Agent Credit Protocol

A minimal open-source protocol for economically accountable AI agents.

The protocol implements one idea:

If an agent produces objectively invalid output, its bonded stake can be slashed automatically.

This repository is not a full platform.
It is a small protocol-layer proof of concept with three primitives:

Stake()
Verify()
Slash_or_Reward()

Why this exists

LLM and autonomous agents are useful, but they are unsafe in zero-tolerance workflows:

• Invalid JSON
• Schema mismatch
• Wrong function arguments
• Code that does not compile
• Unauthorized wallet action
• Procurement quantity mistakes

Current tooling usually detects failures after the fact.
Agent Credit Protocol adds an economic consequence:

valid output   -> reward / release stake
invalid output -> slash bonded stake

Current PoC Scope

The first verifier supports deterministic JSON schema checks.

Example failure:

Agent promised valid JSON
Agent returned malformed text
Verify() failed
Slash_or_Reward() slashed bonded stake
Client received compensation credit

No model API key is required for the demo.
The demo simulates a hallucinated LLM response so the protocol can be tested locally.

Quick Start

cd agent-credit-protocol
python -m venv .venv
source .venv/bin/activate
pip install -e .
python examples/json_schema_slash_demo.py

Expected output:

[Stake] executor=node_001 amount=100
[OpenTask] task=...
[Verify] valid=False reason=Output is not valid JSON
[Slash] executor=node_001 slashed=25 client=user_001 credited=25

Run tests:

python -m unittest discover -s tests

Core API

from agent_credit_protocol import AgentCreditProtocol

protocol = AgentCreditProtocol()

protocol.Stake("node_001", 100)

task = protocol.open_task(
    executor_id="node_001",
    client_id="user_001",
    bond=25,
    reward=5,
    verifier_type="json_schema",
    schema={
        "type": "object",
        "required": ["summary", "risk"],
        "properties": {
            "summary": {"type": "string"},
            "risk": {"type": "string", "enum": ["low", "medium", "high"]}
        }
    }
)

protocol.Verify(task.task_id, "not json")
protocol.Slash_or_Reward(task.task_id)

Protocol State Machine

Executor stakes balance
        |
        v
Task opened with bonded stake
        |
        v
Output submitted to Verify()
        |
        +--> valid=True  --> Slash_or_Reward() --> reward + bond released
        |
        +--> valid=False --> Slash_or_Reward() --> bond slashed to client

Invariants

1. A task cannot be opened without sufficient executor stake.
2. A task bond is locked before verification.
3. A task can only be settled once.
4. Invalid deterministic output causes slashing.
5. Valid deterministic output releases the bond and can issue reward.
6. Client compensation is capped by the bonded amount.
7. The protocol never judges subjective quality in the MVP.

What This Does Not Guarantee

This PoC does not guarantee:

• Financial returns
• Market-loss insurance
• Subjective answer quality
• Legal liability coverage
• Protection from bad user prompts
• Protection from invalid schemas

The MVP only handles objectively verifiable failures.

Repository Structure

agent-credit-protocol/
├─ README.md
├─ pyproject.toml
├─ src/agent_credit_protocol/
│  ├─ __init__.py
│  ├─ core.py
│  └─ verifiers.py
├─ examples/
│  └─ json_schema_slash_demo.py
├─ tests/
│  └─ test_protocol.py
├─ contracts/
│  └─ AgentCreditProtocol.sol
└─ docs/
   └─ technical-spec.md

Future Verifiers

The same protocol can support:

• json_schema
• typescript_compile
• python_unit_test
• solidity_static_check
• wallet_policy_check
• procurement_budget_check

Positioning

Technical positioning:

A slashing protocol for verifiable AI-agent failures.

Developer-facing positioning:

An open protocol that makes agent outputs economically accountable.