GitHub Marketplace · v0.7.1 · contents: read
GitHub Action
Run the ECZ-ID MCP Verifier in CI from the immutable Marketplace release. It reports a deterministic result and routes; it never writes truth, mutates the repository, or uploads source or secrets.
Usage
.github/workflows/verify.yml
permissions:
contents: read
steps:
- uses: Ecocitizenz/ecz-id-mcp-verifier@v0.7.1
with:
target: ECZ-GB-A93K7Q
policy: OPENRelease and distribution
- GitHub Marketplace release: Ecocitizenz/ecz-id-mcp-verifier@v0.7.1
- npm distribution remains @ecocitizenz/ecz-id-mcp-verifier@0.7.0
- Runs the committed runtime (no rebuild inside your workflow)
Permissions and safety
- Minimum permission: contents: read
- No repository mutation; no PRs or issues opened
- No source-code or secret upload; no hidden telemetry
Inputs
- target (required), target-type, policy (OPEN|PREFER|REQUIRE), operator
- resolver-base, no-network, offline, json, timeout-ms
Outputs
- result-state, reason-codes, primary-action
- action-envelope-json, setup-handoff-json, mcp-action-envelope-json, request-to-resolve-json
- trustops-action-url, developer-guidance-url; plus a GitHub job step summary
Expected exits
- OPEN / PREFER on missing proof: 0
- REQUIRE on missing or invalid proof: non-zero (fail closed)
- Invalid or unsupported target: non-zero
Setup handoff is routing, not proof
Where setup is required, the Action routes the operator to TrustOps. The handoff is routing only; the public proof surface is Resolver, and re-check before reliance.
No platform endorsement claim
Listing in the GitHub Marketplace is distribution. It is not GitHub verification, endorsement, certification, approval, or a safety determination.
ECZ-ID separates setup, verification state, and public proof. Developer Gateway documents setup paths and verifier guidance. TrustOps handles setup. Resolver remains the public proof surface. Re-check before reliance. Local policy decides.