ECZ-ID Agent Trust

Resolve the agent before you allow it to act.

Free, local-first trust checks for AI agents, MCP tools, agent frameworks, and ecz-agent.json. See what is resolvable, what is missing, and what to fix next — without uploading any source.

• 🔍 Detects agent manifests, MCP tool configs, frameworks, tool/action specs, and webhooks
• 🧭 Plain-English posture: resolvable, partial, or no public resolver proof yet
• 🛠️ Validate or scaffold ecz-agent.json / .well-known/ecz-agent.json locally
• 🔒 No source upload. No telemetry by default. No proof claims without Resolver.

Resolve the server. Resolve the agent. Re-check before reliance.

Screenshot placeholder — replace media/screenshot-panel.png with a capture of the Agent Trust panel before publishing.

What it checks

• Agent manifests (agent.yaml, agent.json) and tool / action specs.
• Agent frameworks (LangChain/LangGraph, CrewAI, AutoGen, Semantic Kernel, LlamaIndex, OpenAI, Anthropic).
• MCP tool configuration and webhooks an agent may call.
• Whether an ecz-agent.json resolver reference is present, and whether an API Passport is recommended.

What this extension does / does not do

Does

• Discover agent surfaces locally by filename and path.
• Explain posture in soft, plain-English language and copy a claim-free proof guidance snippet.
• Route you to Resolver (proof), TrustOps (setup), and the Developer Gateway (docs).
• Validate or scaffold a placeholder ecz-agent.json only when you ask it to.

Does not

• Upload source code, prompts, or secrets.
• Write canonical truth, decide BOUND state, or activate entitlement — Backend/Core and TrustOps own that.
• Make trust claims about any agent. Resolver is the only source of proof, and local policy decides.
• Take payment or run any checkout. Commercial actions happen only in TrustOps.

Commands

• ECZ-ID Agent Trust: Scan Workspace
• ECZ-ID Agent Trust: Open Public Agent Trust Check
• ECZ-ID Agent Trust: Improve Agent Resolver Posture
• ECZ-ID Agent Trust: Copy Agent Proof Guidance
• ECZ-ID Agent Trust: Validate or Scaffold ecz-agent.json
• ECZ-ID Agent Trust: Open Resolver
• ECZ-ID Agent Trust: Attach ECZ-ID to Workspace

Privacy

Local-first. Metadata-only handoff. No telemetry. No source upload. No checkout in the extension.

• The normal scan reads filenames and paths only — never file contents.
• The validate/scaffold command reads only ecz-agent.json and only after you invoke it.
• The handoff opens the public Agent Trust Check page — TrustOps is the only place where commercial actions happen.
• Resolver is read-only.

See PRIVACY.md. Full notice: https://ecocitizenz.com/privacy/vscode

Links

• Resolver (read-only proof): https://resolver.ecocitizenz.org
• TrustOps (setup & activation): https://trustops.ecocitizenz.com/start/agent-trust
• Developer Gateway (docs): https://developers.ecocitizenz.com/agent-trust

ECZ-ID is an independent project and is not affiliated with or sponsored by Microsoft, GitHub, VS Code, OpenAI, Anthropic, Google, or AWS. ECZ-ID helps make identity, authority, and resolver posture easier to review. Local policy decides whether this is sufficient.