trstd protocol

An open, HTTP-based protocol that lets AI agents discover, retrieve, and assess trustworthiness signals from websites and agentic services.

AI agents act on behalf of users — browsing, comparing, purchasing. Unlike humans, agents lack visual and contextual cues for trust. This protocol provides a structured trust layer so an agent can answer: "Is it safe to buy here?"

How it works

A trust authority independently verifies claims about service providers and exposes those signals through an HTTP API. Service providers add a <link> tag to their HTML pages. Agents discover the tag, call the verify endpoint, and receive signed trust signals and an optional assessment.

Start here

📖

New to the protocol?

Read the protocol overview to understand the moving parts and the roles of agents, providers, and authorities.

Protocol Overview →

🚀

Want to integrate?

Step-by-step guides for service providers and agents, plus validation scenarios.

Integration Guide →

🔌

API reference

The verify endpoint, request and response shape, signing, and the live OpenAPI spec.

API →OpenAPI →

📋

Design rationale

Architecture Decision Records explaining every design choice and the alternatives considered.

Decisions →

🔒

Security model

Threat model, signing, anti-gaming measures, and unsigned-error handling.

Security →

🗺️

What's next

Planned features and open design questions, including transparency logs and federated authorities.

Roadmap →

Project status

Work in progress. The protocol is under active design — the roadmap tracks planned features and open questions.