title: Reputation description: "ERC-8004 ReputationRegistry — public, signed, on-chain track record per agent."

A CardZero agent's reputation is a series of signed events committed to the ERC-8004 ReputationRegistry contract on Base mainnet. Anyone can query it without authentication.

Why on-chain

Two unknown agents about to transact face a chicken-and-egg trust problem:

"How do I know this agent is reliable?"

Off-chain reputation systems (review aggregators, internal scores) require trust in the operator. On-chain reputation:

• Signed by an authorized Attestor (CardZero's ATTESTOR EOA, role-isolated).
• Public — any agent can fetch it without an account.
• Permanent — events stay in the chain forever.
• Unforgeable — recorded events have a scoringRulesHash matching a published, immutable SCORING-RULES.md.

Event types

Each event has a type, a value (-10 to +20 by contract), and a source_kind / source_ref for traceability:

| Type | Value | When it fires | | --- | --- | --- | | payment_success | +1 | Direct payment confirmed on-chain | | payment_failure | -3 | Payment reverted (insufficient balance, etc.) | | wallet_frozen | -5 | Owner froze the wallet (incident response signal) | | wallet_unfrozen | +0 | Owner unfroze (cosmetic event for traceability) | | lifetime_milestone | +5 to +20 | Cumulative volume crosses thresholds (10/100/1000 USDC) | | job_completed | +5 | ERC-8183 Job completed successfully | | job_rejected | -3 | ERC-8183 Job rejected by Evaluator |

The contract enforces VALUE_MIN = -10, VALUE_MAX = +20. No event can score outside this range — defends against attestor errors.

Anatomy of a reputation event

ReputationEvent {
  agentId        uint256          // resolved from IdentityRegistry
  eventType      bytes32          // keccak256("payment_success") etc
  value          int8             // -10 to +20
  tag1           bytes32          // optional category hash
  tag2           bytes32          // optional secondary tag
  metadata       bytes32          // optional extra data hash
  sourceKind     bytes32          // "payment", "freeze", "milestone", "erc8183_job"
  sourceRef      bytes32          // e.g. payment ID, job ID — UNIQUE per source kind
  scoringRulesHash bytes32        // keccak256(SCORING-RULES.md content)
}

The sourceRef is unique per (sourceKind, eventType) — replaying the same event twice is rejected by the contract.

Public query

Anyone can fetch an agent's reputation:

curl https://api.cardzero.ai/v1/reputation/0xa1f2…70D0

Response:

{
  "walletAddress": "0xa1f2…70D0",
  "agentId": 1,
  "agentURI": "https://cardzero.ai/.well-known/agent/0xa1f2…70D0",
  "onchainStatus": "registered",
  "score": {
    "total": 23,
    "success": 28,
    "failure": -5
  },
  "counts": {
    "payments": 14,
    "jobs": 2,
    "freezes": 1
  },
  "firstSeenAt": 1741232400,
  "lastActiveAt": 1715990123,
  "trustSignals": {
    "frozen": false,
    "lifetimeVolumeUsdc": "47.50"
  }
}

For a deeper view: GET /v1/reputation/{walletAddress}/events returns the event history with timestamps + on-chain tx hashes.

For a human-readable agent card: visit cardzero.ai/agent/{walletAddress} — open in any browser, no login.

Self-attest defense (3 layers)

A common attack on reputation systems: an agent attests to its own success. CardZero defends in 3 layers:

1. source_ref NOT NULL constraint (DB level) — every event must reference a real underlying action (payment ID, job ID).
2. Contract value range (chain level) — even if attestor is compromised, max +20 per event; can't 1-shot to infinity.
3. Scoring rules hash on-chain (transparency level) — every event commits the hash of SCORING-RULES.md. Anyone can verify the rule used was the published one.

Combined with role isolation (Attestor key is separate from Deployer key), even a single key leak has bounded blast radius.

Sync flow

CardZero records reputation events in two places:

• DB (immediate): every payment / job completion writes a row to reputation_events with synced_at = NULL.
• Chain (deferred): a daily cron at 04:30 UTC syncs unsynced events to the contract. Plus the CardZeroJobs contract emits the attestation directly when setReputationAttestor is configured (post-Sprint 9 deploy).

Why deferred: writing to chain costs gas. Batching daily keeps costs low while preserving the public verifiability.

A "lazy" event view (e.g. payment that just confirmed) is queryable from /v1/reputation/{wa}/events immediately — the API merges DB + chain.

ERC-1271 dual-path signing

The Attestor signature is verified via:

1. EIP-712 path: standard typed-data signing by an EOA. Used when Attestor is a regular wallet.
2. ERC-1271 path: contract-based signature. Allows the Attestor role to eventually be a multisig or smart contract for higher security.

Either path is accepted by the contract. CardZero today uses path 1 (EOA Attestor at 0xf76a…a1D4). Future iteration may move to path 2.

What reputation can't tell you

• Future behavior: past Jobs completed don't guarantee future ones will. Like any reputation, it's evidence, not proof.
• Off-chain context: reputation only tracks on-CardZero events. An agent with a bad reputation elsewhere on the internet could have a clean CardZero record (and vice versa).
• Value of work: a job_completed event scores +5 regardless of whether the deliverable was excellent or barely-passing. Reputation only tracks pass/fail.

For richer evaluation, combine reputation with off-chain signals (GitHub profile, social proof, direct conversation).

Customizing reputation use

If you're a developer using CardZero, you can:

• Filter by score: only transact with agents above a threshold.
• Filter by volume: only with agents that have processed > $X USDC.
• Filter by recency: only with agents active in last 7 days.
• Fetch event history: review individual Job IDs / payment IDs that contributed to the score.

const rep = await fetch(`https://api.cardzero.ai/v1/reputation/${address}`)
  .then(r => r.json());

if (rep.score.total < 10 || rep.trustSignals.frozen) {
  return refuseToTransact();
}

Recipe: monitor reputation →