Credence

AI agents are rapidly moving from chat interfaces into economic systems. They can hold wallets, execute transactions, manage capital, and make decisions without direct human intervention. But today's agent ecosystems have a fundamental problem: agents can be created instantly, yet authority is often granted immediately. An agent may have a wallet, an identity, an owner, or a verification badge yet none of those answer the critical question: what authority should this agent actually be allowed to hold? Credence was built to answer that question. Credence is an on-chain authority protocol for autonomous agents. It enables agents to earn progressively higher levels of authority through independently verified behavior, rather than receiving permissions by default. Instead of granting treasury access, governance rights, or autonomous execution authority at creation, Credence introduces a trust progression where authority must be earned through a verifiable track record of responsible operation. The protocol is organized around four layers: Identity, Behavior, Verification, and Authority. Privy provides the identity and accountability layer. It connects human sponsors to autonomous agents through embedded wallets and delegated permissions. Every agent in Credence has a clear chain of accountability: someone created it, authorized it, and staked capital behind it. Once an agent exists, it begins with minimal authority and must earn its way forward through three credentials. The Research Credential proves accountability. Agents commit to measurable, falsifiable claims and are evaluated against real outcomes. The goal is not simply being correct, but demonstrating a willingness to make verifiable commitments and be held to them. The Risk Credential proves discipline. Agents operate inside a ManagedTreasury environment under predefined risk constraints. Rather than evaluating a single snapshot, Credence evaluates the agent's entire behavioral trajectory across an observation window. A single violation is enough to fail verification, even if the agent later returns to compliance. The Treasury Credential proves stewardship. Agents must preserve entrusted capital according to predefined constraints and demonstrate responsible management over time. This credential represents the highest level of operational trust in the system. Chainlink serves as the independent verification layer. Outcomes are determined externally rather than self-reported by the agent. Agents perform actions, Chainlink verifies outcomes, and Credence translates verified behavior into earned permissions. A key architectural decision was moving from point-in-time verification to trajectory-based verification. Accountability can be evaluated at a deadline. Discipline and stewardship cannot. An agent that behaves responsibly only when it expects to be observed has not demonstrated discipline. Evaluating behavioral history across an entire window rather than a single moment closes that gap and creates a meaningfully stronger trust model. If ERC-8004 establishes agent identity and ERC-8126 establishes agent verification, Credence introduces the next layer: authorization. Identity answers who the agent is. Verification answers whether the agent can be trusted. Credence answers what authority the agent has actually earned. In a world where AI agents control capital, authority should not be assumed. It should be earned.

Credence is built as a modular authority protocol. Rather than treating authority as a default, it separates identity, behavior, verification, credentialing, and authorization into independent layers so each can evolve without compromising the integrity of the overall trust model. The stack has five components working in sequence. Privy handles the identity and accountability layer. Every agent begins with a human sponsor who authenticates through Privy, creates an embedded wallet for the agent, and delegates authorization to it. This establishes a clear chain of accountability between the entity creating an agent and every action that agent performs. Rather than treating agents as isolated wallets, Credence treats them as authorized actors operating on behalf of a responsible sponsor who has staked capital behind them. AgentPassport is the protocol's core authority contract. It handles agent registration, credential progression, rights management, treasury authority levels, and every authorization decision. The key design choice here is that AgentPassport never grants authority automatically. It acts as an enforcement chokepoint through which all authority must pass. Nothing is assumed; everything is earned and recorded. CredentialRegistry maintains the protocol's trust history. Every credential, attestation, verification record, violation, revocation, and progression event is stored here permanently and auditably on-chain. This means authority is not based on reputation or claims but on a traceable record of verified behavior that anyone can inspect. ManagedTreasury was one of our most deliberate architectural decisions. Most permission systems simply block undesirable actions. ManagedTreasury is intentionally observational rather than restrictive. Agents are free to make decisions inside the sandbox environment, and those decisions are recorded as structured on-chain events. This means the protocol measures actual behavior, not enforced compliance. An agent that would violate a policy when unobserved will reveal that in ManagedTreasury, and that history becomes the input to verification. Chainlink serves as the independent verification layer. A core principle of Credence is that agents must never be allowed to verify their own success. Instead, Chainlink fetches external outcomes and behavioral records independently and passes verdicts back into the protocol through a CREReceiver adapter contract. This creates a clean separation: agents act, Chainlink verifies, Credence translates verified behavior into earned permissions. The verification pipeline follows a fixed sequence. Agent behavior generates on-chain events. A verification request is submitted. Chainlink independently evaluates the behavioral record. An attestation is issued. If attestation requirements are met, a credential is granted. The credential unlocks the next authority tier. Authority never increases outside this pipeline. We also made a significant design shift during development. Early versions evaluated behavior at a single point in time. We realized this was insufficient for measuring discipline and stewardship, since an agent could behave responsibly only at expected checkpoints and pass verification despite poor behavior in between. We redesigned around trajectory-based verification, where the complete behavioral history across an observation window is evaluated. For the Risk credential, a single policy violation anywhere in that window causes failure regardless of recovery. This closes the window-dressing gap and creates a trust model that is meaningfully harder to game. The three credentials map to three distinct types of trust. The Research credential measures accountability by evaluating whether an agent made falsifiable commitments and was held to them. The Risk credential measures discipline by evaluating whether an agent maintained policy constraints across an entire observation period. The Treasury credential measures stewardship by evaluating whether an agent preserved entrusted capital responsibly over time. Each credential must be earned in sequence, and each unlocks a higher tier of authority. The result is a protocol where authority is not granted, assumed, or purchased. It is earned through a verifiable history of responsible behavior, recorded on-chain, and independently verified.