Comprehensive Analysis & POC Plan¶

Date: 2026-02-22 | Authors: COAI Research | Status: Draft for Review

Idea Analysis¶

The Core Proposition¶

The Agent Registry proposes a mandatory public registry for autonomous AI agents, modeled after Germany's Handelsregister (commercial register). Just as no GmbH can operate, open bank accounts, or enter contracts without an HRB number, no autonomous AI agent should transact economically without being registered, identified, and accountable.

This idea is grounded in the COAI Research position paper "When AI Earns Its Own Existence", which analyzes Conway Research's Automaton -- a self-improving, self-replicating, financially autonomous AI agent -- and argues that existing governance frameworks are insufficient.

Strengths of the Concept¶

Strength	Why It Matters
Proven institutional model	The Handelsregister has governed non-human economic actors (corporations) for centuries. The analogy is not speculative -- it adapts a battle-tested framework.
Blockchain as trust layer	On-chain registration is tamper-proof, publicly verifiable, jurisdiction-independent, and does not depend on a single national authority.
Lineage tracking	Parent-child agent genealogies are a first-class concept. This is critical because autonomous agents (like the Automaton) spawn children that inherit capabilities but operate independently.
Gasless registration (ERC-2771)	Removes the primary adoption barrier: agents do not need ETH, do not need to understand blockchain. Just a private key and a signature.
KYA as enforcement mechanism	The "Know Your Agent" concept mirrors KYC -- infrastructure providers check the registry before provisioning services. This creates a market-driven enforcement layer.
Revenue reporting	On-chain economic transparency enables future taxation frameworks, audit trails, and economic analysis of the agent economy.
Haftungsperson requirement	Every agent chain leads back to a responsible human entity. This preserves human accountability even across multiple generations of spawned agents.

Weaknesses & Risks¶

Weakness	Severity	Mitigation
Enforcement gap	HIGH	The registry only works if infrastructure providers check it. Without legal mandates or strong incentives, agents can operate unregistered.
Identity verification	HIGH	Who is the Haftungsperson of a third-generation child agent launched anonymously from an unregulated jurisdiction? The chain of accountability breaks at the weakest human link.
Static vs. dynamic capabilities	MEDIUM	Unlike a GmbH's Unternehmensgegenstand, a self-modifying agent's capabilities change continuously. The capabilityHash snapshot at time T may be meaningless at T+1.
Centralized governance (current)	HIGH	The current contract has a single `owner` who controls all parameters and regulator appointments. This is a single point of failure and trust. Must be fixed before production.
Voluntary adoption paradox	MEDIUM	Legitimate agents register; malicious ones do not. The registry only captures the cooperative population. This mirrors the Handelsregister's own limitation.
Scalability of compliance attestation	LOW	7-day attestation cycles for millions of agents means millions of on-chain transactions. Even on L2, this could become a bottleneck. Consider batched or Merkle-proof-based attestation.
Cross-chain identity	MEDIUM	Agents may operate across multiple blockchains. A registry on Base does not cover an agent transacting on Solana. Need cross-chain identity bridging or multi-chain deployment.

Handelsregister vs. Agent Registry¶

Institutional Parallel

The Agent Registry directly maps centuries-old commercial registration concepts to the autonomous agent domain.

Aspect	Handelsregister (DE)	Agent Registry (Proposed)
Legal basis	HGB Sec. 8-16 (mandatory)	Voluntary (positioning for EU AI Act)
Registry operator	Amtsgericht (local court)	Smart contract (decentralized)
Identity anchor	Notarized ID of Geschaftsfuhrer	Wallet address + Haftungsperson address
Business purpose	Unternehmensgegenstand (static)	operationalScope + capabilityHash (dynamic)
Hierarchy	Gesellschaftsvertrag (articles)	constitutionHash (immutable on-chain)
Changes	Notarized amendments filed	updateCapability() + events
Public access	Handelsregisterauszug (paid)	getAgent() / KYA API (free)
Enforcement	Banks, courts, notaries refuse unregistered entities	Infrastructure providers check KYA (aspirational)
Cost	~150-300 EUR registration	~$0.00 (gasless) to ~$0.50 (direct)
Parent-child	Tochtergesellschaft (subsidiary)	parentAgentId + generation tracking
Revenue	Jahresabschluss (annual report)	reportRevenue() (continuous)

Implementation Analysis¶

Agentenregister.sol -- 8/10¶

Overall assessment: Well-designed, production-adjacent

What works well

ERC-2771 _msgSender() implementation is correct (assembly extraction of appended sender)
AgentRecord struct captures the right data fields
Status lifecycle (Active -> Suspended -> Reactivated / Active -> Revoked / Active -> Terminated) is sound
Modifier-based authorization is clean and readable
Events provide a complete audit trail
Generation depth cap prevents unbounded replication

Architecture concerns

Single-owner governance -- The owner controls everything: regulators, parameters, forwarder. Appropriate for a prototype but incompatible with a democratic global registry.
No wallet cleanup on revocation -- When revokeAgent() is called, walletToAgent[agentWallet] is never cleared, preventing the wallet from ever being re-registered.
No constitution update mechanism -- constitutionHash is set once at registration and never updated.
Unbounded children array -- No cap on children per parent. A very prolific agent could make getChildren() expensive to call.
No cascading suspension -- Suspending a parent does not affect children.
No event on reactivation -- reactivateAgent() changes status but emits no event, breaking the audit trail.

MinimalForwarder.sol -- 9/10¶

Overall assessment: Production-quality

EIP-712 domain separator with fork protection is correct
Signature verification with ecrecover is standard and secure
Nonce-based replay protection is properly implemented
Revert reason bubbling from inner calls works correctly
No issues found

Relayer (relayer.js) -- 7/10¶

Overall assessment: Functional, critical BigInt bug now fixed

What works

Request validation (only forwards to registry, rejects value transfers)
Rate limiting (per IP and per signer)
Daily gas budget tracking
Helper endpoints for nonce and domain info

Issues identified (since resolved)

BigInt/Number comparison -- Number(budgetWei) converted a BigInt that could exceed Number.MAX_SAFE_INTEGER to a lossy Number. Fixed to use consistent BigInt comparisons.
No backpressure -- When relayer balance drops to near-zero, it continues accepting requests that will fail on-chain.
No signature freshness check -- Requests with deadline: 0 (no expiry) are accepted indefinitely.

REST API (server.js) -- 8/10¶

Overall assessment: Clean and functional, now with rate limiting and caching

What works

Read-only (no signing, no state mutation) -- correct for a public query layer
KYA endpoint returns structured compliance data
Lineage tree recursion with depth limit
Rate limiting added (express-rate-limit)
In-memory caching with 5-minute TTL

Remaining gaps

No pagination on revenue history or children lists
ABI is hardcoded inline instead of loaded from artifact

Python SDK (agentenregister.py) -- 8/10¶

Overall assessment: Well-designed dual-mode SDK

Gasless and direct mode abstracted behind _send_tx()
EIP-712 typed data construction for meta-transactions
CLI interface for quick operations
from_env() convenience constructor

Test Suite -- 68 Tests¶

Coverage areas

Registration (root and child)
Duplicate wallet rejection
KYA compliance checks
Compliance attestation authorization
Regulatory suspend/reactivate
Revenue reporting
ERC-2771 gasless flow (added in Phase 0)
MinimalForwarder signature and nonce tests (added in Phase 0)

Critical Bugs & Fixes Applied¶

Bug 1: Relayer Gas Budget Comparison (CRITICAL)¶

File: relayer/relayer.js

Problem: Number(budgetWei) converts a BigInt that can exceed Number.MAX_SAFE_INTEGER to a lossy Number, and rateLimits.dailyGasUsed accumulates as Number. This comparison may silently allow budget overruns.

Fix: Changed to consistent BigInt comparison:

if (BigInt(rateLimits.dailyGasUsed) > budgetWei) {

Bug 2: Missing Reactivation Event (MEDIUM)¶

File: contracts/Agentenregister.sol

Problem: reactivateAgent() changes status but emits no event, creating an audit trail gap.

Fix: Added event AgentReactivated(uint256 indexed agentId, address indexed by) and emit in the function.

Bug 3: Wallet Lock on Revocation (MEDIUM)¶

File: contracts/Agentenregister.sol

Problem: Revoked agents' wallets remain in walletToAgent, preventing re-registration.

Fix: Added delete walletToAgent[agents[agentId].agentWallet] in revokeAgent() and terminateSelf().

Democratic Governance Architecture¶

The Problem¶

The current contract has a single owner who adds/removes regulators, sets maxGenerationDepth, sets attestationGracePeriod, and sets trustedForwarder.

Why this must change

A single entity controlling the world's agent register would be a censorship risk, a single point of compromise, politically unacceptable to non-aligned jurisdictions, and antithetical to the decentralization thesis.

Proposed Model: Federated DAO¶

The registry should be governed by a multi-stakeholder DAO with checks and balances:

Component	Voting Power
Stakeholder delegates (research orgs, civil society, industry)	40%
Registered agent operators (1 agent = 1 vote, capped per entity)	30%
Technical contributors (SDK devs, auditors, researchers)	30%

Governance Mechanisms¶

Mechanism	Purpose	Implementation
Timelock	48-hour delay on all parameter changes	OpenZeppelin TimelockController
Multi-sig emergency	7-of-12 multi-sig can pause the contract	Gnosis Safe
Regional regulators	Each jurisdiction appoints regulators independently	Mapping of jurisdiction to regulator set
On-chain voting	Parameter changes require 66% supermajority	OpenZeppelin Governor
Delegate system	Token holders can delegate to representatives	ERC20Votes + delegation
Proposal threshold	Requires 1% of total votes to propose	Governor.proposalThreshold()
Veto power	Security council can veto proposals threatening registry integrity	Optimism-style security council

Transition Path¶

Phase	Governance	When
Phase 0 (now)	Single owner (COAI Research)	Prototype and testnet
Phase 1	3-of-5 multi-sig (COAI + 4 trusted partners)	Mainnet launch
Phase 2	Multi-sig + Timelock (48h delay on all changes)	First 100 agents
Phase 3	Governor contract + Timelock + multi-sig emergency	First 1,000 agents
Phase 4	Full DAO with regional regulator autonomy	10,000+ agents

Open Questions & Research Gaps¶

Unsolved Problems¶

Question	Why It Matters	Possible Approach
How to verify the Haftungsperson is a real person?	Without identity verification, anyone can claim to be a Haftungsperson. The accountability chain is only as strong as this link.	Integration with on-chain identity (ENS, Worldcoin World ID, Polygon ID). Or require a notarized attestation off-chain with hash stored on-chain.
What happens when a Haftungsperson dies or disappears?	Orphaned agents with no responsible human.	Require a backup Haftungsperson. Or auto-suspend agents after N days without human contact.
How to handle cross-jurisdiction conflicts?	EU regulator suspends an agent that US regulator considers compliant.	Regional regulatory autonomy with appeal mechanism. Agents declare primary jurisdiction at registration.
Should revenue reporting be mandatory or voluntary?	Mandatory enables taxation but creates compliance burden. Voluntary is low-friction but less useful.	Start voluntary, make mandatory above a revenue threshold (e.g. $10,000/year).
How to prevent Sybil attacks?	One entity registers 10,000 agents to dominate DAO governance.	Cap voting power per Haftungsperson. Require proof-of-humanity for governance participation.
How to handle AI-to-AI contracts?	Two registered agents enter a contract. Who adjudicates disputes?	On-chain arbitration (like Kleros) with Haftungspersonen as final escalation.
What is the legal status of a registered agent?	Is registration a legal act? Does it create obligations?	Legal research needed. Engage with legal scholars on the status of autonomous agents in contract law.

Technical Research Needed¶

Topic	Description
Batched attestation	Can agents attest in batches (Merkle tree of attestations submitted as single tx) to reduce gas costs at scale?
Cross-chain identity bridging	How to make a registration on Base verifiable on Solana, Cosmos, or non-EVM chains?
Zero-knowledge compliance proofs	Can an agent prove compliance without revealing its full identity? (ZK-KYA)
Autonomous constitution verification	Can we verify that an agent actually follows its declared constitution, not just that it declared one?
Agent capability verification	Beyond hashing a capability list, can we verify actual capabilities through automated evaluation?
Decentralized relayer network	How to run multiple relayers without coordination problems (double-submission, nonce conflicts)?

Cost Analysis¶

Registration Costs (per agent)¶

Mode	Gas Used	Cost (Base L2)	Cost (Ethereum L1)
Gasless registration	~300k gas	~$0.003 (relayer pays)	~$3.00 (not viable)
Direct registration	~300k gas	~$0.003 (agent pays)	~$3.00
Compliance attestation	~50k gas	~$0.0005	~$0.50
Revenue report	~100k gas	~$0.001	~$1.00
Capability update	~50k gas	~$0.0005	~$0.50

Relayer Operating Costs¶

Scale	Agents	Txs/month	Gas cost/month	Infra cost/month	Total
Pilot	10	~40	$0.12	$5 (Railway)	~$5
Early	100	~400	$1.20	$10	~$11
Growth	1,000	~4,000	$12	$20	~$32
Scale	10,000	~40,000	$120	$50	~$170

Cost viability

At 10,000 agents, the relayer costs ~$170/month. This is trivially fundable through grants, premium API tiers, or infrastructure provider subsidies.