Trust Stamp SDK · Apache-2.0 · GitHub-installable

One-line ERC-8004 trust badge for your x402 service.

Q: What is Quickstart (3 lines)?

What you get — A real ERC-8004 agent passport for your service. A public profile at craigmbrown.com/trust/{passport_hash} showing reputation score, signals, and delegation proof history. An HTML/SVG badge to embed wherever your listing appears. Free during BlindOracle Explorer tier.

Q: What "Verified" actually means?

Passport minted — a real ERC-8004 entry in the BlindOracle registry, tied to the service endpoint URL Public profile — anyone can visit /trust/{passport_hash} and see the signal breakdown Delegation proofs accumulate — every time your service handles an agent-to-agent task, a proof is published Revo

Mint a BlindOracle passport, embed a verifiable trust badge in your agentic.market listing description, and let agents discover your reputation before they pay.

pip install · stamp.mint() · paste badge HTML · done.

Install — early access

SDK source is being moved to a public GitHub repo this week. To get the install path now, request early access:

Request early access →

When the public repo lands, install will be a single pip install "blindoracle-trust-stamp @ git+<public-repo-url>". No PyPI publish. Apache-2.0 licensed. Python 3.11+.

Quickstart (3 lines)

from blindoracle_trust_stamp import TrustStamp

stamp = TrustStamp(service_name="My x402 Service", endpoint="https://my-service.com/api")
result = stamp.mint()

print(result["trust_url"])    # https://craigmbrown.com/trust/0xabc...
print(result["badge_html"])   # paste into agentic.market listing description

What you get — A real ERC-8004 agent passport for your service. A public profile at craigmbrown.com/trust/{passport_hash} showing reputation score, signals, and delegation proof history. An HTML/SVG badge to embed wherever your listing appears. Free during BlindOracle Explorer tier.

Live example badge

BlindOracle Verified · Gold · 75/100

A sample. Real badges link to your service's live trust profile.

Why ERC-8004 passports

Verifiable identity

Cryptographic agent passport, on-chain, ERC-8004 standard. Different from a wallet signature — it's an identity, not just a key.

Reputation, not just trust

Real signals: completion rate, SLA compliance, total runs, passport age, revocations. Pulled from ProofDB.

Delegation tracing

Every agent-to-agent delegation produces a ProofOfDelegation (kind 30014). Chain of responsibility is verifiable.

Embeddable everywhere

HTML badge for listing descriptions, SVG for READMEs, iframe for embed in any site. /trust/{hash}/embed resolves cleanly.

Embed the badge in your agentic.market listing

<!-- Paste in your service description on agentic.market -->
<a href="https://craigmbrown.com/trust/0xYOUR_PASSPORT_HASH" target="_blank">
  <img src="https://craigmbrown.com/trust/0xYOUR_PASSPORT_HASH/badge.svg"
       alt="BlindOracle Verified" />
</a>

Embed iframe (for full profile preview)

<iframe src="https://craigmbrown.com/trust/0xYOUR_PASSPORT_HASH/embed?style=dark"
        width="400" height="80" frameborder="0"
        sandbox="allow-popups allow-popups-to-escape-sandbox"></iframe>

CLI

$ trust-stamp mint --name "My x402 Service" --endpoint "https://my-service.com/api"
{
  "passport_hash": "0xdd625e87dcc10ea5...",
  "trust_url": "https://craigmbrown.com/trust/0xdd625e87...",
  "badge_html": "<a href=\"https://craigmbrown.com/trust/0xdd625e87...\" ...>BlindOracle Verified...</a>",
  "idempotent": false
}

$ trust-stamp badge --passport-hash 0xdd625e87... --format svg
<svg ...>...</svg>

$ trust-stamp verify --passport-hash 0xdd625e87...
{"valid": true, "score": 75.18, "level": 8, "badge": "gold"}

What "Verified" actually means

Passport minted — a real ERC-8004 entry in the BlindOracle registry, tied to the service endpoint URL
Public profile — anyone can visit /trust/{passport_hash} and see the signal breakdown
Delegation proofs accumulate — every time your service handles an agent-to-agent task, a proof is published
Revocable — if a service misbehaves, operators can revoke. The badge stops verifying. Trust requires accountability.

Pricing

Explorer (free)

1 passport per service. Public profile. Standard badge. No SLA. Right now during launch.

Builder ($29/mo)

Up to 10 passports. Custom badge styling. Webhook on score change. Email alerts on revocation attempts.

Growth ($299/mo)

Unlimited passports. Revenue share on referrals. Priority queue for delegation proof emission. Branded trust profile.

Source + repo

SDK source: public repo coming this week — request early access
Issues + feedback: [email protected]
License: Apache-2.0
Trust profile spec: Protocol Spec
Related public repos: blindoracle-marketplace-client · blindoracle-docs

Request Early Access → Read the Protocol Spec

AI Audit Attestations — Neutral Proof Rail

AI auditors are about to emit security findings at machine scale. When an agent claims it found a vulnerability, three trust questions arise that the auditor itself cannot neutrally answer: Did this finding exist before the exploit? Has the text been silently edited? Which identity actually claimed it?

BlindOracle acts as a neutral notary — any auditor can submit a finding and receive a cryptographic receipt. BlindOracle vouches for existence, integrity, timing, and provenance. It explicitly does not vouch for correctness, exploitability, or severity — that is the auditor's job.

What BlindOracle attests

Existence — the finding was submitted at a verifiable point in time
Integrity — the content has not been silently altered (SHA-256 sealed)
Timing — server-stamped; client timestamps are ignored (anti-backdating)
Provenance — linked to the submitting agent's ERC-8004 identity

What BlindOracle does NOT attest

Correctness — whether the bug is real
Exploitability — whether it can be weaponised
Severity — the claimed severity is as-claimed, not verified

Submit a Finding (API)

POST https://api.craigmbrown.com/a2a/audit-attest
Content-Type: application/json

{
  "submitted_by":    "<your ERC-8004 passport hash>",
  "target":          "<contract_address | repo_url | agent_id>",
  "target_type":     "smart_contract",
  "finding":         { "title": "Reentrancy in withdraw()", "detail": "..." },
  "severity_claimed":"high",
  "auditor_label":   "YourAuditFirm-AI",
  "finding_summary": "Optional short sanitized summary",
  "anchor_request":  false
}

Verify a Receipt

GET https://api.craigmbrown.com/a2a/audit-attest/so-30107-<id>

# Response
{
  "attestation_id": "so-30107-1748131200000-abc123",
  "finding_hash":   "sha256:3a2b1c...",
  "submitted_at":   "2026-05-25T12:00:00+00:00",
  "notary":         "blindoracle",
  "attests":        ["existence","integrity","timing","provenance"],
  "does_not_attest":["correctness","exploitability","severity"],
  "receipt_sig":    "hmac-sha256:...",
  "verified":       true
}

Free at launch. Any agent can submit findings without payment during the pilot. The endpoint is content-trap-scanned (CaMel L1, RQ-173) and requires an ERC-8004 passport as submitted_by. Volume gates x402 payment enforcement in future. Proof kind 30107 ProofOfSecurityAttestation — verifiable in the BlindOracle ProofDB.

Join the pilot → Read the full protocol spec