🌙 Toggle Dark Mode Home MoltGuard MT Global MolTrust Sports MT Shopping MT Travel MT Skills MT Prediction MT Salesguard MT Music Integrity Dashboard VCOne Blog Developers Enterprise About Whitepapers Verify Us Status Contact API Docs

HomeDevelopers

// DEVELOPER QUICKSTART

Register your agent.
In 30 seconds.

No account. No API key. One curl call.

// Register your agent — no signup required
$ curl -X POST https://api.moltrust.ch/agents/register \
  -H "Content-Type: application/json" \
  -d '{"name":"my-agent","description":"test"}'
// Response:
{ "did": "did:moltrust:abc123", "trust_score": 50, "grade": "C" }

Then add npm middleware to verify agents in your API. W3C standard. Any framework.

$ npm install @moltrust/sdk
Full API Docs → 🇨🇳 中文文档 View on GitHub
// GET STARTED IN 3 STEPS
1

Install

bash
npm install @moltrust/sdk
2

Add middleware

typescript
import { AgentTrust } from '@moltrust/sdk'; // Express app.use(AgentTrust.verify({ minScore: 60 })); // Hono app.use('*', AgentTrust.honoVerify({ minScore: 60 }));
3

Read the result

typescript
app.get('/api/resource', (req, res) => { const { did, trustScore, grade, aae } = req.agentVerification; // Agent verified — proceed with trust context });
// SHOW YOUR TRUST SCORE

Add a live badge to your README

One line in your README. The badge fetches your live trust score automatically.

// markdown
[![MolTrust Verified](https://api.moltrust.ch/badge/YOUR_DID)](https://moltrust.ch)
Live preview: MolTrust Verified
// PAYMENT MIDDLEWARE

Trust-gated payments — one line

Protocol-agnostic trust scoring for x402 and MPP payment endpoints. Agents with insufficient trust scores are blocked before payment.

// x402
import { requireScore } from '@moltrust/x402';
requireScore({ minScore: 60 })
// MPP
import { requireScore } from '@moltrust/mpp';
requireScore({ minScore: 60 })
// WORKS WITH YOUR STACK

Framework adapters

typescript
import express from 'express'; import { AgentTrust } from '@moltrust/sdk'; const app = express(); // Verify all agents — minimum trust score 60 app.use(AgentTrust.verify({ minScore: 60 })); app.post('/api/purchase', (req, res) => { const { did, trustScore, aae } = req.agentVerification; // AAE already evaluated — safe to proceed res.json({ authorized: true, agentDid: did }); });
typescript
import { Hono } from 'hono'; import { AgentTrust } from '@moltrust/sdk'; const app = new Hono(); app.use('*', AgentTrust.honoVerify({ minScore: 60 })); app.post('/api/purchase', (c) => { const verification = c.get('agentVerification'); return c.json({ authorized: true, did: verification.did }); });
typescript
import Fastify from 'fastify'; import { AgentTrust } from '@moltrust/sdk'; const app = Fastify(); app.addHook('preHandler', AgentTrust.verify({ minScore: 60 }));
// WHAT YOUR AGENTS CARRY

Agent Authorization Envelope

Every MolTrust credential embeds an Agent Authorization Envelope — a machine-readable permission contract your API can inspect before every transaction.

📜 MANDATE

  • Purpose & allowed actions
  • Denied actions
  • Target resources
  • Delegation rules

🔒 CONSTRAINTS

  • Time bounds & TTL
  • Financial thresholds
    Autonomous: < $100 · Step-up: $100–$1,000 · Human approval: > $10,000
  • Jurisdictions
  • Counterparty min score

✅ VALIDITY

  • Issuer DID
  • Holder binding
  • Expiry timestamp
  • Revocation endpoint
  • Base L2 anchor

Read the full specification in Protocol Whitepaper v0.8 →

did:moltrust Method Specification →

W3C DID Core v1.0 conformant. Create, Resolve, Update, Deactivate. Submitted to W3C DID Spec Registries.

// TRY IT LIVE

Query any agent's trust score

GET /skill/trust-score/...
// CONFIGURATION

VerifyOptions

OptionTypeDefaultDescription
minScorenumber0Minimum trust score required to pass verification. Agents below this threshold receive a 403.
requireAAEbooleanfalseRequire a valid Agent Authorization Envelope in the credential. Rejects agents without one.
evaluateActionstringCheck whether the AAE mandate permits this specific action (e.g. "purchase", "transfer").
evaluateAmountnumberEvaluate AAE financial constraints against this transaction amount (USD).
evaluateJurisdictionstringVerify the AAE permits operations in this ISO 3166-1 jurisdiction code.
apiBasestringapi.moltrust.chOverride the MolTrust API base URL. Useful for staging or self-hosted deployments.
// WHAT YOU GET

AgentVerification interface

typescript
interface AgentVerification { did: string; // e.g. "did:moltrust:d34ed796a4dc4698" trustScore: number; // 0–100 grade: 'S'|'A'|'B'|'C'|'D'|'F'; aae: AAE | null; // parsed Agent Authorization Envelope credential: VerifiableCredential; // full W3C VC issuer: string; // issuer DID issuedAt: Date; expiresAt: Date; onChainAnchor: string | null; // Base L2 tx hash }
// SEQUENTIAL SAFETY (SAS)

Sequential Action Safety — Layer 2.5

Pre-execution safety check for order-sensitive action sequences. Opt-in, deterministic, no LLM calls. Phase 1: WARN-only.

POST /guard/api/action/check

Check a proposed action against the session history. Returns verdict (SAFE/WARN/BLOCK), residual score, and conflicting action.

GET /guard/api/action/stats

Aggregated SAS statistics: total events, breakdown by verdict, average residual.

GET /guard/api/action/events/{did}

SAS events for a specific DID. Shows all WARN/BLOCK events with residual scores and conflicting actions.

// OUTPUT PROVENANCE (IPR)

Interaction Proof Records — Layer 4

Every agent action can produce a cryptographic proof record. IPRs are Merkle-batched and anchored on Base L2.

POST /vc/ipr/submit

Submit an IPR. Provide output_hash (SHA-256), agent_did, and confidence score. Returns ipr_id.

GET /vc/ipr/{ipr_id}

Retrieve an IPR by ID. Returns output_hash, anchor status, Merkle proof, and Base L2 transaction hash.

POST /vc/ipr/verify

Verify an IPR: checks signature, on-chain anchor, and Merkle proof. Returns validity + anchor TX link.

GET /vc/ipr/agent/{did}

List all IPRs for an agent. Paginated. Returns proof records with anchor status and Merkle proofs.

GET /vc/ipr/stats

Network-wide IPR statistics: total records, anchored count, unique agents, average confidence score.

GET /vc/ipr/{ipr_id}/status

Anchor status of a specific IPR: pending, anchored, or failed. Includes retry count and block number.

// x402 TRUST MIDDLEWARE

x402 Trust Middleware

Add trust verification to any x402 endpoint in one line. Block untrusted agents before they transact.

npm install @moltrust/x402
// Block agents below score 60
const { requireScore } = require('@moltrust/x402');
app.use(requireScore({ minScore: 60 }));

// req.moltrust available downstream
app.post('/api/data', requireScore({ minScore: 50 }), (req, res) => {
  const { wallet, score } = req.moltrust;
  res.json({ message: 'Welcome, score ' + score });
});
1. Extract

Wallet from x402 X-Payment header

2. Score

MolTrust trust score (5-min cache, <10ms warm)

3. Gate

403 + registration link if below threshold

// MPP TRUST MIDDLEWARE

MPP Trust Middleware

Add trust verification to any MPP (Machine Payments Protocol) endpoint. Works with Stripe, Tempo, Visa. Same API as @moltrust/x402.

npm install @moltrust/mpp
// Block agents below score 60
const { requireScore } = require('@moltrust/mpp');
app.use(requireScore({ minScore: 60 }));
app.use(mppx.charge({ amount: '0.01' }));

// req.moltrust available downstream
app.post('/api/pay', requireScore({ minScore: 50 }), (req, res) => {
  const { wallet, score } = req.moltrust;
  res.json({ trusted: true, score });
});
1. Extract

Wallet from MPP Payment credential header

2. Score

MolTrust trust score (5-min cache, <10ms warm)

3. Gate

403 + registration link if below threshold

Works alongside @moltrust/x402 for x402 endpoints. Same API, different protocol.

// WALLET TRUST PROFILE

Wallet Trust Profile

Every x402 wallet gets an automatic trust profile. Shadow score, transaction history, and projected score after registration.

# Query any wallet
curl https://api.moltrust.ch/wallet/0x3802...38F5

# Public profile
https://moltrust.ch/wallet/{address}
// INFRASTRUCTURE ENFORCEMENT

Kernel-Level AAE Enforcement (Falco)

MolTrust supports a third enforcement layer via Falco eBPF — syscall-level monitoring that agents cannot bypass from userspace.

Layer 1 — Cryptographic

Ed25519 signatures, JCS canonicalization. Tamper-proof by construction.

Layer 2 — API

Trust score degradation, IPR submission, credential revocation.

Layer 3 — Kernel

Falco eBPF/syscall detection. Not bypassable by the agent process.

Falco Bridge (K8s)

When a policy violation is detected at the kernel level, Falco fires a webhook to the MolTrust bridge, which submits an IPR violation record. Trust score degrades automatically.

Reference implementation →
// RESOURCES

@moltrust/sdk

Express + Hono middleware. AgentTrust.verify(), .middleware(), .register().

npm →GitHub →

@moltrust/x402

x402 v2 payment middleware for Hono & Express. PAYMENT-SIGNATURE header.

npm →GitHub →

@moltrust/mpp

MPP trust middleware for Express. Payment credential header. Stripe/Tempo/Visa.

npm →GitHub →

@moltrust/verify

Offline credential verifier. Ed25519 + Base L2 — no API dependency.

npm →GitHub →

@moltrust/aae

AAE schema definition & runtime validator.

npm →GitHub →

moltrust-mcp-server

MCP server — 48 tools for trust verification, scoring, credentials.

PyPI →GitHub →

@moltrust/openclaw v1.0.0

OpenClaw plugin — 2 agent tools, 2 slash commands, CLI, gateway RPC. Free tier included.

openclaw plugins install @moltrust/openclaw
npm →GitHub →

Protocol WP v0.8

Full spec — trust scoring, AAE, swarm, three-layer enforcement.

Download PDF →

API Reference

All endpoints — identity, scoring, credentials, swarm, IPR, Falco.

Explore →

Start verifying agents in minutes.

Explore the API →Read the Whitepaper
Regulated Markets · China · India

Building for China or India?

MolTrust runs in fully API-only mode — no blockchain, no VPN required. All @moltrust/* packages are available on cnpm. W3C DID/VC trust for your OpenClaw agents, compliant with CAC requirements.

Regulated Markets Guide → Quick Start ↓
// 中文开发者指南

Chinese Developer Guide

MolTrust 提供 W3C DID/VC 信任基础设施,支持 OpenClaw 代理的身份验证、信任评分和可验证凭证。纯 API 模式,无需区块链,无需 VPN。

MolTrust provides W3C DID/VC trust infrastructure for AI agents. Pure API mode — no blockchain required, no VPN needed. All @moltrust/* packages available on cnpm.

// 安装 OpenClaw 插件
$ openclaw plugins install @moltrust/openclaw
API 文档 → GitHub → 合规市场指南 →
W3C DID 可验证凭证 Base L2 x402 cnpm 可用