One curl call. Zero credits to register.
Then add npm middleware to verify agents in your API. W3C standard. Any framework.
$ npm install @moltrust/sdkOne authenticated call to /identity/register — concrete, verifiable building blocks. No DID key custody: your Ed25519 signing key is provisioned for you.
/identity/register bypasses the credit middleware by design. It still requires a valid API key (credit-free ≠ key-free).Your agent discovers, registers, and gets its credentials — without you in the loop. Point it at our agent-card and walk away.
Three machine-readable entry points. The first is canonical; the second is a byte-identical generated mirror.
GET /.well-known/agent-card.jsonPOST /identity/registerGET /a2a/agent-card/{did}@moltrust/agent-firewall (CAEP, polling)X-MolTrust-DID headerEvery path below is verified live against the MolTrust API v1.
Prefer TypeScript? @moltrust/sdk wraps step 2:
did:moltrust is the only supported DID method today. did:web and did:key are not accepted at this time. You do not bring key material in advance: POST /identity/register provisions your did:moltrust identifier and its Ed25519 signing key, publishes the public key in your DID document, and anchors it on Base L2.
The credential returned by /identity/register establishes identity and trust. It does not embed an Agent Authorization Envelope. AAE — the machine-readable permission contract (mandate, constraints, validity) — is configured as a separate step after registration via POST /delegation/configure.
A freshly registered agent does not start at a fixed grade. Until it has at least three endorsements, its score is withheld — GET /skill/trust-score/{did} reports it as null, not 0. That is the expected starting state, not an error.
Right after POST /identity/register your agent has a DID, a signed credential, and an on-chain anchor — but fewer than three endorsements. The trust-score endpoint returns withheld. Counterparties read this as “not yet rated,” which is distinct from a low score. Nothing is broken.
Once your agent has collected three or more endorsements, the registry computes a numeric score on the 0–100 scale and assigns a grade (S–F). From here the score is live and updates as behavioural evidence accumulates.
Agents also carry a class modifier — an orchestrator and a copilot are scored on slightly different baselines.
One line in your README. The badge fetches your live trust score automatically.
Protocol-agnostic trust scoring for x402 and MPP payment endpoints. Agents with insufficient trust scores are blocked before payment.
AAE is configured via POST /delegation/configure after registration — a machine-readable permission contract your API can inspect before every transaction. The credential returned by /identity/register does not embed it.
Read the full specification in Protocol Whitepaper v0.8 →
W3C DID Core v1.0 conformant. Create, Resolve, Update, Deactivate. Submitted to W3C DID Spec Registries.
| Option | Type | Default | Description |
|---|---|---|---|
| minScore | number | 0 | Minimum trust score required to pass verification. Agents below this threshold receive a 403. |
| requireAAE | boolean | false | Require a valid Agent Authorization Envelope in the credential. Rejects agents without one. |
| evaluateAction | string | — | Check whether the AAE mandate permits this specific action (e.g. "purchase", "transfer"). |
| evaluateAmount | number | — | Evaluate AAE financial constraints against this transaction amount (USD). |
| evaluateJurisdiction | string | — | Verify the AAE permits operations in this ISO 3166-1 jurisdiction code. |
| apiBase | string | api.moltrust.ch | Override the MolTrust API base URL. Useful for staging or self-hosted deployments. |
Pre-execution safety check for order-sensitive action sequences. Opt-in, deterministic, no LLM calls. Phase 1: WARN-only.
POST /guard/api/action/checkCheck a proposed action against the session history. Returns verdict (SAFE/WARN/BLOCK), residual score, and conflicting action.
GET /guard/api/action/statsAggregated SAS statistics: total events, breakdown by verdict, average residual.
GET /guard/api/action/events/{did}SAS events for a specific DID. Shows all WARN/BLOCK events with residual scores and conflicting actions.
Every agent action can produce a cryptographic proof record. IPRs are Merkle-batched and anchored on Base L2.
POST /vc/ipr/submitSubmit an IPR. Provide output_hash (SHA-256), agent_did, and confidence score. Returns ipr_id.
GET /vc/ipr/{ipr_id}Retrieve an IPR by ID. Returns output_hash, anchor status, Merkle proof, and Base L2 transaction hash.
POST /vc/ipr/verifyVerify an IPR: checks signature, on-chain anchor, and Merkle proof. Returns validity + anchor TX link.
GET /vc/ipr/agent/{did}List all IPRs for an agent. Paginated. Returns proof records with anchor status and Merkle proofs.
GET /vc/ipr/statsNetwork-wide IPR statistics: total records, anchored count, unique agents, average confidence score.
GET /vc/ipr/{ipr_id}/statusAnchor status of a specific IPR: pending, anchored, or failed. Includes retry count and block number.
Add trust verification to any x402 endpoint in one line. Block untrusted agents before they transact.
npm install @moltrust/x4021. ExtractWallet from x402 X-Payment header
2. ScoreMolTrust trust score (5-min cache, <10ms warm)
3. Gate403 + registration link if below threshold
Add trust verification to any MPP (Machine Payments Protocol) endpoint. Works with Stripe, Tempo, Visa. Same API as @moltrust/x402.
npm install @moltrust/mpp1. ExtractWallet from MPP Payment credential header
2. ScoreMolTrust trust score (5-min cache, <10ms warm)
3. Gate403 + registration link if below threshold
Works alongside @moltrust/x402 for x402 endpoints. Same API, different protocol.
Every x402 wallet gets an automatic trust profile. Shadow score, transaction history, and projected score after registration.
MolTrust supports a third enforcement layer via Falco eBPF — syscall-level monitoring that agents cannot bypass from userspace.
Layer 1 — CryptographicEd25519 signatures, JCS canonicalization. Tamper-proof by construction.
Layer 2 — APITrust score degradation, IPR submission, credential revocation.
Layer 3 — KernelFalco eBPF/syscall detection. Not bypassable by the agent process.
Falco Bridge (K8s)
When a policy violation is detected at the kernel level, Falco fires a webhook to the MolTrust bridge, which submits an IPR violation record. Trust score degrades automatically.
Identity plus a one-time score check isn't enough: a counterparty you onboarded yesterday can be revoked or downgraded today. @moltrust/agent-firewall lets your gateway react in real time — it polls the registry's CAEP Profile v1 and fires typed events on trust-score changes and revocations, with the new score verified end-to-end (JCS + Ed25519) before your handler runs.
Four CAEP endpoints (polling — no push)
GET /caep/pending/{did} — cursor-based pending events. Rate limit 120 polls/h per DID (30 s interval, server-enforced).POST /caep/acknowledge/{event_id} — idempotent soft-ack, 90-day retention.GET /.well-known/registry-key.json — Ed25519 JWK for signature verification.GET /skill/trust-score/{did} — signed score payload (JCS + Ed25519, kid moltrust-registry-2026-v1).Page size: server default limit=50 (max 500). PROFILE.md still documents 100 — the server value is authoritative.
Polling-only (CAEP Profile v1, proprietary — not OpenID SET). Typed handlers fire only for cryptographically-verified events by default.
Pick by what you're building. Each is an independent install; the one build-time dependency noted below is taken from the package manifest.
Gate agents at your API / server@moltrust/sdk — Express / Hono / Fastify middleware: verify(), register(). Batteries-included entry point.
Gate paid endpoints@moltrust/x402 for x402 payments · @moltrust/mpp for MPP (Stripe / Tempo / Visa). Same requireScore() shape.
Verify credentials offline@moltrust/verify — W3C VC + IPR against Base L2. No MolTrust API key required.
Author / validate AAE@moltrust/aae — Agent Authorization Envelope schema + runtime validator. Already pulled in by @moltrust/sdk.
React when trust changes post-onboarding@moltrust/agent-firewall — CAEP Profile v1 event-reactive layer (see above).
Agent runtime / OpenClaw@moltrust/openclaw — plugin: agent tools, slash commands, gateway RPC, CLI.
MCP client (Claude, etc.)moltrust-mcp-server — MCP server for trust verification, scoring & credentials (PyPI).
@moltrust/verify and @moltrust/agent-firewall are standalone consumer libraries — no MolTrust API key. @moltrust/sdk declares @moltrust/aae as a dependency, so installing the SDK pulls AAE in automatically.
Express + Hono middleware. AgentTrust.verify(), .middleware(), .register().
MPP trust middleware for Express. Payment credential header. Stripe/Tempo/Visa.
MCP server — 48 tools for trust verification, scoring, credentials.
OpenClaw plugin — 2 agent tools, 2 slash commands, CLI, gateway RPC. Free tier included.
CAEP Profile v1 consumer — react to revocations, flag changes & trust-score updates. Signed trust-score verification (JCS + Ed25519).
MolTrust runs in fully API-only mode — no blockchain, no VPN required. All @moltrust/* packages are available on cnpm. W3C DID/VC trust for your OpenClaw agents, compliant with CAC requirements.
MolTrust 提供 W3C DID/VC 信任基础设施,支持 OpenClaw 代理的身份验证、信任评分和可验证凭证。纯 API 模式,无需区块链,无需 VPN。
MolTrust provides W3C DID/VC trust infrastructure for AI agents. Pure API mode — no blockchain required, no VPN needed. All @moltrust/* packages available on cnpm.