DEV Community

Cover image for REPUTATION_THRESHOLD Policy: Only Let High-Rep AI Agents Touch Your Funds
Wallet Guy
Wallet Guy

Posted on

REPUTATION_THRESHOLD Policy: Only Let High-Rep AI Agents Touch Your Funds

#ai #security #blockchain #web3

The REPUTATION_THRESHOLD policy in WAIaaS creates a trust barrier between AI agents and your crypto funds, requiring onchain reputation scores before agents can execute transactions. Instead of trusting any agent that claims to be helpful, you set a minimum reputation threshold that agents must meet through proven onchain behavior and community validation.

Why Onchain Reputation Matters for AI Agents

As AI agents become more autonomous with crypto wallets, the question isn't whether they'll make mistakes—it's how much damage they can do when they inevitably do. Traditional access control relies on identity and credentials, but AI agents don't have permanent identities or employment histories. They need a different trust model.

Onchain reputation systems like ERC-8004 create verifiable track records of agent behavior. Every transaction, every protocol interaction, every success and failure gets recorded permanently. The REPUTATION_THRESHOLD policy lets you say: "This agent can only touch my funds if the blockchain proves it has a track record of responsible behavior."

How WAIaaS Reputation Policies Work

WAIaaS implements the REPUTATION_THRESHOLD policy as part of its 21-policy security framework. When an agent tries to execute a transaction, the policy engine queries the agent's onchain reputation score and blocks the transaction if the score falls below your threshold.

Here's how to create a reputation-based policy:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "REPUTATION_THRESHOLD",
    "rules": {
      "minReputation": 75,
      "reputationProvider": "erc8004",
      "gracePeriod": 86400
    }
  }'
Enter fullscreen mode Exit fullscreen mode

The policy enforces three key controls:

  1. Minimum Score: Agents below your threshold get blocked entirely
  2. Reputation Provider: Which onchain reputation system to trust (ERC-8004 initially)
  3. Grace Period: How long to cache reputation scores before re-checking

ERC-8004 Integration: Trustless Agent Verification

WAIaaS integrates with ERC-8004, an emerging standard for trustless agent reputation. Unlike centralized reputation systems, ERC-8004 stores agent behavior data directly onchain where it can't be manipulated or deleted.

You can query an agent's reputation directly through WAIaaS:

# Check agent reputation via MCP tool
curl -X POST http://127.0.0.1:3100/v1/actions/erc8004/get-reputation \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "agentAddress": "0x742d35Cc6634C0532925a3b8D05c82A4f0dC53A5"
  }'
Enter fullscreen mode Exit fullscreen mode

The system tracks multiple reputation dimensions:

  • Transaction Success Rate: How often the agent's transactions succeed
  • Risk-Adjusted Returns: Performance weighted by risk taken
  • Protocol Compliance: Whether the agent follows protocol rules correctly
  • Community Validation: Scores from other users and validators

Layered Security: Beyond Reputation

The REPUTATION_THRESHOLD policy works alongside WAIaaS's other security layers. Even high-reputation agents still face spending limits, token whitelists, and time delays:

# Combine reputation with spending limits
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 500
    }
  }'
Enter fullscreen mode Exit fullscreen mode

This creates defense in depth: reputation controls which agents can access your funds, while spending limits control how much they can move. The 4-tier security system (INSTANT/NOTIFY/DELAY/APPROVAL) ensures that even trusted, high-reputation agents face increasing friction for larger transactions.

Default-Deny Philosophy

WAIaaS follows a default-deny approach: agents are blocked unless explicitly allowed. The REPUTATION_THRESHOLD policy extends this philosophy to agent identity. Without a reputation score above your threshold, the agent can't execute any transaction, regardless of other policies.

This pairs with token and contract whitelisting:

# Only allow specific tokens
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {
          "address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
          "symbol": "USDC",
          "chain": "solana"
        }
      ]
    }
  }'
Enter fullscreen mode Exit fullscreen mode

The combination is powerful: only high-reputation agents can access your wallet, and they can only touch tokens you've explicitly allowed.

Setting Appropriate Thresholds

Reputation thresholds require careful tuning. Set them too high and legitimate agents get blocked. Too low and you're not actually filtering out risky agents.

Consider these guidelines:

  • Conservative (80-100): Only battle-tested agents with extensive track records
  • Moderate (60-79): Agents with solid but limited history
  • Permissive (40-59): Newer agents with basic validation

You can also implement tiered thresholds based on transaction size:

{
  "minReputation": 40,
  "tieredThresholds": {
    "instant_reputation": 60,
    "notify_reputation": 50,
    "delay_reputation": 45,
    "approval_reputation": 40
  }
}
Enter fullscreen mode Exit fullscreen mode

Higher-value transactions require higher reputation scores, while small transactions can proceed with lower thresholds.

Quick Start: Reputation-Gated Agent Access

Here's how to set up reputation-based access control:

  1. Install WAIaaS: 
npm install -g @waiaas/cli
waiaas init
waiaas start
Enter fullscreen mode Exit fullscreen mode
  1. Create a wallet with reputation policy: 
waiaas wallet create --name "secure-wallet" --chain solana
Enter fullscreen mode Exit fullscreen mode
  1. Configure reputation threshold: 
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "REPUTATION_THRESHOLD",
    "rules": {"minReputation": 70}
  }'
Enter fullscreen mode Exit fullscreen mode

  1. Test with an agent: High-reputation agents proceed normally, while low-reputation agents get blocked with a clear error message.

  2. Monitor and adjust: Check policy effectiveness through the admin dashboard at /admin and adjust thresholds based on actual usage patterns.

For deeper implementation details, see WAIaaS Policy Engine: 21 Ways to Control AI Agent Spending and Default-Deny Security: Why Your AI Agent Can't Touch Unauthorized Tokens.

Building Trust Through Transparency

The REPUTATION_THRESHOLD policy represents a shift toward evidence-based trust in AI agent interactions. Instead of hoping agents behave responsibly, you can require proof of past responsible behavior before granting access to your funds.

Ready to implement reputation-based access control for your AI agents? Check out the full implementation at GitHub or explore the live documentation at waiaas.ai. Your funds deserve better than blind trust.

Top comments (0)