ECZ-ID

One place to find the right ECZ-ID trust check for your workspace.

Free, local-first trust cockpit. Scan your workspace, see which trust surfaces you have (agents, MCP, API, CI/CD, dependencies, compliance, vendors), and continue in TrustOps when you're ready.

🧭 "Which ECZ-ID check should I run?" — routes you to the right spoke in one click
🔍 Local scan groups findings by rail, in plain English
🔗 Resolver lookup, TrustOps handoff (metadata-only), and Developer Gateway docs
🔒 No source upload. No telemetry by default. No proof claims without Resolver.

Backend writes truth. TrustOps handles setup. Resolver proves. Machines re-check.

ECZ-ID hub

Screenshot placeholder — replace media/screenshot-hub.png with a capture of the ECZ-ID activity bar before publishing.

The ECZ-ID estate

Spoke	Looks for
Agent Trust	Agents, MCP tools, frameworks, `ecz-agent.json`
MCP Trust	MCP servers, `mcp.json`, `.vscode/mcp.json`, `ecz-mcp.json`
API Security	OpenAPI / Swagger, GraphQL, API routes
CI/CD Trust	Pipelines, Dockerfiles, release provenance
Dependency Security	Lockfiles and software bill of materials
Compliance Risk	Operational resilience and audit artefacts
Vendor Risk	Vendor / supplier manifests, SDK configs

What this extension does / does not do

Does — discover trust surfaces locally, explain them in plain English, and route you to Resolver (proof), TrustOps (setup), and the Developer Gateway (docs).

Does not — upload source code; write canonical truth or decide BOUND state; activate entitlement; make trust claims about anything; or take payment. Commercial actions happen only in TrustOps; local policy decides what is sufficient.

Commands

ECZ-ID: Scan Workspace
ECZ-ID: Which ECZ-ID check should I run?
ECZ-ID: Show Current State / Show Findings
ECZ-ID: Open Resolver
ECZ-ID: Continue in TrustOps
ECZ-ID: Open Developer Gateway Docs
ECZ-ID: Attach ECZ-ID to Workspace
ECZ-ID: Open Privacy Notice / Open Settings

Privacy

Local-first. Handoff to TrustOps is metadata only (rail, rule IDs, severities, counts). No telemetry. No source upload. Respects VS Code Workspace Trust. See PRIVACY.md.

Links

Resolver (read-only proof): https://resolver.ecocitizenz.org
TrustOps (setup & activation): https://trustops.ecocitizenz.com/start
Developer Gateway (docs): https://developers.ecocitizenz.com

ECZ-ID is an independent project and is not affiliated with or sponsored by Microsoft, GitHub, VS Code, OpenAI, Anthropic, Google, or AWS. ECZ-ID helps make identity, authority, and resolver posture easier to review. Local policy decides whether this is sufficient.

ECZ-ID

EcoCitizenz

ECZ-ID

The ECZ-ID estate

What this extension does / does not do

Commands

Privacy

Links