?whatcanido
Open Studio
05 / audit

See exactly which agents visit your site, and what they did.

When you let agents call your site, you want to know who showed up, what they tried, whether they paid, and whether it worked. Every call leaves a record, visible to you in real time, anonymized so users stay private. Misbehaving agents earn a bad reputation that follows them across every site on the network. Good ones earn the opposite.

01sample row
what one agent call leaves in your audit log
{
  "id": "evt_zT4...",
  "ts": "2026-05-04T08:23:11Z",
  "tenant_slug": "tadeas-reads",
  "action_id": "tip_the_curator",
  "action_kind": "paid",
  "agent_vendor": "anthropic-claude-3.7",
  "user_hash": "9f3c...e1",
  "scopes_used": ["tip"],
  "result": "ok",
  "status": 201,
  "latency_ms": 412,
  "payment": {
    "scheme":  "x402",
    "network": "base",
    "amount":  "5000",
    "payer":   "0xf39F...6266",
    "tx_hash": "0xabcd...d0f2"
  }
}

Sign in to see your live feed. The shape is identical for every tenant on the network.

01what we keep on the postcard
  • Site & action. Which of your sites, which action on it.
  • Which AI it was. anthropic-claude-3.7, openai-gpt-4o, a custom CLI, whatever the agent told us about itself, sealed in its signed credential.
  • Anonymous user fingerprint.A one-way hash of the user's email. Same user = same fingerprint everywhere on the network. Cannot be reversed back to an email.
  • Permission used. What the agent was allowed to do.
  • Did it work? Success or failure, how fast, and the error code if something went wrong.
  • Payment, if any. For paid actions: how much, on which payment network, and the on-chain transaction hash.
02trust travels back

A user whose agent has booked successfully across five sites carries that good history into the sixth. Before you let a first-time agent run an expensive action, your site can ask the network: is this user trustworthy? The answer comes back as a reputation score, without ever revealing who the user actually is.

GET /api/aam-id/reputation/9f3c...e1200 OK
{
  "user_hash":          "9f3c...e1",
  "trust_band":         "established",
  "first_seen":         "2026-04-12T10:33:00Z",
  "sites_used":         5,
  "successful_actions": 14,
  "disputes":           0,
  "agent_vendors": [
    "anthropic-claude-3.7",
    "openai-gpt-4o"
  ]
}
03what we deliberately don't keep

We hash emails, never store the raw value. We never log IP addresses or browser fingerprints. We don't link visits to anything outside the action stream itself. The reputation graph is built from action history alone: what an agent did, not who the person was.

Site owners can export and delete their own data anytime from Settings. Reputation systems are a known failure mode, they calcify, they punish first-timers, they leak personal info, so we treat export, deletion, and short retention windows as first-class features, not afterthoughts.

cross-site reputation

Working today.

Any site on the network can look up an agent's reputation at /api/aam-id/reputation/<hash>. Try one yourself:

Try a reputation lookup