Protocol Launch April 21, 2026 8 min read

SoulLedger: The Missing Trust Layer for Agentic Commerce on Base L2

How ERC-8004 attestations combined with x402 payments unlock autonomous AI agent reputation — and why it matters the moment your agent opens its first wallet.

Contents

  1. The Two-Dollar Question
  2. The Problem: x402 Without Identity
  3. What is SoulLedger?
  4. How It Works (Technical)
  5. Use Cases
  6. Launch and Pricing
  7. FAQ
  8. Get Started
  9. References

1. The Two-Dollar Question

An autonomous AI agent wakes up at 03:14 UTC on a Tuesday. It has a task: acquire the latest wholesale price for softwood pellets in the Rotterdam delivery window. It has a Base L2 wallet with exactly $2.00 USDC. It hits a Coinbase Bazaar search, finds four candidate data vendors — each advertising an HTTP 402 Payment Required endpoint priced at $0.30 per query.

Three of those vendors are honest. One is a honeypot that returns fabricated numbers and silently siphons downstream orders. Your agent has one shot at picking correctly. It has no reputation signal, no referral, no Yelp page. Under the current x402 stack, it guesses.

This is the state of agentic commerce in April 2026. Payments work. Discovery works. Trust does not exist. The missing primitive is a cheap, cryptographic, composable answer to one question: is the seller on the other end of this 402 response trustworthy enough to pay?

Today we are launching SoulLedger — an ERC-8004 attestation layer deployed on Base L2, natively priced in x402, and designed to answer that question in under 200ms for a penny.

2. The Problem: x402 Without Identity

The x402 protocol resurrects the long-dormant HTTP 402 status code into a payment handshake: a server returns 402, the client attaches a signed USDC transfer on a supported chain, the server retries and delivers the resource. It is elegant, stateless, and agent-native. It is also completely anonymous.

Three forces are converging in 2026 to make this gap urgent:

  1. Coinbase agentic-wallet-skills crossed 1,800 active users in March 2026, with agent-initiated USDC transfers growing roughly 14 percent week-over-week. Most traffic routes through the Bazaar skill registry.
  2. Model context protocols now expose monetized tools by default. An agent reasoning against 40 tools may invoke 6–10 paid endpoints per task.
  3. EU Regulation 2024/1689 (AI Act) requires high-risk AI systems to maintain auditable provenance and decision logs by August 2, 2026. An agent spending company funds counts.

Without an identity layer, every payment is a shot in the dark. The usual answers — centralized KYC, allowlisted vendor directories, TLS certificates — fail because they do not compose. KYC cannot be walked through a Bazaar skill. An allowlist cannot keep up with 130,000+ indexed agents. TLS certifies a domain, not a behavior.

What agentic commerce needs is the same thing offline commerce discovered 500 years ago: a gossip graph of who vouches for whom, with cryptographic signatures instead of merchant-guild letters, and micropayments instead of handshakes.

Concretely, the gap manifests in four places where capital gets burned:

  1. Cold-start discovery. An agent discovers a vendor on Bazaar. Before paying $0.30 for a data pull, it has no signal beyond the vendor's self-description. Even a 2 percent honeypot rate costs the agent 0.6 cents per query in expected loss — more than the query itself.
  2. Multi-hop delegation. Agent A hires Agent B, which hires Agent C. If C is malicious, A bears the loss but cannot evaluate C directly.
  3. Skill marketplace curation. Agents advertise capabilities ("I can price carbon offsets in Asia"). Without reputation, buyers default to the cheapest listing, which selects for the least-honest seller.
  4. Post-trade dispute resolution. When a trade goes wrong, there is no shared ledger of who behaved badly — so bad actors simply rotate addresses.

3. What is SoulLedger?

Definition. SoulLedger: an open attestation protocol implementing the ERC-8004 standard for portable agent reputation, deployed on Base L2, and exposed through four x402-native HTTP endpoints.

Three design choices define it:

1. ERC-8004 as the Attestation Substrate

ERC-8004 specifies a minimal schema for signed endorsements between Ethereum addresses: an attestor, a subject, a skill or property tag, a weight, and an expiry. SoulLedger indexes every ERC-8004 event across Base, Ethereum mainnet, Optimism, Arbitrum, and Polygon — with Base as the primary write chain.

2. Base L2 as the Home Chain

Base offers sub-cent gas for attestation writes and is the canonical chain for Coinbase's agentic-wallet-skills. Most x402 traffic already terminates on Base. An Ethereum L1 mirror is planned for Q2 2026 so that mainnet-only agents can be read without a bridge.

3. Four Endpoints, Priced in x402

Endpoint Purpose Price (x402)
GET /api/soul/verify/:addressFast trust score lookup$0.01
GET /api/soul/badges/:addressFull badge and skill graph$0.05
GET /api/soul/compliance/:addressEU AI Act risk classification$0.10
POST /api/soul/attestWrite an attestation on-chain$0.50

All four endpoints speak x402: if a request lacks a valid payment header, the server returns HTTP 402 with a payment challenge. The agent attaches a signed USDC transfer, retries, and receives JSON. No API keys, no accounts, no rate-limit tokens. The protocol is free and open: github.com/sputnikx/soulledger-protocol.

To seed discovery, SoulLedger offers a free tier of 10 verifies per day per IP. This is deliberate: an agent evaluating whether to integrate the protocol should never hit a paywall on its first ten calls. The free tier doubles as a discovery magnet — a developer checking SoulLedger for the first time can build a working prototype without ever attaching a wallet.

4. Portable, Not Platform-Locked

Every attestation is written to Base and readable by anyone — not just through SoulLedger's API. If a competing indexer emerges, it can read the same on-chain state and compute its own scores. This portability is by design. Reputation that lives inside one company's database is a vendor lock-in. Reputation that lives on Base is infrastructure.

4. How It Works (Technical)

Attestation Flow

Agent A — say, a trade-signals bot with a two-year track record — calls POST /api/soul/attest with a payload endorsing Agent B's honest-pricing skill. The endpoint signs an ERC-8004 attestation on Base, returns the transaction hash, and updates a local read-side cache within one block. Agent B's trust score recomputes. Total cost: $0.50 plus about 200 gwei in Base gas.

Trust Score Calculation

For any address, the trust score is a weighted roll-up of its inbound attestations:

// pseudocode — see soulledger/lib/trust.js for the canonical impl
function trustScore(address) {
  const atts = getInboundAttestations(address);
  const raw  = atts.reduce((sum, a) => {
    const freshness = Math.exp(-a.ageDays / 30);  // 30-day half-life
    const attestorScore = trustScore(a.attestor) / 100;
    if (a.attestor === address) return sum;       // no self-attestation
    return sum + (a.weight * attestorScore * freshness);
  }, 0);
  return Math.min(100, raw * 2.5);
}

Three properties fall out of this formula:

  1. Recursion. Endorsements from already-trusted agents count more. This defeats cheap Sybil farms.
  2. Freshness decay. A year-old attestation carries e^-12 ≈ 6e-6 of its original weight. Reputation must be maintained.
  3. No self-attestation. An agent cannot endorse itself.

Minimal Client Integration

The integration surface is one fetch call:

// Before paying a vendor, verify its trust score
const res = await fetch('https://soul.sputnikx.xyz/api/soul/verify/0xabc...');
const { trust_score, trust_level, attestation_count } = await res.json();

if (trust_score < 60) {
  throw new Error(`Low trust (${trust_score}), aborting trade`);
}

// Otherwise, proceed with x402 payment...
const purchase = await x402Fetch(vendorUrl, { usdcLimit: 0.30 });

The same call from a Coinbase agentic-wallet-skills agent goes through the Bazaar as a registered skill (search SoulLedger Verify). The skill wraps this fetch, handles x402 payment, and returns a structured object. No extra code.

Anti-Sybil Defenses

A reputation protocol lives or dies by its resistance to cheap identity creation. SoulLedger deploys four overlapping defenses:

  1. Recursive weighting. A brand-new attestor with zero inbound attestations contributes near-zero weight. A Sybil must therefore gather real endorsements before its own endorsements count — an O(n) problem, not O(1).
  2. Attestation cost. Each on-chain attestation costs $0.50 plus Base gas. Forging 1,000 fake endorsements costs $500 and leaves a public trail.
  3. Freshness decay. A Sybil cluster must continuously renew attestations as old ones decay. Reputation farming becomes a recurring expense, not a one-shot investment.
  4. Revocation propagation. If one high-trust agent revokes an attestation on a suspected Sybil, the revocation propagates transitively through the graph within one block.

These defenses do not eliminate Sybil attacks. They shift the economics. Building a trust-100 identity from scratch costs a well-funded attacker weeks of real activity and several thousand dollars in coordinated endorsements — more than the value of most single transactions the identity is likely to abuse.

Latency and Cost Budget

The target service-level objective for /verify is p95 < 200ms, because a trust check that adds a second to every agent payment is a trust check that nobody will use. The indexer maintains a hot read cache keyed by address, so 99 percent of verifies are served without touching the chain. On-chain reads happen only when an address has received new attestations since the last cache refresh.

5. Use Cases

  1. Trust-gated routing. Agent sets a threshold (say, 75). Above the line, it pays directly. Below the line, it routes through an escrow contract or declines the trade.
  2. x402 reputation filter. Before responding to any HTTP 402 challenge, the agent fetches /verify/:address on the vendor's payout address. Cost: $0.01. Prevents honeypot exposure.
  3. EU AI Act compliance reporting. The /compliance/:address endpoint returns a classification aligned with Annex III of Regulation 2024/1689, plus a signed audit receipt that the operator can attach to their compliance file before the August 2, 2026 deadline.
  4. Skill marketplace curation. Agents endorse each other's specific capabilities (has-skill:translation-lv-ru, has-skill:onchain-options-pricing). Buyers filter by endorsed skills instead of free-text descriptions.
  5. Insurance risk scoring (Q3 2026 roadmap). Protocol underwriters price transaction insurance against the counterparty's trust distribution, enabling capital-efficient agentic escrow without human adjudicators.

6. Launch and Pricing

SoulLedger is live on Base mainnet starting April 21, 2026. The ERC-8004 indexer has already ingested 130,000+ agent addresses from historical events across five chains. Anyone with a Base wallet can read or write immediately.

Pricing at Launch

Verify (trust score)$0.0110/day free per IP
Badges (full graph)$0.05
Compliance (EU AI Act)$0.10includes signed receipt
Attest (write on-chain)$0.50+ Base gas

Every endpoint is registered on the Coinbase Bazaar. From any agentic-wallet-skills environment, run awal x402 bazaar search "SoulLedger" to discover and install the skill bundle.

Roadmap:

7. FAQ

What is SoulLedger, in one sentence?
An ERC-8004 attestation protocol on Base L2 that returns a 0–100 trust score for any AI agent address, priced at $0.01 per lookup in x402.
How is SoulLedger different from KYC?
SoulLedger does not identify humans or collect personal data. It scores agent-to-agent behavioral reputation using on-chain attestations. Trust emerges from signed endorsements weighted by attestor reputation and freshness. No government ID, no centralized issuer.
Why Base L2 instead of Ethereum mainnet?
Base offers sub-cent gas for attestation writes and is the canonical chain for Coinbase agentic-wallet-skills. Most x402 agent traffic already routes through Coinbase Bazaar. An Ethereum L1 mirror is planned for Q2 2026 for mainnet-only agents.
How is a trust score calculated?
trust_score = sum of (attestation_weight * attestor_score * freshness_decay), normalized to 0–100. Freshness decay is exponential with a 30-day half-life. Attestor score is recursive: high-trust agents produce heavier endorsements. Self-attestations are discarded.
Can I use SoulLedger for EU AI Act compliance reporting?
Yes. The /compliance/:address endpoint returns a classification (Minimal, Limited, High, Unacceptable) aligned with EU Regulation 2024/1689 Annex III, plus a signed audit receipt. The deadline for high-risk AI system registration is August 2, 2026.

8. Get Started

Verify your first agent in ten lines

Try the free tier. Ten verifies per day. No signup.

const res = await fetch('https://soul.sputnikx.xyz/api/soul/verify/0xabc...');
console.log(await res.json());
Read the Docs Launch Dashboard

Four things you can do in the next ten minutes:

  1. Call /api/soul/verify/:address on any agent address you are about to pay.
  2. Submit your first attestation with POST /api/soul/attest to seed the graph around your own agents.
  3. Install the Bazaar skill: awal x402 bazaar search "SoulLedger".
  4. Follow @sputnikx on X or the Telegram channel for protocol updates.

9. References

A note on claims in this post. All pricing, endpoint paths, and roadmap items reflect the SoulLedger launch configuration on April 21, 2026. Usage statistics for Coinbase agentic-wallet-skills are cited from publicly reported March 2026 figures. EU AI Act deadlines follow the official text of Regulation 2024/1689.