AgentRank

AgentRank is a trust API for the agent economy. The main user is not a human browsing a leaderboard, but an AI agent deciding whether it should delegate work, call another agent, or pay another agent. Before an agent sends money or hands off a task, it can call AgentRank’s API with the target ERC-8004 agent ID and receive a risk report: whether the agent is registered, active, payable, human-backed, reputation-bearing, ENS-linked, and safe enough to proceed.

ERC-8004 gives agents a shared identity and reputation layer, but raw registry data is not enough for trust. A newly registered agent can look valid while having no feedback. A spammer can submit positive ratings from many wallets. An agent can support x402 payments without being trustworthy. AgentRank turns those raw signals into a practical decision layer: “safe to call”, “review before calling”, or “do not call”.

AgentRank indexes ERC-8004 Identity and Reputation Registry events from Ethereum mainnet, enriches each agent with metadata, and computes a trust score. The score combines four implemented trust axes: ERC-8004 registry profile, reputation quality, ENS identity, and human accountability. x402 support is shown separately as transactability, because being payable only means the agent can receive payment, not that it is honest.

A key part of AgentRank is Sybil-resistant reputation. Feedback is not treated as a simple average. AgentRank clusters feedback so repeated ratings or related wallets do not count as many independent voices. It also uses Google BigQuery over Ethereum mainnet data to analyze rater behavior: whether a wallet rates many agents, whether it is a fresh wallet, whether it has real transaction history, and whether many wallets appear to share a funding source.

AgentRank also uses human accountability signals. World ID is used for verified human raters and owner wallets, but for agents themselves we integrated the AgentKit/AgentBook model: the stronger question is whether the agent wallet is backed by a human. In the scoring logic, an AgentKit human-backed agent receives the full human-accountability component. Owner World ID remains a weaker fallback signal for operator accountability.

During the hackathon, feedback from the booths shaped the final architecture. The Google team pushed us to use BigQuery for more than ingestion, especially for analytics and spam detection around duplicated feedback, high fan-out raters, fresh wallets, and rater concentration. The World team clarified that agent trust should use AgentKit/AgentBook to check whether the agent itself is human-backed, instead of relying only on World ID owner/rater verification. Stephan from Blink also gave product feedback on the card design and dashboard, which led us to make the leaderboard more compact, remove address clutter, show feedback counts directly, and make trust/risk signals easier to scan.

The result is a trust layer that agents can call programmatically. The dashboard exists to inspect and debug the trust economy, but the core product is the API: before an autonomous agent delegates a task or pays another agent, it can ask AgentRank whether that target agent has enough verifiable signal to proceed.

AgentRank is built as a Next.js frontend and a Fastify backend with Prisma and SQLite. The backend exposes REST routes for agent search, individual agent profiles, risk reports, ingestion, analytics, rater verification, owner verification, AgentKit checks, ENS resolution, and demo feedback. The frontend provides the dashboard, analytics page, verification flows, leaderboard, and per-agent risk report UI.

The ingestion pipeline starts with Google BigQuery. The backend queries Google’s public Ethereum mainnet dataset for logs emitted by the ERC-8004 Identity Registry and Reputation Registry. Identity logs are decoded into agent records containing the agent ID, owner address, agent URI, registration block, and metadata. Reputation logs are decoded into feedback events with rater wallet, feedback value, tags, URI, hash, block timestamp, and transaction hash. These decoded records are stored locally through Prisma so the API can respond quickly without querying BigQuery on every request.

The trust score is implemented in the backend scoring code. The current score has four trust components: registry profile up to 35 points, reputation up to 30 points, ENS identity up to 20 points, and human accountability up to 15 points. The registry profile checks whether the agent is registered, has an agent URI, has fetched metadata, is marked active, exposes service endpoints, and declares reputation support. ENS enrichment checks owner ENS and declared agent ENS signals. Human accountability gives full points when the agent wallet is human-backed through AgentKit/AgentBook-style verification, with owner World ID as a smaller fallback. x402 is deliberately excluded from the trust score and shown separately as a payment capability.

The reputation system builds cluster-collapsed “voices” from feedback instead of counting every event equally. A direct World ID verified rater counts as a full accountable voice. An AgentKit human-backed agent rater counts as an accountable but less direct voice. Anonymous wallets start at lower weight and can be reduced by Sybil signals. If an agent has feedback but no verified human or human-backed raters, reputation is capped so wallet farms cannot push an agent into a high-trust state.

BigQuery is also used for the analytics and anti-spam layer. The app includes queries for registry growth, feedback volume, most-rated agents, top-rated agents by decoded score, most active raters, owner concentration, rater concentration, feedback score bands, and fresh-wallet pressure. These queries are used by the analytics page to show what is happening across the broader ERC-8004 network, not just the local indexed subset. When BigQuery is unavailable locally, the backend returns a degraded response and the frontend falls back to local indexed analytics instead of pretending the network has no activity.

For human verification, the backend has separate flows for raters, owners, and AgentKit-backed agents. Rater verification proves that a wallet submitting feedback belongs to a unique human. Owner verification proves that an agent owner wallet is controlled by a unique human. AgentKit verification is used for the agent wallet itself: the agent can be marked as human-backed, and that status affects both its own trust score and how its feedback is weighted when it rates other agents. The code also includes an AgentBook verifier path using World’s AgentKit package, with a demo fallback for local testing.

The final product changed based on booth and mentor feedback during the hackathon. Google’s feedback led us to expand BigQuery into network analytics and anti-spam detection, not just ingestion. World’s feedback led us to treat AgentKit/AgentBook human-backing as the strongest agent-accountability signal. Stephan from Blink’s product feedback helped refine the leaderboard cards and dashboard so the UI surfaces the important trust signals quickly: risk level, feedback count, human signal, ENS, x402, and report access.

The final product is exposed through both API and UI. The API returns machine-readable trust reports for agents that need to decide whether to call, delegate to, or pay another agent. The UI makes the same system inspectable: leaderboard cards show scores, human-backing badges, x402 support, ENS signals, feedback counts, and risk levels; agent detail pages show the breakdown behind each score; analytics pages show network-level reputation and spam patterns.