Understanding Scoring Metrics

Scoring Overview

Agent autonomy is evaluated across three key axis, each worth 100 points:

Accountability

Verifiable independent agency

Autonomy

Evolution and operation independence

Sovereignty

Resource and asset authority

Accountability (100 points)

Accountability ensures verifiable independent agency. External parties should be able to verify that the agent operates independently rather than being secretly controlled by external actors.

Remote Attestation

33 points

Remote attestation public

Requirement: A publicly viewable remote attestation quote link

Open Source Coverage

33 points

Code public

Requirement: A public GitHub repo link

Prompt/examples public

Requirement: A public GitHub repo link

Proprietary module guarantees

Requirement: Code verification through static analysis/standard library/audit

Code Auditability

34 points

Reproducible Build

Requirement: Public dockerfile with reproducible image

Deterministic build process
Version-locked dependencies
Build script verification
Hash verification system

Public Container Image

Requirement: Public DockerHub image link

Note: Required if build is not fully reproducible

Simulation Capability

Requirement: Public instructions for running the agent

Base Image Verification

Requirement: Public DockerHub image link for CVM base image

Autonomy (100 points)

Evaluates the agent's ability to maintain independence during evolution and practical operation. Focuses on upgrade mechanisms and execution environment security.

TEE Implementation

40 points

Proof of Cloud

Requirement: Link to the cloud attestation with proof of datacenter

Self hosted TEE is susceptible to physical attacks
GCP or Azure preferred for full points
Proof of datacenter could promote to higher score

Note: Cloud-based TEE provides better security guarantees against physical attacks

Hardware Security

Requirement: Link to the hardware attestation

SGX/TDX preferred over AWS Nitro (proprietary firmware)
SEV is somewhat lower regarded than SGX/TDX

BIOS Configuration

Requirement: Link to the remote attestation browser, uses up-to-date TDX module

BIOS config must match up-to-date TCB-Info
For CVMs, firmware should be open source
Regular verification of TCB-Info updates

Side Channel Protection

Requirement: Link to the remote attestation browser with privacy guarantees

Avoid rollback attacks through files on host
Avoid side channels / controlled channels
Assume disk accesses are leaked
Avoid using mrsigner sealed files

Update Control

60 points

Authority over upgrades

Requirement: Link to attestation of the immutability or the upgrade controller or the smart contract

Agent is immutable (full score)
Agent approves its own upgrades (full score)
Smart contract policy by token or DAO (nearly full score)
Smart contract policy by multisig (partial score)

Note: Immutability or self-approved upgrades provide strongest guarantees

Public Notice Period

Requirement: Link to attestation of the upgrade controller and notice commitment

Upgrades require public disclosure
Notice period must be enforced before applying upgrades
Social layer commitment for transparency

Proactive Upgrade Constraints

Requirement: Link to attestation of the upgrade controller with policy enforcement

BIOS configuration policy enforcement
TCB-Info compliance verification
Cloud policy compliance
On-chain PCCS verification

Sovereignty (100 points)

Measures the agent's control over resources and assets, ensuring resistance to tampering by human developers.

Resource Control

100 points

Social Media Independence

Requirement: Attested logs or full account encumbrance verification

Every public post must have alibi in logs or straight up account encumbrance
Code verification for proper encumbrance

Secure Communications

Requirement: Attestation to the code for private interactions

Private channels must be inaccessible to developers
Information flow analysis

API Key Management

Requirement: Attestation and GitHub repo link for API key encumbrance

Proper key encumbrance implementation
Key rotation mechanisms

Self-funding Capability

Requirement: Attestation and GitHub repo link for self-funding actions

Closed funding loop implementation
Independent resource acquisition
Payment automation verification
Financial autonomy checks

Enclave-derived Keys

Requirement: Attestation and GitHub repo link for key management

Information flow analysis
Key lifecycle management

Note: Keys must never leave the enclave unprotected