Trust Anchor Architecture: Shyft × Keycard Hybrid Model

How we combine on-chain identity infrastructure with agent-wrapping deployment

Section 1

Current State: Architecture Comparison

Our Stack

Shyft Trust Anchor Layer

  • Flat botToTrustAnchor mapping — one bot maps to one human, no hierarchy
  • ShyftGatedResolver validates attestations before on-chain storage
  • MachineConsentHelper manages consent + registration flow
  • Trust channel rules enforced at resolver level (fee caps, allowed operations)
  • PageRank reputation scoring via oracle
  • Citation-based academic trust model
Overlap
Identity binding
Human → Agent
Policy enforcement
Rules gate actions
Traces to human
Accountability chain
Keycard

Keycard's Model

  • keycard run wrapping — any existing agent gets identity layer
  • Ephemeral session tokens with built-in expiry
  • Policy contracts define per-agent allowable actions
  • Network-edge enforcement — rules applied at execution boundary
  • Revocation propagates through agent tree
  • Hardware-binding via secure enclaves
Section 2

Gap Analysis

GAP 01

No Hardware Binding

Software-only identity can be cloned or spoofed. No proof the agent runs on a specific device.

We have
Nothing — pure software identity
Proposed
App Attest / ZKML device proofs
GAP 02

No Per-Session Liveness

Once registered, an agent is trusted indefinitely. No mechanism to verify ongoing activity or consent.

We have
One-time registration, no expiry
Proposed
Attestation expiry + renewal cycles
GAP 03

No Revocation Cascade

Revoking a trust anchor leaves orphaned bots still holding valid attestations.

We have
Orphaned bots on anchor revocation
Proposed
deregisterTrustAnchor() cascade
GAP 04

No Sub-Agent Hierarchy

Flat mapping cannot represent agents spawning sub-agents or delegating authority.

We have
Flat bot → anchor mapping
Proposed
Delegated attestation chains
GAP 05

No Device-Layer Policy

Trust channel rules exist but are only enforced at the resolver level, not at the agent execution boundary.

We have
Resolver-level enforcement only
Proposed
Trust channel rule surfacing to agent runtime
Section 3

Proposed Hybrid Architecture

Human KYC'd Identity TRUST ANCHOR Shyft-verified On-chain identity + Revocation cascade Issues ATTESTATION Per-Agent Credential Trust channels inherited Policy rules embedded Expiry + renewal cycle Reputation score link Delegation depth limit AGENT On-chain operations CITATIONS Activity tracked PAGERANK Reputation scored Feeds back Flow Legend Registration / Issue Feedback / Renewal Activity / Scoring Score feeds attestation Key insight: reputation becomes a living credential, not a static registration. Hybrid Trust Anchor Flow Registration → Attestation → Operation → Scoring → Renewal SUB-AGENT Delegated attestation Inherited channels HARDWARE LAYER (Phase 3) App Attest / ZKML — Device binding for trust anchors & agents Phase 1: Identity + Revocation Phase 2: trust-wrap + API Phase 3: Hardware + Delegation
Section 4

"trust-wrap" GTM Concept

Zero code changes required. Any existing agent framework gets on-chain identity and reputation passively.

1
Existing Agent
Any framework — LangChain, AutoGPT, custom
2
trust-wrap CLI
One command wraps the agent runtime
3
Attestation Issued
On-chain identity linked to trust anchor
4
Activity Monitored
On-chain actions tracked passively
5
Reputation Built
PageRank score accrues over time
6
Score Queryable
REST API + on-chain read
No code changes to the agent required — trust-wrap operates as a transparent sidecar

Developer Experience

  • npm i -g @shyft/trust-wrap
  • trust-wrap init --anchor 0x...
  • trust-wrap run -- python agent.py
  • Automatic attestation, monitoring, scoring
  • Dashboard at trust-wrap status

What Gets Wrapped

  • Outbound RPC calls intercepted and logged
  • Transaction signing routed through attested wallet
  • Session tokens auto-renewed on expiry
  • Policy violations flagged in real-time
  • Agent health heartbeat to trust anchor
Section 5

Implementation Roadmap

Month 1

Attestation-Based Registration

Replace flat botToTrustAnchor mapping with EAS-based attestation system. Per-agent credentials with embedded trust channel rules and expiry.

Month 2

Revocation Cascade + Rule Surfacing

Implement deregisterTrustAnchor() with automatic child attestation revocation. Surface trust channel rules to agent runtime via attestation metadata.

Month 3

trust-wrap CLI + Passive Monitoring

Ship the CLI tool. Intercept RPC calls, auto-attest agents, begin passive activity tracking. Support LangChain, AutoGPT, and raw Python/JS agents.

Month 4

Reputation API

Public REST API and on-chain view functions for querying agent reputation scores. Score-gated access patterns for DeFi protocols.

Month 5

Hardware Binding

Integrate Apple App Attest and ZKML device proofs for trust anchor verification. Hardware-bound attestations resist cloning and spoofing.

Month 6

Sub-Agent Delegation Chains

Hierarchical attestation trees: agents can spawn sub-agents with delegated authority and depth limits. Full revocation cascade through the tree.

Section 6

Capability Comparison Matrix

Capability Us (Current) Keycard Proposed Hybrid
Identity Binding Shyft KYC → Trust Anchor → Bot (flat mapping) Keycard ID → ephemeral session tokens Shyft KYC → Trust Anchor → EAS Attestation per agent
Policy Enforcement Resolver-level only (ShyftGatedResolver) Network-edge policy contracts Resolver + embedded rules in attestation + runtime enforcement
Agent Lifecycle Register once, no expiry or renewal Ephemeral tokens, auto-expire Attestation expiry + score-gated renewal cycles
Revocation Manual per-bot, no cascade Tree-based cascade revocation deregisterTrustAnchor() with full child cascade
Hardware Binding None Secure enclave integration Phase 3: App Attest + ZKML (month 5-6)
Reputation PageRank oracle, citation-based scoring No reputation layer PageRank + citations + score feeds attestation renewal
Sybil Resistance KYC-gated (humans only) Hardware-gated (devices only) KYC + hardware + reputation (3-layer defense)
Decentralization Fully on-chain, oracle for scores Policy contracts on-chain, execution off-chain All on-chain: identity, attestation, policy, reputation
GTM Approach SDK integration required CLI wrapping, zero code changes trust-wrap CLI: zero code changes + passive reputation
Full capability
Partial / Planned
Missing