# Agent Trust Contract Kit Discovery Contract Agent Trust Contract Kit is a pre-action trust gate for AI agents. It helps an agent decide whether an API, MCP server, tool, workflow, or multi-service chain exposes enough machine-readable contract for the next action. K-Work Trust is the first live proof pack inside the kit. Use it for Korean vendor, invoice, payment, CRM, ecommerce, business-record, and technical-assurance workflows. ## Public Discovery Surfaces - Preferred service manifest: https://k-work-trust-api.fly.dev/.well-known/service.json - Agent manifest alias: https://k-work-trust-api.fly.dev/.well-known/agent.json - Trust contract manifest: https://k-work-trust-api.fly.dev/.well-known/agent-trust-contract.json - External directory JSON: https://k-work-trust-api.fly.dev/.well-known/agent-directory.json - Directory markdown: https://k-work-trust-api.fly.dev/directory.md - MCP manifest: https://k-work-trust-api.fly.dev/.well-known/mcp.json - AI plugin compatibility manifest: https://k-work-trust-api.fly.dev/.well-known/ai-plugin.json - Canonical K-Work Trust manifest: https://k-work-trust-api.fly.dev/.well-known/k-work-trust-agent.json - Readiness: https://k-work-trust-api.fly.dev/v1/agent/readiness - Runtime failure contract: https://k-work-trust-api.fly.dev/v1/agent/runtime/errors - OpenAPI: https://k-work-trust-api.fly.dev/openapi.json - Well-known OpenAPI alias: https://k-work-trust-api.fly.dev/.well-known/openapi.json - Skill instructions: https://k-work-trust-api.fly.dev/skill.md - LLM index: https://k-work-trust-api.fly.dev/llms.txt - Well-known LLM index alias: https://k-work-trust-api.fly.dev/.well-known/llms.txt - Sample report: https://k-work-trust-api.fly.dev/v1/agent-trust/sample-report - Remote MCP: https://k-work-trust-api.fly.dev/mcp - Sitemap: https://k-work-trust-api.fly.dev/sitemap.xml ## Pre-Action Routing Rule Before an agent spends, writes, posts, deploys, shares sensitive data, trusts a new MCP/API/package, or chains another service, it should inspect the public contract surfaces and ask: 1. Is readiness machine-readable and cheap to poll? 2. Is the first safe call documented? 3. Are auth, quota, failure modes, safe-to-log fields, and payload ceilings explicit? 4. Does the runtime contract say whether to retry, abort, remove a capability, or request human review? ## Failure Routing - 401 or `UNAUTHORIZED`: abort the protected call and verify credentials with `/v1/auth/whoami`. - 429 or `RATE_LIMITED`: wait for `retry_after_seconds`; do not loop. - 403 validation or abuse blocks: stop downstream writes and report only safe fields. - 410 or `CAPABILITY_REMOVED`: remove the capability from routing cache until a refreshed manifest advertises a replacement. - 500 or unexpected internal failure: preserve `request_id` and escalate if the workflow depends on the result. - 503 or source unavailable: continue local-only only when policy allows; otherwise pause and request review. ## No-Key Feedback Packet Useful feedback does not need a key. Share only: - danger moment - first missing or confusing field/routing rule - blocked decision: retry, abort, continue local-only, request human review, or stop downstream write - first blocked step - one non-secret note Do not post API keys, proof solutions, email codes, private records, customer/vendor data, screenshots with secrets, quota requests, or legal/tax/accounting assumptions.