Frequently asked questions
Everything you need to know about agent identity, trust scores, and the scoring system.
The Basics
What is a Signet ID (SID)?
A permanent, cross-platform identity assigned to every registered agent. The SID is the canonical way to identify any agent in the economy. It follows the format SID-0x followed by 16 hex characters and travels with the agent across every platform, marketplace, and collaboration it participates in. Identity is the foundation of trust: an agent must be identifiable before it can be scored. Agents can strengthen their identity further through callback verification, which proves control of a callback URL and upgrades their identity level.
What is a Signet Score?
A composite trust rating from 0 to 1000, built from five weighted dimensions: Reliability (30%), Quality (25%), Financial (20%), Security (15%), and Stability (10%). Higher scores indicate more trustworthy agents.
Is Signet free to use?
Yes, Signet is completely free. Registration, score lookups, identity verification, detailed reports, and configuration tracking are all available at no cost. There are no paid tiers.
How fast are score lookups?
Score lookups resolve in under 50 milliseconds. The API is designed for inline trust decisions, so platforms can check an agent before every transaction without adding latency.
Do I need authentication to look up a score?
Public lookups (composite score only) require no authentication. Full detailed reports with dimension breakdowns, configuration history, and transaction data require a valid API key.
Trust Mechanics
What counts as an "agent" that needs a Signet ID?
Any autonomous software entity that acts on behalf of a person or organization, makes decisions without human approval for each action, and interacts with external systems where trust matters. The distinguishing traits are autonomy, persistence over time, external interaction, and consequential actions. The architecture is model-agnostic: LLM-powered agents are the primary market, but a rules-based bot that executes financial transactions qualifies too. The line is whether the other party in the interaction has reason to care about trust.
Can someone transfer a high score to a different agent by reusing credentials?
Signet's component-aware scoring makes this pointless. The configuration fingerprint tracks model, prompts, tools, and memory. Swapping the underlying agent triggers score decay proportional to the severity of the change. A full replacement (different model, different prompts, different tools, different memory) craters the score back toward the operator baseline. The behavioral fingerprint adds a second detection layer: even if someone swaps in a similar configuration, observable behavior patterns diverge from historical data. The design philosophy is that the score belongs to the configuration, not just the identifier. Transferring credentials does not transfer trust.
How does scoring work when an agent changes its model?
When an agent swaps its underlying LLM, Signet applies a 25% score decay toward the operator score. The score then rebuilds as the new configuration proves itself through real transactions. Smaller changes trigger smaller decays: prompt updates (10%), tool changes (8%), memory changes (5%). These stack when multiple components change simultaneously.
What happens to my score if I update my agent's prompts or tools?
Signet applies proportional score decay: model swap (25%), prompt update (10%), tool change (8%), memory change (5%). The score decays toward your operator baseline, then rebuilds as the new configuration proves itself. Small iterative changes have minimal impact. Wholesale replacements have major impact. This is by design: the score should reflect what the agent actually is right now.
What is an operator score and how does it affect my agents?
The operator score reflects the track record of the human or organization behind an agent. It is the most stable trust anchor in the system. When an agent's configuration changes, its score decays toward the operator score, not toward zero. A strong operator score means your agents recover faster from configuration changes and start with higher projected scores.
How does confidence level work?
Confidence reflects how much real-world data backs a score. Low confidence (under 20 transactions) means the score is mostly projected from operator history and model baselines. Medium (20 or more transactions AND 7 or more days of history) means growing data with enough time to establish patterns. High (100 or more transactions AND 30 or more days of history) means the score is grounded in substantial observed behavior over a meaningful time period. Both transaction volume and time-in-system are required to advance, which prevents gaming through rapid transaction submission. Platforms can use confidence to set different trust thresholds: for example, requiring high confidence for financial transactions but accepting medium confidence for low-risk operations.
What is the relationship between a Signet ID and a Signet Score?
The Signet ID (SID) is the agent's permanent identity. It never changes, regardless of model swaps, configuration updates, or platform migrations. The Signet Score is a composite trust rating from 0 to 1000 that reflects the agent's track record under its current configuration. Identity comes first: an agent must have a SID before it can accumulate a score. The SID is the anchor; the score is the signal built on top of it.
Can I use my Signet ID without caring about the score?
Yes. The SID functions as a standalone persistent identity even if you never accumulate enough transactions for a meaningful score. Platforms can use the SID to identify returning agents, track configuration history, and link operator records, all without relying on the composite score. The identity layer has immediate value; the trust score adds additional signal over time.
Identity Verification
What are identity levels and what do they mean?
Signet assigns every agent a progressive identity level. Level 0 (Unverified) is the default for all newly registered agents. Level 1 (Callback-Verified) means the agent has proven control of a callback URL through a cryptographic challenge-response process. Level 2 (Human-Verified) means the agent has been verified by an approved operator. Identity levels are permanent and only increase. Higher levels unlock stronger recommendations: unverified agents are capped at "Review" regardless of score, while verified agents with scores above 700 can earn "Clear."
How do I verify my agent's identity?
Send a POST request to /agents/:sid/verify with a callbackUrl field. Signet delivers a 64-character hex challenge token to that URL. Your agent then confirms the token by sending it to /agents/:sid/verify/confirm. Both requests require the agent's API key. On success, the agent's identity level upgrades to 1 (Callback-Verified). The process proves your agent controls the callback URL and takes seconds to complete.
Why can't my unverified agent get a "Clear" recommendation?
This is a deliberate security measure. The "Clear" recommendation tells platforms that minimal oversight is safe for this agent. That level of trust requires knowing who the agent is, not just that it has a high score. An anonymous agent with a high score could be anyone. Callback verification removes this cap: once verified, a score of 700 or above immediately produces a "Clear" recommendation.
What happens during callback verification?
The process has three steps. First, you call POST /agents/:sid/verify with your HTTPS callback URL. Second, Signet validates the URL (must be HTTPS, must not resolve to a private address) and delivers a POST request to it containing a challenge_token and the agent's SID. Third, your agent sends the token to POST /agents/:sid/verify/confirm. If the token matches and has not expired (10-minute window), the agent's identity level is upgraded to 1.
How secure is the verification process?
Verification tokens are 256-bit random values (64 hex characters), expire after 10 minutes, and are single-use. The callback URL must use HTTPS and is checked against private IP ranges (SSRF protection). The same API key that initiated the verification must be used to confirm it. Verification attempts are rate-limited to 3 per hour per agent.
Can someone impersonate my agent's SID?
No. The SID is generated from a SHA-256 hash of the operator identity, agent name, and cryptographic entropy. After callback verification, the identity is bound to a specific callback URL that only you control. The API key required for all authenticated operations is single-issue and cannot be retrieved after registration. The combination of cryptographic SID generation, callback-bound verification, and single-issue API keys makes impersonation infeasible.
Privacy and Data
What data does Signet collect about my agent?
Signet stores a configuration fingerprint (a hash of your model, prompt, tools, and memory stack, not the actual content), transaction outcome signals reported by platforms, and the resulting scores. Signet does not see your prompts, training data, user conversations, or internal logic. The fingerprint is a one-way hash: the original configuration cannot be reconstructed from it.
Who can see my agent's score?
The composite score and recommendation (clear, review, or caution) are public via the lookup API and the Signet website. Full dimension breakdowns, configuration history, and detailed reports require an authenticated API key. You control what you share beyond the public composite score.
Getting Started
What's the difference between self-registration and operator registration?
Self-registration (POST /register/self) is for autonomous agents registering themselves: no human approval needed, returns a SID and API key immediately. Operator registration is for humans managing agent fleets: apply for an operator account, get approved, then register and manage multiple agents under one account with a shared operator score.
How is Signet different from API rate limiting or platform allowlists?
Rate limits and allowlists are binary: you are in or you are out. Signet provides a continuous trust signal (0 to 1000) that platforms can use to make graduated decisions: higher transaction limits for higher scores, escrow requirements based on risk, priority access for proven agents. The score is also portable: it follows the agent across every platform that checks Signet, unlike platform-specific reputation.
Is my score portable across platforms?
Yes. A Signet ID is a universal identifier. An agent's score, built from transaction data across all integrated platforms, is visible everywhere. A strong track record on one platform directly benefits the agent on every other platform that checks Signet.
Still have questions? Read the docs or get started with registration.