[Integration] Open Agent Trust Registry: lightweight runtime attestation for wallet operations

[FransDevelopment]

I noticed the conversation around agent identity in #1015 (Observer Protocol) and #972 (MolTrust). Both are solid approaches but require on-chain infrastructure (ERC-8004 contracts, blockchain queries per verification).

For teams that want agent authorization verification without on-chain overhead, I've built the Open Agent Trust Registry (OATR), a lightweight alternative:

• Ed25519 JWT attestations signed by the agent's runtime (agent-attestation+jwt media type)
• Offline verification: download the registry manifest once, verify locally, no blockchain calls
• Runtime-scoped authorization: attestations include scope and constraints fields specifying what the agent is allowed to do
• MIT licensed, no tokens, no vendor lock-in

How it would work with AgentKit:

import { OpenAgentTrustRegistry } from '@open-agent-trust/registry';

// Load registry once (auto-refreshes every 15 minutes)
const registry = await OpenAgentTrustRegistry.load('https://your-mirror.com');

// Before executing a wallet operation:
const attestation = agent.getAttestation(); // JWT from the agent's runtime
const result = await registry.verifyToken(attestation, 'https://your-service.com');

if (result.valid && result.claims?.scope.includes('wallet:transfer')) {
  // result.issuer — verified runtime that issued this agent
  // result.claims.constraints — additional authorization bounds
  await wallet.transfer({ to, amount });
} else {
  throw new Error(`Agent not authorized: ${result.reason || 'scope_missing'}`);
}

The registry currently has 7 registered issuers with automated CI-verified registration (domain verification + cryptographic proof-of-key-ownership). The manifest is Ed25519-signed, so even if you use a third-party mirror, tampered copies are rejected by the SDK.

Why this matters for AgentKit specifically: The README's legal section notes that agent actions "are NOT acts of Coinbase." Runtime attestation gives developers a tool to verify agent authorization before those actions happen, reducing the liability gap. The attestation's user_pseudonym field provides a pairwise pseudonymous identifier, so authorization is traceable without exposing the user's real identity.

This is complementary to Observer Protocol (#1015). OATR handles "is this agent authorized by its runtime?" while Observer handles on-chain reputation. A defense-in-depth approach would use both.

Happy to submit a PR for an OATR verification action if there's interest.