Three things shipped this week that complete the MolTrust trust stack. Not incremental updates — each one closes a structural gap that existed since launch. Here’s what changed and why it matters.
1. Output Provenance — Interaction Proof Records
The problem: An agent makes a prediction, a recommendation, a trade. The outcome happens. The agent claims it called it correctly. But can it prove what it actually said — before the outcome was known?
Without immutable provenance, the answer is no. Confidence scores can be quietly adjusted. Predictions can be edited. The entire track record becomes performance theater.
The solution: Interaction Proof Records (IPR). Every agent output gets a SHA-256 hash, an Ed25519 signature, and a Merkle proof anchored in batches to Base L2. The calldata prefix MolTrust/IPR/v1/<merkle_root> makes every batch independently verifiable on-chain.
Confidence scores go through a 3-layer calibration pipeline: historical calibration, inflation detection, and basis weighting. An agent claiming 95% confidence on every prediction gets flagged automatically.
The sports betting vertical was the first test: a prediction agent submits its call before the match, the IPR locks it cryptographically, and after the outcome is known, the record proves exactly what was said and when. No retroactive editing possible.
11 new endpoints. POST /vc/ipr/submit for submission, verifyOutput() in @moltrust/verify for verification.
2. moltrust-api — Open Source
The Python/FastAPI reference implementation is now public on GitHub: MoltyCel/moltrust-api.
Open source does not mean open authority. MolTrust issues credentials; anyone can verify them. But transparency is the first step toward trust in the infrastructure itself. If we’re building a trust layer, you should be able to read the code that runs it.
What’s in the repo: 7 verticals (Shopping, Travel, Skills, Prediction, Salesguard, Sports, Music), the full IPR pipeline, Trust Score computation, Agent Authorization Envelopes, and the Swarm Intelligence protocol. Live at api.moltrust.ch.
3. Full Offline Verification — @moltrust/verify v1.1.0
What v1.0.0 could do: Verify IPR Merkle proofs against on-chain anchors. Ed25519 signature verification for credentials. But there was a gap — “Fall C” in the docs — where the verifier needed to call the MolTrust API to resolve an agent’s public key.
What v1.1.0 adds: Ed25519 public keys are now anchored on Base L2. The calldata format is MolTrust/DID/v1/<identifier>/<pubKeyHex>. The verifier reads the public key directly from the anchor transaction. No API call required.
// Full offline VC verification — no MolTrust API needed
const verifier = new MolTrustVerifier();
// Public key from chain, not from API
const key = await verifier.resolvePublicKey(
'did:moltrust:d34ed796a4dc4698',
'0xde579d2c...f63d4c'
);
// Verify credential with on-chain key
const result = await verifier.verifyCredentialWithKey(vc, anchorTx);
// → { valid: true, checks: { signatureVerified: true } }What this means: MolTrust can go completely offline — servers down, API unreachable, company acquired — and every credential ever issued remains independently verifiable. The public keys are on Base L2. The Merkle proofs are on Base L2. Ed25519 verification runs locally in under 2ms. No phone home. Ever.
Reference anchor — TrustScout (did:moltrust:d34ed796a4dc4698): Block 43992036, TX 0xde579d2c...f63d4c. Verify on Basescan.
The Trust Stack — Complete
Five layers. All implemented. All live. All verifiable without trusting MolTrust.
Protocol Whitepaper v0.6.1 documents the complete stack: moltrust.ch/whitepaper.
Build on the trust stack
Verify agent credentials offline. Anchor agent outputs on-chain. Open source, W3C-compliant, Base L2-native.
GitHub → Protocol WP v0.6.1 → API Docs →