{ "request_id": "1778988018531-bc6abd7cfd6cb", "schema_version": "atck.public_proof_bundle.v1", "status": "public_proof_ready", "service": "agent-trust-contract-kit", "public_name": "VerifyFlow", "product_family": "Agent Trust Contract Kit", "generated_at": "2026-05-17T03:20:18.573Z", "base_url": "https://k-work-trust-api.fly.dev", "no_key_required": true, "purpose": "Give agents and directory reviewers enough public, machine-readable evidence to evaluate ATCK without opening the private operating repository.", "private_core_boundary": { "repo_visibility": "private_operating_repo", "public_repo_required_for_first_trust_check": false, "public_material": [ "service and agent manifests", "readiness and runtime failure contracts", "OpenAPI and LLM-readable indexes", "sample trust report", "synthetic hash-linked action receipt" ], "private_material": [ "operator logs", "local automation state", "secret-bearing configuration", "production usage records", "unreleased implementation details" ], "reason": "External trust should start from stable public contracts and synthetic proof packets. Source publication can happen later through a sanitized demo repo." }, "public_entry_points": { "landing_page": "https://k-work-trust-api.fly.dev/agent-demo", "public_proof_bundle": "https://k-work-trust-api.fly.dev/v1/agent-trust/public-proof", "sample_report": "https://k-work-trust-api.fly.dev/v1/agent-trust/sample-report", "readiness": "https://k-work-trust-api.fly.dev/v1/agent/readiness", "runtime_errors": "https://k-work-trust-api.fly.dev/v1/agent/runtime/errors", "service_manifest": "https://k-work-trust-api.fly.dev/.well-known/service.json", "agent_manifest": "https://k-work-trust-api.fly.dev/.well-known/agent.json", "trust_contract_manifest": "https://k-work-trust-api.fly.dev/.well-known/agent-trust-contract.json", "directory_listing": "https://k-work-trust-api.fly.dev/.well-known/agent-directory.json", "mcp_manifest": "https://k-work-trust-api.fly.dev/.well-known/mcp.json", "openapi": "https://k-work-trust-api.fly.dev/openapi.json", "llms_txt": "https://k-work-trust-api.fly.dev/llms.txt", "trust_contract_markdown": "https://k-work-trust-api.fly.dev/agent-trust-contract.md" }, "proof_pack": { "first_domain_pack": "K-Work Trust", "manifest_summary": { "product_family": "Agent Trust Contract Kit", "trust_contract_checker": "https://k-work-trust-api.fly.dev/v1/agent-trust/check", "public_endpoint_count": 14 }, "readiness_summary": { "status": "ready_for_agent_testing", "protected_api_configured": true, "self_serve_signup_enabled": true, "official_source_flags": { "nts_business_status_configured": true, "juso_address_search_configured": true, "ftc_ecommerce_registration_configured": true, "dart_disclosure_search_configured": true, "opensanctions_screening_configured": true, "companies_house_company_configured": true, "provisional_keys_can_use_official_sources": false } }, "runtime_failure_contract": { "http_status_routing": { "401": "abort_and_verify_key", "403": "abort_or_correct_policy_violation", "410": "remove_capability_until_manifest_refresh", "422": "correct_input_before_retry", "429": "backoff_or_stop_until_quota_reset", "500": "escalate_with_request_id", "503": "retry_with_backoff_then_escalate" }, "max_payload_size": { "request_body_bytes": 1000000, "response_body_bytes": 1000000, "tool_result_bytes": 1000000, "agent_trust_fetch_bytes": 200000, "unit": "bytes" }, "per_capability_payload_size": { "default": { "request_body_bytes": 1000000, "response_body_bytes": 1000000, "tool_result_bytes": 1000000, "agent_trust_fetch_bytes": 200000, "unit": "bytes" }, "negotiation_policy": "For each planned call, use the most restrictive applicable ceiling from max_payload_size, per_capability_payload_size.overrides, caller limits, and counterparty limits. If no override matches, use max_payload_size.", "override_match_fields": [ "capability", "endpoint", "method" ], "overrides": [ { "capability": "agent_trust_check", "endpoint": "/v1/agent-trust/check", "method": "POST", "max_payload_size": { "request_body_bytes": 1000000, "response_body_bytes": 1000000, "tool_result_bytes": 1000000, "agent_trust_fetch_bytes": 200000, "unit": "bytes" }, "notes": "Use agent_trust_fetch_bytes for remote public-contract fetches initiated by the checker." }, { "capability": "mcp_tools_list", "endpoint": "/mcp", "method": "tools/list", "max_payload_size": { "request_body_bytes": 100000, "response_body_bytes": 1000000, "tool_result_bytes": 1000000, "unit": "bytes" }, "notes": "Public tool discovery should stay small enough for routing caches; fetch OpenAPI for full schema detail." } ] } }, "sample_report_summary": { "result": "usable_with_limits", "safe_to_call": "discovery_and_documented_first_call_only_until_auth_and_quota_are_confirmed", "agent_contract_score": 100, "first_missing": null, "first_risk": null, "recommended_next_action": "Use the first safe call, then require a low-quota key before any mutation, paid, or sensitive-data workflow." }, "action_receipt": { "build_status": "ready", "decision": "issue_receipt", "verification_status": "verified", "receipt": { "schema_version": "atck.action_receipt.v0", "action_id": "public-proof-no-key-contract", "actor_id": "agent-trust-contract-kit", "action_type": "public_contract_publication", "decision": "publish_public_proof_bundle", "policy_version": "atck-public-proof-v1", "created_at": "2026-05-16T00:00:00.000Z", "input_commitment": "sha256:3dae7fe4f57d7a784fafd5bb56df9104794bc07127227759a0b3febfbe3b78d0", "evidence_hash": "sha256:e26bb7eb5bc14382432e6f3568e5d62dff6a4a20eee53e736adeb12f9ca2eaae", "policy_hash": "sha256:d5141432b840f0ef31c0edeae37d9c959c832a18d8159cccb950608d82c4b216", "output_commitment": "sha256:6147c250ee98989ee13b132f91606d3a16bb0311a70bb0a68366da1d128444ce", "previous_receipt_hash": null, "redaction_count": 0, "receipt_hash": "sha256:69cc4f358eb5344759f993b6755b93304942d1569ac7eeea7a1155a502916922" }, "source_redactions_count": 0, "safe_use_boundary": "Synthetic/offline hash-linked action receipts only. This does not sign legal records, approve execution, or expose source payloads." } }, "agent_evaluation_path": [ "GET https://k-work-trust-api.fly.dev/v1/agent-trust/public-proof", "GET https://k-work-trust-api.fly.dev/v1/agent-trust/sample-report", "GET https://k-work-trust-api.fly.dev/v1/agent/readiness", "GET https://k-work-trust-api.fly.dev/v1/agent/runtime/errors", "GET https://k-work-trust-api.fly.dev/.well-known/service.json", "GET https://k-work-trust-api.fly.dev/openapi.json", "Reply with one missing or confusing public contract field before signup.", "Use self-serve access only after the no-key contract is useful." ], "safe_share_packet": { "safe_to_share": [ "public endpoint URLs", "HTTP status", "request_id", "agent_contract_score", "first missing or confusing field", "first risk", "receipt_hash", "non-secret note" ], "do_not_share": [ "credentials", "proof solutions", "verification codes", "private customer or vendor records", "production screenshots with sensitive material", "operator-only logs" ], "tester_prompt": "Before requesting access, tell us one missing or confusing public field your agent would need at a danger moment." }, "limitation": "This bundle is a public contract and synthetic proof surface, not a source-code audit, legal guarantee, or security certification." }