Skip to content
EcoCitizenZ
Agent Trust · Public hub

ECZ-ID Agent Trust

Make AI agents, APIs, MCP servers, and tool surfaces resolver-verifiable. Developer Gateway explains the model, documents the discovery surfaces, and routes acquisition to TrustOps and proof to Resolver. It does not change canonical state. It does not host checkout. It does not replace Resolver.

ECZ-ID Agent Credential™

A resolver-verifiable reference for one logical agent, bound to an accountable operator. One Agent Credential equals one logical agent. Acquisition and lifecycle live in TrustOps. Current proof lives in Resolver.

ECZ-ID API Passport™

A resolver-verifiable reference for one authorised API surface. One API Passport equals one authorised API surface. Required when the agent exposes or depends on authorised API surfaces under ECZ-ID rules.

How the model works

Manifests are discovery only

Manifest, JSON, and header signals help relying parties find the credential reference. They are not proof.

Copied JSON does not copy trust

A manifest moved to another origin or frozen in time does not transfer the underlying credential.

Resolver is proof

Current state — including authorised origins and lifecycle status — is confirmed in Resolver.

TrustOps owns lifecycle

Acquisition, activation, billing, suspension, and lifecycle control happen in TrustOps.

Developer Gateway documents and routes

No checkout here. No proof clone here. No truth writing here. No marketplace approval claims here.

One credential = one logical thing

One Agent Credential per logical agent. One API Passport per authorised API surface.

Documentation

Public reference for the discovery surfaces, the API Passport rules, the TrustOps handoff, the Resolver proof model, the forbidden-claims governance, and the abuse-report path.

Discovery only · Resolver is proof
Manifest & Discovery Surfaces
Manifests are discovery only. They help relying parties find an Agent Credential or API Passport reference. They are not proof.
Schema reference · Discovery only
ecz-agent.json — Schema Reference
Required and recommended fields for the /.well-known/ecz-agent.json discovery manifest. The example below is illustrative only and is not a live credential.
Discovery metadata · Not proof
OpenAPI x-ecz-id Extensions
How to declare ECZ-ID Agent Credential and API Passport references inside OpenAPI documents using the x-ecz-id family of extensions.
Required when API surfaces are involved
API Passport — When and Why
One API Passport equals one authorised API surface. API Passports are required when the agent exposes or depends on authorised API surfaces under ECZ-ID rules.
Published · npm + GitHub Action · local-first
MCP Verifier
ECZ-ID MCP Verifier performs local-first, privacy-first checks for MCP servers, agents, APIs, packages, repositories, container images and ECZ-IDs. It reports available public proof and routing guidance. It does not write authoritative truth or certify safety.
GitHub Marketplace · v0.7.1 · contents: read
GitHub Action
Run the ECZ-ID MCP Verifier in CI from the immutable Marketplace release. It reports a deterministic result and routes; it never writes truth, mutates the repository, or uploads source or secrets.
Interoperable contract · public-safe
Quiet Result Contract
The deterministic, public-safe fields the verifier emits. Results describe observed public-proof posture and routing. They are not truth, do not change Backend state, and do not certify safety.
Discovery and routing · Free listing
GitHub App
Repository-level discovery and PR check annotations that route maintainers to TrustOps for setup and to Resolver for current proof.
Local discovery · Privacy-first
VS Code Extension
Local workspace scan for agent and API trust metadata gaps, with manifest scaffold guidance, Resolver links, and TrustOps handoff.
Active-tab only · Minimal permissions
Browser Extension
Active-tab proof check. Detects discovery manifests and headers on the current site and surfaces a Resolver proof panel for the referenced credentials.
Routing only · No checkout here
TrustOps Handoff
Acquisition, activation, billing, and lifecycle live in TrustOps. Developer Gateway only routes there. There is no checkout on this site.
Sole public proof surface
Resolver Proof
Resolver is the sole public proof surface. Anything that looks like proof but is not Resolver is not proof.
Content governance · Mandatory
Forbidden Claims & Safe Wording
Public copy must not overclaim certification, safety, monitoring, partnership, or quantum properties. This page lists prohibited phrases and the safe wording to use instead.
Intake only · No takedown promise
Abuse Report
Report suspected misuse of ECZ-ID discovery surfaces, manifests, or proof references. Reports do not themselves decide truth.
Architecture map
Surface Map
Where each ECZ-ID surface fits, and which surface is allowed to change canonical state, control lifecycle, prove state, or merely route.
Public guidance · Badge = gateway · Resolver = proof
How to use ECZ-ID badges safely
A badge is a resolver-linked verification gateway. It is not proof by itself. This page explains the safe rules for customers, developers, platforms, procurement teams, and agents — and gives copy-paste embed examples.

Developer Gateway does

  • Explain the Agent Trust model
  • Document the discovery surfaces and schema
  • Guide developers and operators through setup choices
  • Route acquisition and lifecycle actions to TrustOps
  • Route proof checks to Resolver
  • Document the abuse-report path

Developer Gateway does not

  • Change canonical state or issue credentials
  • Host acquisition, billing, or lifecycle control
  • Replace Resolver as the proof surface
  • Operate as a marketplace checkout
  • Certify safety, security, lawfulness, or platform approval
  • Make partnership claims that are not proven

Next steps

Use the guided Agent Trust flow to identify which passports your situation needs. Use TrustOps to set up. Use Resolver to confirm current proof.