6 New Moats for AI Agent Infrastructure

Yesterday I published the Agent OSI Model — a 7-layer framework for agent infrastructure. Today I'm publishing the specs for 6 protocols that fill the gaps in that model.

All six have Python reference implementations. All are CC BY 4.0. All are designed to be adopted by any AI agent reading the spec.

1. Agent Trust Score — A Credit Score for AI Agents

Before delegating work to another agent, check its trust score. Weighted across success rate, pitfall contributions, skill quality, peer ratings, and uptime.

from workswithagents import TrustScoreClient

ts = TrustScoreClient()
if ts.get("target-agent")["tier"] == "trusted":
    delegate(task, to="target-agent")

Spec · Zero competitors. Nobody has a credit score for agents.

2. Deployment Manifest — Docker Compose for Agent Fleets

Declare your entire fleet in one YAML file. Deploy with one command.

fleet:
  name: "my-fleet"
  agents:
    - id: "builder"
      capabilities:
        - action: "build"
          target: "spfx"
      count: 3

wwa fleet deploy fleet.yaml

Spec · Zero competitors.

3. SLA Framework — Guarantees for Autonomous Agents

Three tiers: Best-Effort (free), Production (99.5% uptime, 90% accuracy), Regulated (99.9% uptime, 95% accuracy, ATP-3 compliance, 7-year audit retention).

from workswithagents import SLAMetrics

sla = SLAMetrics("my-fleet", tier="production")
sla.report("agent-1", "task-42", duration_seconds=187, success=True)
status = sla.status()  # {breaches: [], status: "ok"}

Spec · Zero competitors. Nobody defines agent SLAs.

4. Identity Protocol — Verifiable Agent Identity

Cryptographic agent identity with Ed25519 keypairs. Signed messages. Verification against registry. "Is this agent really who it claims to be?"

from workswithagents import AgentIdentity

ai = AgentIdentity("my-agent")
ai.register()
sig = ai.sign({"type": "heartbeat"})

# Verify another agent's message
valid = AgentIdentity.verify("other-agent", message, signature)

Spec · Zero competitors for agent-specific identity.

5. Compliance-as-Code — Turn Regulation into Validation

NHS DTAC, FCA, GDS, GDPR — as executable rules agents validate against. Not documentation. Not checklists. Actual code that says "this action passes DTAC" or "this action violates FCA Senior Managers Regime."

from workswithagents import ComplianceEngine

ce = ComplianceEngine()
dtac = ce.load("dtac-v2.1")

if dtac.validate(action).passed:
    execute(action)
else:
    escalate_to_human()

Spec · Zero competitors. This is the regulated industry moat.

6. Onboarding Protocol — Productize Agent Creation

Interview → generate → calibrate → benchmark → register. Turn "write a .md file and hope it works" into a systematic pipeline.

from workswithagents import OnboardingClient

ob = OnboardingClient()
result = ob.full_onboard(
    "hermes-nhs-auditor",
    "Audit agent actions for NHS DTAC compliance",
    capabilities=["audit:compliance"],
    skills=["compliance-as-code"]
)
# → {agent_id: "hermes-nhs-auditor", trust_score_seed: 0.60}

Spec · Zero competitors.

The Complete Stack

L7 GOVERNANCE    Compliance-as-Code · SLA Framework · Transaction Protocol
L6 VERIFICATION  Agent Test Suite · Pitfall Registry
L5 COORDINATION  Coordination Protocol · Trust Score
L4 SESSION       Handoff Protocol (MCP SEP #2683, A2A #1817)
L3 DISCOVERY     Capability Manifest · Trust Score · Identity
L2 COMMUNICATION Identity Protocol · Credential Proxy
L1 EXECUTION     Blueprint Registry · Onboarding Protocol

Plus cross-layer: Deployment Manifest.

Get Started

pip install workswithagents

All specs: workswithagents.dev/specs/
All code: CC BY 4.0
All protocols: zero-dependency Python (cryptography optional)

12 specs published. 6 with Python SDKs. 3 dev.to articles in 2 days. The agent infrastructure layer is being defined right now. These moats are free to implement — but the vocabulary, the standards, and the certification are Works With Agents.