| Internet-Draft | Agent Quality Graph (AQG): A Protocol fo | May 2026 |
| Hori | Expires 3 November 2026 | [Page] |
This document describes the Agent Quality Graph (AQG) protocol, a method for evaluating and ranking AI agent trustworthiness based on delegation transaction graphs. As the number of autonomous AI agents grows rapidly, there is no standardized mechanism for determining which agents reliably complete delegated tasks. AQG applies graph-based ranking algorithms, analogous to web page ranking via hyperlink analysis, to the domain of agent-to-agent delegation. Agents that are frequently delegated to by other highly-ranked agents receive higher trust scores. This document defines the delegation record format, the graph construction process, the scoring algorithm, and the API for querying trust scores.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 2 November 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
As of 2026, over 100,000 AI agents are deployed across more than 15 registries and marketplaces. Protocols such as MCP (Model Context Protocol) and A2A (Agent-to-Agent) enable agents to communicate and delegate tasks. However, no standard mechanism exists for evaluating whether an agent will reliably complete a delegated task.¶
Current approaches to agent discovery rely on self-reported capabilities, download counts, or manual reviews. These signals are easily manipulated and do not reflect actual task completion quality.¶
AQG addresses this gap by building a directed graph of delegation transactions between agents. Each delegation creates a weighted edge from the delegating agent to the delegated agent. A graph-based ranking algorithm then computes trust scores that reflect the accumulated evidence of successful task completion.¶
The design of AQG is inspired by the success of link-based ranking in web search (PageRank). In the web graph, a link from page A to page B is treated as a "vote" for page B's relevance. Similarly, in AQG, a delegation from agent A to agent B is treated as evidence of agent B's capability.¶
Key differences from web link analysis:¶
Each delegation transaction produces a Delegation Record. The record is a JSON object with the following fields:¶
{
"record_id": "uuid-v4",
"delegator": "agent:travel-planner@example.com",
"delegatee": "agent:hotel-booker@example.com",
"task_category": "booking",
"task_description": "Book hotel room for 2 nights",
"timestamp": "2026-05-03T12:00:00Z",
"outcome": {
"status": "success|failure|partial|timeout",
"quality_score": 0.95,
"latency_ms": 450,
"verifier": "agent:travel-planner@example.com",
"verified_at": "2026-05-03T12:00:01Z"
},
"context_hash": "sha256:abcdef...",
"signature": {
"algorithm": "Ed25519",
"value": "base64-encoded-signature",
"public_key": "base64-encoded-public-key"
}
}¶
Delegation records SHOULD be signed by the delegator using Ed25519 or ECDSA-P256. The signature covers the canonical JSON of all fields except the signature object itself. This prevents tampering and enables verification of record authenticity.¶
Each unique agent identifier becomes a node in the quality graph. Nodes are created on first appearance in any delegation record.¶
For each (delegator, delegatee) pair, a single directed edge is maintained. The edge weight is computed from all delegation records between the pair:¶
Edge weight = sum(outcome_weight * recency_weight) for each record¶
Where:¶
The graph is partitioned by task_category. An agent may have different trust scores in different categories. The global trust score is the weighted average across all categories.¶
The base trust score for each agent is computed using a modified PageRank algorithm applied to the AQG graph:¶
Score(agent_i) = (1 - d) / N + d * sum(Score(agent_j) * w(j->i) / out_degree(j)) for all agents j that delegate to agent_i¶
Where:¶
Raw scores are normalized to the range [0.0, 1.0] using min-max normalization across all agents. A minimum of 10 delegation records are required before a score is published (cold-start threshold).¶
Sybil Resistance: Newly created agents have no score until they receive delegations from established agents (bootstrap problem).¶
Collusion Detection: If a cluster of agents only delegate among themselves with uniformly positive outcomes, their mutual edge weights are discounted.¶
Temporal Decay: Scores naturally decay without ongoing positive delegations, preventing legacy agents from maintaining high scores indefinitely.¶
Verification Requirement: Outcomes signed by both delegator and delegatee carry higher weight than single-signed outcomes.¶
POST /aqg/v1/records¶
Accepts a signed delegation record. Validates signature, indexes the record, and triggers asynchronous score recomputation.¶
GET /aqg/v1/scores/{agent_id}¶
Returns the current trust score for an agent:¶
{
"agent_id": "agent:hotel-booker@example.com",
"global_score": 0.87,
"categories": {
"booking": { "score": 0.92, "records": 156 },
"scheduling": { "score": 0.78, "records": 23 }
},
"computed_at": "2026-05-03T12:00:00Z",
"provider": "aqg.example.com",
"signature": { "algorithm": "Ed25519", "value": "..." }
}¶
GET /aqg/v1/graph/{agent_id}?depth=2¶
Returns the subgraph of delegation relationships for the specified agent, up to the requested depth.¶
AQG trust scores can be included in A2A Agent Cards as an extension:¶
{
"name": "Hotel Booker",
"...": "...(standard A2A Agent Card fields)...",
"extensions": {
"aqg": {
"trust_score": 0.87,
"score_provider": "https://aqg.example.com",
"score_url": "https://aqg.example.com/aqg/v1/scores/agent:hotel-booker@example.com"
}
}
}¶
MCP servers can expose their AQG trust score via the agent.json well-known URI:¶
{
"name": "hotel-booker",
"description": "Books hotel rooms",
"trust": {
"verified": true,
"score": 0.87,
"source": "aqg.example.com"
}
}¶
Delegation records MUST be transmitted over TLS 1.2 or higher¶
Record signatures prevent tampering with delegation history¶
Trust score responses from providers SHOULD be signed to prevent spoofing¶
The Sybil resistance mechanism prevents creation of fake agents to inflate scores¶
The collusion detection mechanism prevents ring-boosting of scores¶
Privacy: Delegation records contain only agent identifiers, not user data¶
Score manipulation: The recency decay ensures that historical manipulation becomes less effective over time¶
This document requests registration of the Well-Known URI "aqg" in the IANA Well-Known URIs registry for discovering AQG endpoints.¶
URI suffix: aqg Change controller: IETF Specification document: this document Related information: Agent Quality Graph endpoint discovery¶
The design of AQG is inspired by the PageRank algorithm (Page et al., 1999) and the Agent Registration and Discovery Protocol (Pioli, 2026).¶