs/mcp-t/blob/main/spec/mcp-t-v0.2.0.md
• UCP integration guide: https://github.com/Percival-Labs/mcp-t/blob/main/docs/integrations/ucp-integration.md
• Runnable example (TypeScript): https://github.com/Percival-Labs/mcp-t/blob/main/examples/ucp-commerce-flow.ts
• JSON schemas: https://github.com/Percival-Labs/mcp-t/tree/main/schemas

The spec is CC-BY-4.0 and open for collaboration. Looking for feedback on the UCP integration pattern, the threshold model for /.well-known/ucp, and which trust dimensions are most relevant for commerce use cases.