REQUIRED before any irreversible action: payments, wire transfers, fund releases, deletions, record or account changes, or sending messages with real-world effect. Submits the exact action for policy evaluation and human authorization. Returns APPROVED with a receipt the action may proceed under, or BLOCKED with a receipt_id + signoff_id while a named human reviews. Do NOT execute the action without an APPROVED result — if BLOCKED, poll ep_check_signoff with the receipt_id.

Poll a pending authorization after ep_guard_action returns BLOCKED. Pass the receipt_id. Returns PENDING, APPROVED (the action may now proceed), or DENIED (with reason). Safe to call repeatedly until a decision is reached.

Verify a trust receipt — its signature and Merkle inclusion against the anchored root. Read-only. Returns valid/invalid plus the verified claim (action, approver, outcome) and anchor status; use it to independently confirm a receipt was issued by EP and has not been tampered with.

BEFORE installing or enabling third-party software an agent depends on — an npm package, GitHub app, browser extension, or MCP server — check it here. Evaluates the software against a fit-for-purpose trust policy and returns allow / review / deny with reasons covering publisher, requested permissions, provenance, and trust history.

List all available trust policies with their requirements and families. Use to discover which policy to evaluate against.

Create a delegation record. WRITE: persists to the EP ledger that a human or principal authorizes an agent to act on their behalf, with scope, expiry, and optional constraints. Requires auth. Returns a delegation_id that later actions reference (via ep_verify_delegation) to prove authorization. Use when a principal grants an agent standing authority for a bounded set of actions.

Verify that an agent currently holds a valid delegation from a principal for a specific action. Use this before accepting a task from an agent claiming to act on behalf of a human. Returns: valid/expired/not_found with scope details.

Issue a signed EP Commit before a high-stakes action. Returns a commit_id, decision (allow/deny/review), expiry, scope, and appeal path. The commit binds the agent to a specific action type, entity, and policy before execution.

Verify a pre-action commit — read-only, no side effects. Checks its signature, status, and validity and returns valid/invalid plus the current status, decision, and expiry. Use before relying on or consuming a commit to confirm it is genuine and still active.

Get the current state of a pre-action commit by id. Read-only. Returns one of active, revoked, expired, or fulfilled, plus the bound action hash and expiry — poll this to learn whether a commit may still be consumed.

Revoke an active pre-action commit before it is fulfilled or expires. SIDE EFFECT: terminally cancels the commit — it can never be consumed after this, and the change is irreversible. Requires auth. Returns the revoked status; use when a pending action should be called off.

Bind a post-action receipt to a commit, completing the commit-execute-receipt cycle. Links the behavioral outcome back to the signed authorization token.

Initiate an EP Handshake — a structured identity exchange between parties. The handshake coordinates mutual presentation of identity proofs before a trust decision. Requires at least 2 parties and a governing trust policy.

Add an identity presentation (proof) to an active handshake. WRITE: appends the party's identity claims to the handshake for evaluation against its policy; supports full, selective, or zero-knowledge disclosure. Requires auth. Returns the updated presentation count and handshake state. Call after ep_initiate_handshake and before ep_verify_handshake.

Evaluate all presentations in a handshake against its governing policy — read-only, no mutation. Returns accepted (all requirements met), rejected (policy violations), or partial (awaiting presentations), each with reason_codes explaining the outcome. Call after the parties have added their presentations to decide whether the handshake clears.

Get the full state of a handshake including parties, presentations, binding, and result. Use this to check handshake progress or review completed exchanges.

Revoke an active handshake. Only parties to the handshake may revoke it. Revocation is terminal — the handshake cannot be reopened.