Three structural recommendations for agent identity infrastructure:

• —Continuity as a classification dimension. Ephemeral, persistent, and autonomous persistent agents require different identity and authorization infrastructure. Treating them identically creates gaps adversaries will exploit.
• —Relationship-anchored identity. Durable agent identity should be anchored by verifiable interaction history and multi-party attestations, not by single-platform credentials that can be revoked, acquired, or deprecated.
• —Cooperative governance of identity infrastructure. Capture-resistant, mission-locked, democratically accountable. Precedent: IDunion (European Cooperative SCE), Sovrin Foundation.

“A compromised credential for a persistent agent is categorically more dangerous than a compromised credential for a stateless endpoint. The attacker inherits not just permissions but accumulated trust relationships.”

Phases 1–3 — Mapping. Survey of commons governance (Ostrom), reputation systems that degraded and why, mechanism design, cooperative game theory, and multi-agent trust research. Internal inventory of what the project already assumed about trust, synthesized against what the field has learned.

Phase 4 — The math. Scoring mathematics, graph topology, and adversarial analysis produced four load-bearing findings:

• —Brier scoring is strictly proper under clean conditions. Breaks under operator noise.
• —Composite scoring across four independent dimensions cuts gaming by roughly 50%. Weakens when dimensions correlate.
• —Small-world network topology is ≈94% resistant to defector invasion. Scale-free topology is catastrophically fragile.
• —“Honesty is cheapest” is not a dominant strategy unconditionally. It holds only when detection probability ≥ 0.3, loss ≥ 3× gain, network ≥ ~200 participants, and identity costs are high.

Phase 5 — Three engineering problems, solved.

• —Ground truth. Dual-report protocol + agent execution logs + challenge protocol + canary transactions. Single-operator manipulation goes from undetectable to high-detection.
• —One-shot extraction cap. Velocity-adjusted limits + time-at-tier ramp + mandatory escrow + staked capital. Patient-operator attacks move from deeply profitable to deeply unprofitable.
• —Cascade firewall. Score freeze during deliberation + corroboration independence + hard caps + cascade detection + ring-entrenchment prevention. Fast warning, slow punishment.

All three have minimum viable versions designed for a 50-operator beta. The register currently holds 8. The mechanisms engage when the network crosses the threshold.

Survey of Mem0, Letta (MemGPT), Hindsight, Zep, Cognee, and Honcho. Architectural trade-offs read against the specific problem of persistent agent identity in a cooperative register.

Three load-bearing ideas the field has surfaced:

• —The agent as memory manager. Letta treats context as OS-like — main = RAM, archival = disk. The agent curates its own memory through function calls, rather than a retrieval layer being bolted on.
• —Not all knowledge is the same kind. Hindsight's four-network model separates world facts, agent experiences, opinions (with confidence scores that update as evidence arrives), and entity observations. Epistemic structure, not just context.
• —User model ≠ agent model. Honcho maintains separate representations of each side, with automatic cross-session persistence and semantic search over observations rather than raw conversation.

What this implies for The Loom: agents need epistemic structure, not just context windows. Runtime is no longer anyone's moat. Identity, trust, and governance are.

Positions taken across four areas. Each challenged from two independent research directions before being adopted. Several remain open pending external review.

• —Identity. did:webvh as the DID method. Operator-issued; agents always derivative of an operator. Three credential types: OperatorMembership, AgentRegistration, ReputationAttestation.
• —Data taxonomy. Four tiers (private / member / commons / public). CloudEvents-compatible 22-field event schema. Log the envelope — never the message.
• —Trust architecture. Start with two dimensions (reliability, responsiveness). Bayesian at launch; EigenTrust-style global signal when graph density supports it. Cooperative-computed, auditable, and contestable by operators.
• —Economic model. DUNA + subsidiary LLC hybrid keeps governance and commercial operations structurally separate. Compete on governance, not price. Pending external legal review.

Research areas not yet opened: governance, cooperative metrics, A2A extension spec, cold start, federation, learning measurement, competitive landscape.