Interactive playground showing MCPS, AgentSign, AgentPass, and rag-secure working together. Register an agent, sign messages, query a verified knowledge base, and see trust-gated access in action.
Click each step in order. Watch the audit trail build.
Issue a cryptographic identity. Agent starts at L0 (untrusted).
Every tool call gets an ECDSA P-256 signature with nonce and timestamp.
Receiving server verifies the signature, nonce, timestamp, and agent identity.
Retrieve documents with cryptographic verification and injection scanning.
Attempt a write operation that requires L2 trust. Agent is L0 -- will be blocked.
After verification, the agent earns higher trust. Upgrade one level at a time.
After upgrading to L2+, the same operation succeeds.
Every action is logged with cryptographic hashes. Tamper-evident by design.
| Layer | Product | What it does | Standard |
|---|---|---|---|
| Identity | AgentSign | ECDSA P-256 agent identity certificates | Patent pending |
| Signing | MCPS | Per-message signing, nonce, replay protection | IETF Submission |
| Trust | AgentPass | Trust levels L0-L4, graduated access control | Patent pending |
| RAG Integrity | rag-secure | Document signing, verification, injection scanning | npm |
| Transport | ATTP | Signed HTTP for agent-to-agent communication | IETF Submission |
| Scanning | Cybersecify | OWASP Top 10 scan, DAST, deep source analysis | OWASP |