Verifier wedge · Resolver-checked

MCP Verifier

A fail-closed verifier for MCP server and tool endpoints. It checks discovery surfaces and resolves current state via Resolver before allowing high-risk calls to proceed.

What it checks

Presence and basic shape of an ecz-agent.json manifest at the configured location
Presence of x-ecz-api-passport metadata on the MCP/tool surface
Resolver lookup for the referenced API Passport and Agent Credential
Mismatch between declared and resolved operator

What it does not check

It does not certify the agent or API as safe
It does not inspect prompts, source code, or user data
It does not act as a replacement for Resolver
It does not write truth back to the backend

Modes

fail-closed — high-risk default; calls are blocked if Resolver does not confirm current proof
soft-report — development mode that logs verification gaps without blocking the call

Remediation path

Where verification gaps are reported, the verifier links the operator to TrustOps for setup or lifecycle action. The verifier itself does not provision anything.

Example configuration

mcp-verifier.config.json

{
  "mode": "fail-closed",
  "resolver_base": "https://resolver.ecocitizenz.org",
  "manifest_paths": [
    "/.well-known/ecz-agent.json"
  ],
  "require_api_passport_for": ["mcp", "tool", "webhook", "gpt-action"],
  "soft_report_in_dev": true
}

Publish status honesty

Do not describe the verifier as published, distributed, or platform-listed unless that is currently true and proven. No hidden telemetry. No proof clone.

Set up in TrustOps ↗Resolver proof →

ECZ-ID separates setup, verification state, and public proof. Developer Gateway documents setup paths and verifier guidance. TrustOps handles setup. Resolver remains the public proof surface. Re-check before reliance. Local policy decides.