ECZ-ID Python Tools
Local inspection tools for agents, MCP, APIs, SBOM, DORA, AI provenance, robotics, humanoid readiness and digital counterparty evidence.
Use ECZ-ID Python tools to inspect local project, agent, API, MCP, SBOM, DORA, robotics, humanoid-readiness and AI-provenance signals before routing to operator setup or public Resolver proof.
The tools run locally. They inspect, explain and route. They do not issue an ECZ-ID, write canonical truth, create public proof, upload source code, make safety, compliance or insurance decisions, or replace Resolver proof.
Quick install guidance
Every tool is on PyPI, runs locally, uploads no source code and uses no hidden telemetry. Install with pip, or run a single command with pipx or uvx.
Install with pip
$ python -m pip install ecz-id$ python -m pip install ecz-id-mcp$ python -m pip install ecz-id-api$ python -m pip install ecz-id-sbom
Run once with pipx or uvx
$ pipx run ecz-id-sbom --help$ uvx ecz-id-sbom --help
Where the distribution name and CLI command differ, install the distribution and call its command:
$ python -m pip install ecz-id-digital-counterparty$ ecz-id-counterparty --help$ python -m pip install ecz-id-humanoid-insurability-readiness$ ecz-id-humanoid --help
Structured JSON output is available on the inspection commands (for example --json) for CI-ready use. A completed inspection is a neutral observation: re-check before reliance.
Which tool should I use?
The ten packages
Each tool inspects one surface locally, explains what it observes, and routes you to operator setup or public proof. None of them issue an ECZ-ID, determine an ECZ-ID BOUND state, or create public proof.
ecz-id
FoundationShared ECZ-ID local inspection and machine-readable integration foundation for the whole Python family.
Install once as the shared core: the result contract, reason codes, safe file enumeration and machine-readable manifest used by every specialist tool.
$ python -m pip install ecz-id$ ecz-id --help
ecz-id-api
APIs & softwareInspect API and OpenAPI configuration posture, then route API evidence setup.
Point it at an API project or descriptor to read the declared ECZ-ID posture and co-located OpenAPI metadata locally, before any operator setup.
$ python -m pip install ecz-id-api$ ecz-id-api --help
ecz-id-digital-counterparty
Business & counterpartyInspect website, portal or digital-counterparty descriptors before operator setup.
Validate and scaffold a /.well-known/ecz-site.json and see what a machine consumer or the Resolver would read from your site — locally and offline.
$ python -m pip install ecz-id-digital-counterparty$ ecz-id-counterparty --help
ecz-id-agents
Agents & AIInspect agent and Know-Your-Agent declaration posture, then route agent accountability setup.
Statically read agent manifests and declared tool, API, MCP and operator relationships. It never imports or runs agent code and never reads prompts into results.
$ python -m pip install ecz-id-agents$ ecz-id-agents --help
ecz-id-mcp
Agents & AIInspect MCP server configuration posture, then route MCP evidence setup.
Statically read an MCP server manifest for declared transport, tools and identity. It never starts a server, connects a transport or executes a configured command.
$ python -m pip install ecz-id-mcp$ ecz-id-mcp --help
ecz-id-sbom
APIs & softwareInspect SBOM evidence posture, then route software supply-chain evidence setup.
Read a CycloneDX or SPDX bill of materials for an ECZ-ID reference and neutral inventory signals. XML DTDs and entities are rejected, never expanded.
$ python -m pip install ecz-id-sbom$ ecz-id-sbom --help
ecz-id-dora
Resilience & vendorInspect DORA-oriented vendor resilience evidence posture.
Read a resilience-evidence register and see what is declared, present or absent on disk, with a deterministic evidence-readiness table. It is not a DORA compliance verdict.
$ python -m pip install ecz-id-dora$ ecz-id-dora --help
ecz-id-robotics
Robotics & physicalInspect robot deployment descriptors for ECZ-ID robot-passport configuration posture.
Map a robot or fleet descriptor and ROS workspace to the parent Robot Passport by operating environment. It never connects to or commands a robot and never starts ROS.
$ python -m pip install ecz-id-robotics$ ecz-id-robotics --help
ecz-id-humanoid-insurability-readiness
Robotics & physicalExplain HUMANOID profile readiness under the correct Industrial, Public-Space or Domestic Robot Passport route.
Organise a humanoid profile so an assessor could review it more easily. HUMANOID is a profile and readiness route, not a separate Passport. The operating environment determines the correct Robot Passport route, and HUMANOID requires the Assured tier.
$ python -m pip install ecz-id-humanoid-insurability-readiness$ ecz-id-humanoid --help
ecz-id-ai-provenance
Agents & AIInspect AI artefact provenance declaration posture, then route provenance evidence setup.
Read provenance declarations and model or dataset cards for declared lineage. It does not fetch model weights or datasets and does not evaluate a model.
$ python -m pip install ecz-id-ai-provenance$ ecz-id-ai-provenance --help
Continue with ECZ-ID
Operator setup ↗
Setup, acquisition, lifecycle and repair.
Public Resolver proof ↗
Read-only public verification of current state.
Central Machine Interface ↗
Canonical machine-readable roots and safe actions.
Developer Gateway ↗
Documentation and routing for developers.
EcoCitizenz ↗
EcoCitizenz public site.
Specifications and governance ↗
Specifications and governance.
ECZ-ID on Visual Studio Marketplace ↗
The ECZ-ID publisher on the Visual Studio Marketplace.
ECZ-ID on Open VSX ↗
The ECZ-ID namespace on Open VSX.
Explore the whole family on PyPI: ECZ-ID Python tools on PyPI ↗
Public role boundaries (locked)
- · Backend / Core — writes canonical truth.
- · TrustOps — setup, acquisition, payment, lifecycle and repair.
- · Resolver — read-only public proof of current state.
- · Developer Gateway — explains, documents and routes.
- · Python tools — inspect, explain and route only.
- · VS Code / Open VSX extensions — discover, inspect, educate and route only.
What this page and these tools do not claim
- · No tool issues an ECZ-ID, determines BOUND, activates proof or creates Resolver truth.
- · Local inspection does not create public proof, and does not price, cart or sell.
- · No result is a safety, certification, approval, compliance, insurance or premium decision.
- · Missing public proof is neutral — it does not mean unsafe. Local policy decides; re-check before reliance.
- · PyPI, Microsoft, Open VSX and GitHub do not endorse ECZ-ID; marketplace links are for discovery only.
Machine-readable integration
Each installation includes structured machine-readable metadata for automation, CI and supported integrations, and every JSON report embeds a compact machine-readable object carrying the canonical roots and the safe, read-only actions. A machine-readable index of these ten tools is published alongside this page.
VS Code and Open VSX extensions
The ECZ-ID editor extensions discover, inspect, educate and route only — the same role boundary as the Python tools. Browse the full publisher and namespace:
Resolver and TrustOps routes
Operate the target
Go to TrustOps ↗
Setup, acquisition, lifecycle and repair live in TrustOps — not on this site and not in the packages.
Check public proof
Open the Resolver ↗
Read-only public proof of current state. Local inspection does not replace it.
More developer guidance: Agent Trust, MCP, Bindings and the DORA + SBOM suite.
