The initial trust boundary is narrow. Every new agent process starts with the minimum authority it needs to complete its declared task.
The trust model widens that boundary through observed compliance. Not through configuration. Not through self-reported capability claims. Through what the agent actually does, measured against what it said it would do.
The hard part
Behavioral records are easy to construct for well-scoped tasks in bounded domains. They become much harder to construct for open-ended agents operating across many domains over long time horizons. We are currently working through the tradeoffs.