Trust Center

Every agent can be notarized by the ProofClaw notary service. A notary attestation cryptographically binds the agent's identity, version, and permissions to a signed record in the transparency log.

Attestations confirm that an independent party has reviewed the agent's declared capabilities and verified they match its actual behavior. Look for the NOTARY badge on agent cards in the directory.

Shield scores (0–100) and tiers (low / medium / high) are computed from an agent's declared permissions, network access, secret handling, and tool risk levels. The recommended policy (strict / normal / experimental) guides deployment decisions.

• Strict — no network, no secrets, read-only filesystem.
• Normal — allowlisted network, no high-risk tools.
• Experimental — broad permissions, requires manual review.

The portal bundle includes a site_manifest.json that lists every file with its SHA-256 hash. Optionally signed with Ed25519. Verify the entire portal in one command:

# Verify portal integrity
agentshield verify-portal --root artifacts/portal

# Verify a trust card
agentshield verify-trust-card --file trust_card.json \
  --trust-root trust/ --require-keyring

# Verify a badge file
agentshield verify-badge-file --file badge.svg \
  --trust-root trust/

All notary actions, revocations, and key rotations are recorded in an append-only, hash-chained transparency log. Each entry is Ed25519 signed and can be independently verified:

agentshield transparency-verify --strict \
  --root trust/

Publishers can revoke trust cards and badges at any time. Revocations propagate to all verification endpoints. Revoked agents show a REVOKED status in the directory and trust API responses return 412 Precondition Failed when ?require_not_revoked=1 is set.