Build Your Own

Build Your Own ECZ-ID-Backed Agent

A master guided flow for building custom agents with resolver-verifiable identity. Choose your archetype, choose your stack, credential through TrustOps at the midpoint, then complete, verify, and deploy into your environment after TrustOps and Resolver checks.

1Choose Archetype→2Choose Stack→3Identify Package→4Credential Checkpoint→5Acquire in TrustOps→6Integrate→7Verify→8Deploy

What you will have at the end

A resolver-verifiable, ECZ-ID-backed agent — credentialed, tested, and deployable to any infrastructure.

Critical path: what you do first

Choose archetypeChoose stackID required pack→ TrustOps /startAcquire credentialsPaste into configRun & verifyDeploy

What comes back from TrustOps

Agent ECZ-ID · Credential manifest (discovery only) · API keys issued in TrustOps · Resolver-verifiable status

1Choose Your Archetype

What kind of agent are you building? Your archetype determines the required trust objects and recommended integration patterns.

Skill Agent

Single-purpose agent executing defined skills (extraction, classification, summarisation).

Use cases: Document processing, data analysis, content generation

Trust objects: Business Passport + Agent Credential

Orchestrator / Subagent

Primary agent delegating to specialised subagents with credential propagation.

Use cases: Complex workflows, multi-step processing, hierarchical decisions

Trust objects: Business Passport + Agent Credentials (per agent)

API Workflow Agent

Multi-step API orchestrator with identity-linked evidence handoffs at every boundary.

Use cases: System integration, data pipelines, cross-org workflows

Trust objects: Business Passport + Agent Credential + API Passport

Compliance / Evidence Agent

Evidence collector and audit assembler with provenance-anchored outputs.

Use cases: Regulatory reporting, audit automation, evidence management

Trust objects: Business Passport + Agent Credential + Risk & Policy Passport

Operations / Incident Agent

Monitoring, anomaly detection, and incident response with verified chains.

Use cases: Infrastructure monitoring, incident response, SRE automation

Trust objects: Business Passport + Agent Credential + Cyber Resilience Passport

Research / Intelligence Agent

Source aggregation, cross-referencing, and provenance-tracked synthesis.

Use cases: Market research, competitive intelligence, data synthesis

Trust objects: Business Passport + Agent Credential + Dataset Passport

Support / Intake Agent

Request handling, triage, routing, and SLA tracking with identity context.

Use cases: Customer support, ticket triage, service desk automation

Trust objects: Business Passport + Agent Credential

Platform Integration Agent

Bridge into existing platforms (OpenClaw, Claw) with ECZ-ID trust anchoring.

Use cases: Platform migration, ecosystem bridging, cross-platform identity

Trust objects: Business Passport + Agent Credential + API Passport

Custom Agent

Build anything from scratch with the Generic Python Starter and ECZ-ID hooks.

Use cases: Any use case not covered by other archetypes

Trust objects: Business Passport + Agent Credential + (as needed)

2Choose Your Stack

ECZ-ID is stack-agnostic. Choose the technical foundation that fits your team and use case.

Anthropic Claude

Claude-powered agents with native Claude API integration. Best for teams already invested in the Anthropic ecosystem.

Available kits: Claude Skill Starter, Claude Subagent Starter

MCP (Model Context Protocol)

Model-agnostic agents that can switch between LLM providers. Best for avoiding vendor lock-in.

Available kits: MCP Agent Starter

Python Native

Pure Python agents with no LLM dependency. Best for deterministic workflows and custom processing.

Available kits: API Workflow, Compliance, Operations, Support, Research, Generic

Platform Bridge

Integration with existing agent platforms (OpenClaw, Abacus Claw). Best for extending existing deployments.

Available kits: OpenClaw Integration Starter

3Identify Required TrustOps Package

Based on your archetype and stack, identify which ECZ-ID passports and packages you need to acquire.

Primary route

KYA Ready Pack™ is the recommended starting point for the majority of agent builds. It covers the Business Passport and Agent Credential required to deploy and verify any agent type. Additional domain packs layer on top for specific use cases (compliance, operations, research). If in doubt, start with KYA Ready Pack™ and discuss scope in TrustOps.

Archetype	Minimum Required	Recommended Additional	Package
Skill Agent	Business Passport + Agent Credential	API Passport, Software Supply Chain	KYA Ready Pack™
Orchestrator / Subagent	Business Passport + Agent Credentials (each)	AI Model Passport	KYA Ready Pack™
API Workflow	Business Passport + Agent Credential + API Passport	Cyber Resilience Passport	Cyber Governance Pack
Compliance Agent	Business Passport + Agent Credential + Risk & Policy	Dataset Passport, Cyber Resilience	Cyber Governance Pack
Operations Agent	Business Passport + Agent Credential	Cyber Resilience, IoT Device Passport	Critical Operator Pack
Research Agent	Business Passport + Agent Credential + Dataset Passport	API Passport, AI Model Passport	AI Provenance Pack
Support Agent	Business Passport + Agent Credential	API Passport	KYA Ready Pack™
Platform Bridge	Business Passport + Agent Credential + API Passport	Software Supply Chain, AI Model	Developer Payout Pack

View Required ECZ-ID Package →

4TrustOps Credentialing Checkpoint

TrustOps Credentialing Checkpoint

Pause here to acquire your required ECZ-ID trust objects

This is a designed pause point in your build process. Before continuing, you need to acquire the required ECZ-ID passports and credentials from TrustOps. This midpoint credentialing approach ensures your agent is built with resolver-verifiable identity from the start—not bolted on after the fact.

Required Passports

ECZ-ID Business Passport
Agent Credential

Recommended Passports

API Passport
AI Model Passport
Dataset Passport
Cyber Resilience Passport
Risk & Policy Passport
Software Supply Chain Passport

Relevant Packages

KYA Ready Pack™Developer Payout PackAI Provenance PackCyber Governance Pack

What You Must Acquire in TrustOps

ECZ-ID Business Passport

Enables: Parent organisation identity, anchoring all agent and service credentials

Agent Credential

Enables: Unique resolver-verifiable identity for each agent in your deployment

Domain-Specific Passports

Enables: Additional trust objects based on your archetype (API, Dataset, Risk & Policy, etc.)

What You Bring Back from TrustOps

Agent ECZ-ID(s)

Unique resolver-verifiable identity strings for each agent

Credential Manifest

JSON configuration with declared capability metadata and operational boundaries

API Keys (issued in TrustOps)

ECZ-ID API keys issued in TrustOps, for identity context injection and verification hooks

Resolver-Verifiable Status

Initial resolver-verifiable status — confirmed through Resolver, not asserted by this site

Continue in TrustOps View Required ECZ-ID Package

5Acquire in TrustOps

TrustOps is the commercial and operational control surface. All ECZ-ID passports, credentials, and API keys are acquired through TrustOps.

Why Midpoint Credentialing?

Credentialing at the midpoint means your agent is built around resolver-verifiable identity from the start. Retrofitting credentials onto a finished agent is harder, less secure, and produces weaker evidence posture.

What Happens in TrustOps

You register your organisation, define your agent's capabilities and boundaries, select the required passport family and package, and receive your production credentials and API keys.

What You Bring Back

Agent ECZ-ID(s), credential manifests (discovery only), API keys issued in TrustOps, and resolver-verifiable status. These are injected into your agent configuration in the next step.

6Return and Integrate

With your TrustOps credentials in hand, complete the final integration steps.

Inject credentials into configuration

Add Agent ECZ-ID, API keys, and credential manifest to your agent configuration files.

Wire identity hooks into your pipeline

Connect ECZ-ID identity context injection to every action in your agent pipeline.

Enable audit trail generation

Activate identity-anchored audit logging for compliance readiness.

Test in sandbox environment

Run your complete agent in the ECZ-ID sandbox to verify identity flows end-to-end.

Validate trust context in outputs

Confirm every agent output carries correct provenance metadata and verification endpoints.

7Verify with Resolver

Resolver is the public verification surface. Any party can verify your agent's identity without needing an account.

Identity Verification

Query your agent's ECZ-ID through Resolver to confirm resolver-verifiable state, capability evidence records, and current resolver state.

Output Provenance

Trace any agent output back through its provenance chain to the resolver-verifiable identity that produced it.

External Verification

Share your agent's ECZ-ID with partners, regulators, or customers so they can independently verify.

Resolver State Review

Monitor your agent's resolver state and the factors contributing to it over time.

Verify with Resolver

8Deploy Into Your Environment

ECZ-ID-backed agents are portable. Your resolver-verifiable identity travels with your agent regardless of deployment target after TrustOps and Resolver checks. No vendor lock-in.

AWS / GCP / Azure

Self-hosted infrastructure

Docker / Kubernetes

Serverless functions

Edge compute

On-premise data centres

Hybrid cloud

Air-gapped environments

Resources

Ready to Start Building?

Choose a starter kit for a guided experience, or begin your custom build and credential through TrustOps.

Browse Starter Kits Continue in TrustOps