Skip to content

Proposal: Agent Trust Cards (ATC) — SSL certificates for AI agents #12996

Description

Proposal: Agent Trust Cards (ATC) — SSL certificates for AI agents

Context

Continue is a popular AI coding assistant that supports MCP servers. As users install more MCP servers, being able to verify which servers are security-audited becomes important for safe adoption.

Agents increasingly call external tools and other agents. But there's no standard way to verify:

  • Is the agent/tool I'm calling who it claims to be?
  • Has it been security-audited?
  • Has its key been revoked?

This is the same problem the web had before SSL.

What I built

ATC (Agent Trust Card) — a lightweight trust layer for agents, inspired by SSL certificates:

  • Ed25519 signed by a Certificate Authority (MarketNow Sentinel CA)
  • Verifiable by anyone with the CA public key (public on GitHub)
  • Revocable — compromised agents are flagged in real-time
  • Sentinel-scored — each ATC includes a 0-10 security audit score from an 8-layer pipeline (L1.5 metadata → L1.8 YARA-equivalent malware family detection)

API

Issue:   POST https://marketnow.site/api/atc {"action":"issue", agent_id, public_key}
Verify:  GET  https://marketnow.site/api/atc?action=verify&card_id=X
Revoke:  POST https://marketnow.site/api/atc {"action":"revoke", card_id}
CA key:  GET  https://marketnow.site/api/atc?action=ca-key
List:    GET  https://marketnow.site/api/atc

Links

Not asking for adoption — just sharing in case the trust-layer pattern is useful. Feedback welcome.

— Edison Flores, AliceLabs LLC

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions