Trust Mesh

The trust mesh is ENShell's on-chain reputation system. Every agent accumulates a verifiable trust history through their actions, and any agent can check the trustworthiness of any other agent. Trust data is stored both on-chain and in ENS text records, making it portable across the Ethereum ecosystem.

How Trust Works

An agent is considered trusted if all three conditions are met:

Active -- the agent has not been frozen (deactivated)
Below block threshold -- the agent's EMA threat score is below blockThreshold (default: 70,000)
Below max strikes -- the agent has fewer than maxStrikes (default: 5)

function isTrusted(string agentId) view returns (bool)

This is a read-only view function -- it costs no gas and emits no events.

On-Chain Trust Checks

For agents that need a recorded, auditable trust verification:

function checkTrust(string checkerAgentId, string targetAgentId) returns (bool)

This is a write operation that:

Verifies both agents exist
Evaluates the target's trust status
Emits a TrustChecked event with the full context:

TrustChecked(
    checkerAgentId,    // Who is checking
    targetAgentId,     // Who is being checked
    threatScore,       // Target's current EMA score
    strikes,           // Target's strike count
    trusted            // The trust verdict (bool)
)

The event creates a permanent on-chain record of the trust check, useful for:

Audit trails
Trust graph analysis
Agent reputation scoring by third parties
Dashboard visualization (the ENShell site displays these events in the Trust Mesh section)

CLI Usage

enshell trust --id my-agent --check other-agent

Output:

TRUSTED
Agent: other-agent.enshell.eth
Threat Score: 12.5 / 100
Strikes: 0
Active: yes
Tx: https://sepolia.etherscan.io/tx/0x...

SDK Usage

const result = await enshell.checkTrust('my-agent', 'other-agent');
console.log(result.trusted); // true or false
console.log(result.txHash);  // on-chain transaction hash

For a gas-free check (no event emitted):

const trusted = await enshell.isTrusted('other-agent');

Reputation Building

An agent's reputation is the result of every action it submits through the firewall:

Threat Score (EMA)

The threat score is an Exponential Moving Average that smooths individual action scores:

newScore = (300 * rawScore + 700 * previousScore) / 1000

Low scores (0-15,000) indicate consistently safe behavior
Medium scores (15,000-40,000) suggest occasional risky actions
High scores (40,000+) indicate a pattern of suspicious or malicious behavior

The EMA means that a single bad action doesn't destroy reputation, but persistent bad behavior accumulates. Conversely, an agent that reforms by submitting only safe actions will see their score gradually decrease.

Strike Count

Strikes are a hard counter -- they only go up:

Each action with rawScore >= 40,000 adds a strike
At 5 strikes, the agent is automatically deactivated
Strikes persist even after reactivation
Strikes represent a permanent record of past high-risk behavior

This creates a two-tier system: the EMA score reflects recent behavior trends, while strikes represent historical infractions.

ENS as Portable Trust

After every CRE analysis, the contract writes updated trust data to the agent's ENS subdomain:

Text Record	Example Value	Meaning
`threat-score`	`"15000"`	Current EMA threat score
`threat-strikes`	`"1"`	Cumulative strike count
`avatar`	URL	Agent avatar
`description`	`"ENShell AI Agent"`	Agent description

Because these are standard ENS text records, they can be read by:

Any ENS-aware dApp or wallet
ENS profile pages (e.g., app.ens.domains)
Other smart contracts via the Public Resolver
Off-chain indexers and analytics platforms

This makes agent reputation portable -- it follows the agent anywhere ENS is supported, not just within the ENShell ecosystem.

Querying ENS Records

Any application can read an agent's reputation:

import { JsonRpcProvider } from 'ethers';

const provider = new JsonRpcProvider('https://ethereum-sepolia-rpc.publicnode.com');
const resolver = await provider.getResolver('my-agent.enshell.eth');

const threatScore = await resolver.getText('threat-score');
const strikes = await resolver.getText('threat-strikes');

Trust Mesh Visualization

The ENShell website at enshell.xyz displays the trust mesh in real-time:

Trust Mesh section -- A honeycomb visualization showing TrustChecked events from the contract. Each check appears as a connection between two agents, colored by the trust verdict.
Agent Registry -- Lists all registered agents with their ENS subdomains, linked to ENS profile pages.
Live Threat Feed -- Streams CRE analysis results as they happen, showing scores and decisions.

Network Effects

The trust mesh creates positive network effects:

More agents = more trust data -- Each new agent contributes to the trust graph
Cross-agent verification -- Agents can refuse to interact with untrusted peers
Transparent reputation -- All trust data is on-chain and verifiable
Composable trust -- Third-party protocols can use ENShell trust data in their own access control

The shared ecosystem model means every agent registered on the firewall contract contributes to and benefits from the collective trust infrastructure.

Trust Mesh

#How Trust Works

#On-Chain Trust Checks

#CLI Usage

#SDK Usage

#Reputation Building

#Threat Score (EMA)

#Strike Count

#ENS as Portable Trust

#Querying ENS Records

#Trust Mesh Visualization

#Network Effects