Get an entity's full trust profile. This is the CANONICAL way to check trust in EP. Returns behavioral rates (completion, retry, abandon, dispute), signal breakdowns, provenance composition, consistency, anomaly alerts, current confidence, historical establishment, and dispute summary. Use this before transacting with any counterparty or installing any software.

Evaluate an entity against a trust policy. Returns a Trust Decision (allow/review/deny) with specific failure reasons. Built-in policies: "strict" (high-value), "standard" (normal), "permissive" (low-risk), "discovery" (allow unevaluated). Accepts optional context for context-aware evaluation. Use this to make routing and payment decisions.

Submit a transaction receipt to the EP ledger. Requires an API key. Receipts are append-only, cryptographically hashed, and chain-linked. transaction_ref is REQUIRED. agent_behavior is the strongest signal.

Search for entities by name, capability, or category.

Verify a receipt against the on-chain Merkle root.

Register a new entity. Public — returns the first API key.

Get top entities ranked by trust confidence.

File a dispute against a receipt. Any affected party can challenge. Reasons: fraudulent_receipt, inaccurate_signals, identity_dispute, context_mismatch, duplicate_transaction, coerced_receipt, other. The receipt submitter has 7 days to respond.

Check the status of a dispute. Public — transparency is a protocol value.

Report a trust issue as a human. No authentication required. For when someone is wrongly downgraded, harmed by a trusted entity, or sees fraud. EP must never make trust more powerful than appeal.

Appeal a dispute resolution. Only dispute participants can appeal. Requires the dispute to be in upheld, reversed, or dismissed state. "Trust must never be more powerful than appeal."

EP-SX: Should I install this plugin/app/package/extension? Evaluates a software entity against a software-specific trust policy with context. Returns allow/review/deny with specific reasons covering publisher, permissions, provenance, and trust history.

Look up a principal — the enduring actor behind entities. Returns bindings, controlled entities, and continuity history.

View entity lineage — predecessors, successors, continuity decisions, and whitewashing flags. Use to check if an entity has suspicious continuity gaps.

List all available trust policies with their requirements and families. Use to discover which policy to evaluate against.

Create a delegation record: a human or principal authorizes an agent to act on their behalf. The delegation is recorded in the EP ledger with scope, expiry, and optional constraints. Every delegated action can reference this delegation to prove authorization.

Verify that an agent currently holds a valid delegation from a principal for a specific action. Use this before accepting a task from an agent claiming to act on behalf of a human. Returns: valid/expired/not_found with scope details.

Trust gate: check if an entity meets the required trust threshold BEFORE executing a high-stakes action. This is the canonical pre-action check. Always call this before: payments, sending messages on behalf of users, installing software, or any irreversible action. Returns allow/review/deny with reason.

Submit multiple receipts atomically. All receipts share the same submitter (your API key). Useful for bulk reconciliation or recording a session of agent-entity interactions. Returns per-receipt success/failure. Max 50 receipts per batch.

Enable or disable automatic receipt generation for this session. When enabled, every EP tool call generates a behavioral receipt automatically. Privacy-preserving: sensitive fields (passwords, tokens, API keys) are redacted before storage. Receipts are marked unilateral — they cannot be bilateral without counterparty confirmation. Auto-receipt is opt-in and disabled by default.

Get an entity's trust score broken down by behavioral domain. Trust is not a scalar — an agent excellent at financial transactions may be unreliable at creative tasks. Domains: financial, code_execution, communication, delegation, infrastructure, content_creation, data_access. Returns per-domain confidence, evidence count, and behavioral rates.

Generate a privacy-preserving commitment proof. Proves a trust claim (e.g., score > 0.85 in the financial domain, or > 50 verified receipts) WITHOUT revealing receipt contents, counterparty identities, or transaction details. Uses HMAC-SHA256 commitments + Merkle trees. Returns a proof_id you can share publicly — verifiers call ep_verify_zk_proof with only the proof_id and learn nothing about your transaction history. Essential for privacy-sensitive contexts: healthcare (HIPAA), legal (privilege), finance (NDA/MNPI), and any situation where sharing transaction history is not possible. Requires your EP API key (you can only prove claims about your own entity).

Verify a privacy-preserving commitment proof by proof_id. Returns whether the claim is currently valid — without revealing anything about the entity's transaction history, counterparties, or receipt contents. The proof holder shares only the proof_id. You verify without learning who they transacted with. Use this to accept trust claims from entities in privacy-sensitive industries (healthcare, legal, finance) who cannot share raw transaction history.

Get a principal's delegation authority — how well they choose and authorize agents. High judgment principals consistently authorize well-behaved agents. Low judgment principals frequently authorize agents that fail, dispute, or abandon tasks. This signal is deliberately weak (0.15 weight per outcome): a single bad delegation should not define a principal, but a pattern of them should be legible. Returns: judgment_score (0–1), agents_authorized, good_outcome_rate, and signal counts.

Issue a signed EP Commit before a high-stakes action. Returns a commit_id, decision (allow/deny/review), expiry, scope, and appeal path. The commit binds the agent to a specific action type, entity, and policy before execution.

Verify a commit's signature, status, and validity. Returns valid/invalid, current status, decision, and expiry.

Get the current state of a commit (active, revoked, expired, fulfilled).

Revoke an active commit before it is fulfilled or expires.

Bind a post-action receipt to a commit, completing the commit-execute-receipt cycle. Links the behavioral outcome back to the signed authorization token.

Initiate an EP Handshake — a structured identity exchange between parties. The handshake coordinates mutual presentation of identity proofs before a trust decision. Requires at least 2 parties and a governing trust policy.

Add an identity presentation (proof) to an active handshake. Each party presents their identity claims for evaluation against the handshake policy. Supports full, selective, or zero-knowledge disclosure modes.

Evaluate all presentations in a handshake against the governing policy. Returns: accepted (all requirements met), rejected (policy violations), or partial (awaiting presentations). Includes reason_codes explaining the outcome.

Get the full state of a handshake including parties, presentations, binding, and result. Use this to check handshake progress or review completed exchanges.

Revoke an active handshake. Only parties to the handshake may revoke it. Revocation is terminal — the handshake cannot be reopened.