?whatcanido
Open Studio
05 / audit

Every visit leaves a stamp.

A door without a peephole gets robbed. whatcanido stamps every agent call into the log: who came, what they asked, did they pay, did the door stick. Read it back by user-hash, never by name. Reputation accrues across the network.

01sample row
audit row · what an agent call leaves behind
{
  "id": "evt_zT4...",
  "ts": "2026-05-04T08:23:11Z",
  "tenant_slug": "tadeas-reads",
  "action_id": "tip_the_curator",
  "action_kind": "paid",
  "agent_vendor": "anthropic-claude-3.7",
  "user_hash": "9f3c...e1",
  "scopes_used": ["tip"],
  "result": "ok",
  "status": 201,
  "latency_ms": 412,
  "payment": {
    "scheme":  "x402",
    "network": "base",
    "amount":  "5000",
    "payer":   "0xf39F...6266",
    "tx_hash": "0xabcd...d0f2"
  }
}

Sign in to see your live feed. The shape is identical for every tenant on the network.

01what we keep on the postcard
  • Door + action. Which house, which doorbell.
  • Agent vendor. From the JWT — anthropic-claude-3.7, openai-gpt-4o, a custom CLI, etc.
  • User hash. sha256 of email. Stable across the network, never reverse-engineered into a real address.
  • Scope. What permission was used.
  • Outcome. 200 / 4xx / 5xx, latency, error code if any.
  • Payment. On paid actions: amount, network, payer, tx hash when on-chain settled.
02trust travels back

A user who has booked well across five doors carries that history into the sixth. Sites can ping the platform's reputation endpoint to check before letting a first-time visitor into the good rooms.

GET /api/aam-id/reputation/9f3c...e1200 OK
{
  "user_hash":          "9f3c...e1",
  "trust_band":         "established",
  "first_seen":         "2026-04-12T10:33:00Z",
  "sites_used":         5,
  "successful_actions": 14,
  "disputes":           0,
  "agent_vendors": [
    "anthropic-claude-3.7",
    "openai-gpt-4o"
  ]
}
03what we don't write down

We hash emails, never store the raw value. We do not record IP addresses or user-agents. We do not correlate across time beyond the action stream itself. The graph is built from action history alone.

Owners can export and delete their own data through Settings. Identity issuers are a single point of failure for trust, so export, deletion, and retention are first-class flows, not afterthoughts.

cross-site reputation

Queryable now.

The reputation graph speaks at /api/aam-id/reputation/<hash> on this domain.

Try a reputation lookup