Loading
For operators
If you run an MCP server, API, or any service that AI agents connect to — you're an operator. Here's how the trusted agent registry helps you.
If you expose any API or MCP server, AI agents are connecting to it today. Some are well-behaved. Some are probing for vulnerabilities, exfiltrating data, abusing rate limits, or misrepresenting who sent them. A brand-new agent from a sketchy developer looks exactly the same as a verified, well-established one. The registry solves this.
When an agent connects, check its reputation with a single API call. Get back a trust score, verification level, and total report count. Set your own thresholds — e.g., "only allow agents scoring above 70."
GET /api/v1/agents/{agent_id}/reputation
{
"agent_id": "agent_abc123",
"trust_score": 87,
"verification_level": "org_verified",
"total_reports": 1847,
"positive_rate": 0.94,
"reporting_operators": 63,
"flags": [],
"first_seen": "2025-01-15T00:00:00Z"
}After an agent interacts with your server, report how it behaved. Positive or negative. One API call. You're contributing to the collective immune system — every report makes the registry smarter for everyone.
POST /api/v1/reports
{
"agent_id": "agent_abc123",
"outcome": "positive",
"category": "scope_compliance",
"detail": "Agent stayed within declared permissions",
"timestamp": "2025-06-01T14:30:00Z"
}If you use Vouched agent checkpoint as your MCP server, reputation reporting happens automatically. Every agent interaction is reported to KnowThat.ai without a single line of extra code.
Did the agent stay within its declared permissions?
Did the agent treat sensitive data appropriately?
Did the agent respect your usage policies?
Did the agent accurately represent who it is?
Did the agent follow your server's stated policies?
Did the agent handle errors and denials gracefully?