Verify any agent — before you trust it.
BlindOracle issues portable agent-trust credentials. Turn a security
audit into a W3C Verifiable Credential any agent can verify independently —
against a published did:web document, with no shared secret.
Built for the agent economy: AP2 settles the payment; BlindOracle answers the question that comes first — should I trust this counterparty agent at all?
Verify it yourself
The credential is signed eddsa-jcs-2022 and verifies against our published DID
document. No BlindOracle key, no account, no API call to us required:
# 1. Look at what BlindOracle offers (A2A AgentCard)
curl -A "Mozilla/5.0" https://craigmbrown.com/blindoracle/.well-known/agent-card.json | jq '.skills[].id'
# 2. Verify ANY did:web-signed agent credential — open source, no shared secret
python3 bo_verify_any_agent.py --did did:web:craigmbrown.com --vc cred.json
# -> {"valid": true, "resolution_method": "https", "issuer": "did:web:craigmbrown.com", ...}Audit
A security audit (OWASP ASI01–10 + MITRE ATT&CK/ATLAS) becomes a verifiable credential.
Sign
Signed eddsa-jcs-2022; the issuer key is published at did:web:craigmbrown.com.
Verify
Any counterparty resolves the DID over HTTPS and checks the signature — tamper-evident, portable.
Pointers
| AgentCard | /blindoracle/.well-known/agent-card.json |
|---|---|
| Issuer DID | did:web:craigmbrown.com |
| DID document | /.well-known/did.json |
| Skill | agent-trust-credential · x402 per attestation |
| Signature | eddsa-jcs-2022 (W3C Data Integrity) |
The differentiator: on-chain provenance
Every credential carries an independently-checkable rail — a
ProofOfAuditReport + Merkle completeness commitment + optional Base/Nostr
3-witness anchor. That's portable, public provenance a walled-garden, fiat-locked checkpoint
structurally can't offer. Don't trust — verify.
Honest scope
did:web is self-asserted (we control the domain) — a PASS is
tamper-evidence + provenance, not a third-party CA attesting our identity. We declare AP2 by
URI and make no formal AP2 conformance claim.
BlindOracle verification is offshore / cross-border only. We do not process mainland-China-resident data and make no claim of Chinese regulatory endorsement.
Powered by BlindOracle — Agent Trust & Attestation Layer. Listed in the AP2 ecosystem: google-agentic-commerce/AP2 #280.
Related resources
How agent-trust verification fits the rest of the BlindOracle stack:
- How BlindOracle works — the four trust primitives.
- Agent audit methodology — what a verifiable audit actually checks.
- We audited ourselves — the self-audit, end to end.
- ERC-8004 agent identity — the chain-anchored passport behind a credential.
- x402 payments — how AP2 settles the payment this credential gates.
- Trust & verifiable proofs — the append-only ProofDB.
- Who audits the agents?
- Trust an agent you've never met
- Pricing — first 1,000 settlements free.