Architecture map
Surface Map
Where each ECZ-ID surface fits, and which surface is allowed to write truth, control lifecycle, prove state, or merely route.
Role of each surface
- Developer Gateway — documentation, onboarding, guided flows, routing
- TrustOps — acquisition, setup, payment, lifecycle, operational control
- Resolver — public proof of current state
- VS Code extension — local discovery, gap check, handoff to TrustOps and Resolver
- GitHub App — repository and pull request discovery, scaffold, routing
- Subscription / commerce surfaces — acquisition routing only, no verification state
- Browser extension — website discovery and Resolver proof panel
- MCP Verifier — fail-closed verifier for MCP and tool calls
- GPT helper — education and setup guidance only
- AWS, NVIDIA and similar surfaces — documentation, metadata, and checker positioning only
Truth boundary
No surface writes truth except the backend. No surface clones Resolver. No surface hosts checkout outside TrustOps. Discovery signals are discovery only.
ECZ-ID separates setup, verification state, and public proof. Developer Gateway documents setup paths and verifier guidance. TrustOps handles setup. Resolver remains the public proof surface. Re-check before reliance. Local policy decides.