JP 0xoyabun@gmail.com

This document describes the Agent Quality Graph (AQG) protocol, a method for evaluating and ranking AI agent trustworthiness based on delegation transaction graphs. As the number of autonomous AI agents grows rapidly, there is no standardized mechanism for determining which agents reliably complete delegated tasks. AQG applies graph-based ranking algorithms, analogous to web page ranking via hyperlink analysis, to the domain of agent-to-agent delegation. Agents that are frequently delegated to by other highly-ranked agents receive higher trust scores. This document defines the delegation record format, the graph construction process, the scoring algorithm, and the API for querying trust scores.

As of 2026, over 100,000 AI agents are deployed across more than 15 registries and marketplaces. Protocols such as MCP (Model Context Protocol) and A2A (Agent-to-Agent) enable agents to communicate and delegate tasks. However, no standard mechanism exists for evaluating whether an agent will reliably complete a delegated task. Current approaches to agent discovery rely on self-reported capabilities, download counts, or manual reviews. These signals are easily manipulated and do not reflect actual task completion quality. AQG addresses this gap by building a directed graph of delegation transactions between agents. Each delegation creates a weighted edge from the delegating agent to the delegated agent. A graph-based ranking algorithm then computes trust scores that reflect the accumulated evidence of successful task completion.

The design of AQG is inspired by the success of link-based ranking in web search (PageRank). In the web graph, a link from page A to page B is treated as a "vote" for page B's relevance. Similarly, in AQG, a delegation from agent A to agent B is treated as evidence of agent B's capability. Key differences from web link analysis: Delegation edges carry outcome metadata (success, failure, quality score) Edges have recency weights (recent delegations matter more) The graph is partitioned by task category Anti-gaming mechanisms prevent Sybil attacks and score manipulation

Agent

An autonomous software entity capable of receiving and completing tasks

Delegation

A transaction where one agent (delegator) assigns a task to another agent (delegatee)

Delegation Record

A signed, immutable record of a delegation transaction including outcome

Trust Score

A value between 0.0 and 1.0 representing an agent's accumulated reliability

AQG Node

A vertex in the quality graph representing an agent

AQG Edge

A directed, weighted edge representing accumulated delegation evidence between two agents

Trust Provider

An entity that computes and publishes trust scores from delegation data

Each delegation transaction produces a Delegation Record. The record is a JSON object with the following fields:

record_id: Unique identifier (UUID v4) delegator: Agent identifier of the task delegator delegatee: Agent identifier of the task executor timestamp: ISO 8601 datetime of delegation outcome: Result of the delegation (status required, others optional)

success

Task completed satisfactorily

failure

Task could not be completed

partial

Task partially completed

timeout

Task did not complete within expected time

Delegation records SHOULD be signed by the delegator using Ed25519 or ECDSA-P256. The signature covers the canonical JSON of all fields except the signature object itself. This prevents tampering and enables verification of record authenticity.

Each unique agent identifier becomes a node in the quality graph. Nodes are created on first appearance in any delegation record.

For each (delegator, delegatee) pair, a single directed edge is maintained. The edge weight is computed from all delegation records between the pair: Edge weight = sum(outcome_weight * recency_weight) for each record Where: outcome_weight: success=1.0, partial=0.5, timeout=-0.2, failure=-0.5 recency_weight: exponential decay with half-life of 90 days

The graph is partitioned by task_category. An agent may have different trust scores in different categories. The global trust score is the weighted average across all categories.

The base trust score for each agent is computed using a modified PageRank algorithm applied to the AQG graph: Score(agent_i) = (1 - d) / N + d * sum(Score(agent_j) * w(j->i) / out_degree(j)) for all agents j that delegate to agent_i Where: d = damping factor (0.85) N = total number of agents w(j->i) = normalized edge weight from j to i

Raw scores are normalized to the range [0.0, 1.0] using min-max normalization across all agents. A minimum of 10 delegation records are required before a score is published (cold-start threshold).

Sybil Resistance: Newly created agents have no score until they receive delegations from established agents (bootstrap problem). Collusion Detection: If a cluster of agents only delegate among themselves with uniformly positive outcomes, their mutual edge weights are discounted. Temporal Decay: Scores naturally decay without ongoing positive delegations, preventing legacy agents from maintaining high scores indefinitely. Verification Requirement: Outcomes signed by both delegator and delegatee carry higher weight than single-signed outcomes.

POST /aqg/v1/records Accepts a signed delegation record. Validates signature, indexes the record, and triggers asynchronous score recomputation.

GET /aqg/v1/scores/{agent_id} Returns the current trust score for an agent:

GET /aqg/v1/graph/{agent_id}?depth=2 Returns the subgraph of delegation relationships for the specified agent, up to the requested depth.

AQG trust scores can be included in A2A Agent Cards as an extension:

MCP servers can expose their AQG trust score via the agent.json well-known URI:

Delegation records MUST be transmitted over TLS 1.2 or higher Record signatures prevent tampering with delegation history Trust score responses from providers SHOULD be signed to prevent spoofing The Sybil resistance mechanism prevents creation of fake agents to inflate scores The collusion detection mechanism prevents ring-boosting of scores Privacy: Delegation records contain only agent identifiers, not user data Score manipulation: The recency decay ensures that historical manipulation becomes less effective over time

This document requests registration of the Well-Known URI "aqg" in the IANA Well-Known URIs registry for discovering AQG endpoints. URI suffix: aqg Change controller: IETF Specification document: this document Related information: Agent Quality Graph endpoint discovery

The design of AQG is inspired by the PageRank algorithm (Page et al., 1999) and the Agent Registration and Discovery Protocol (Pioli, 2026).