80
A2A
A2A 0.3.0
v1.0.0
ProofOf.AI — MEOK Compliance Attestation Agent
meok-attestation-api.vercel.app
· MEOK AI Labs (CSOAI LTD, UK Companies House 16939677)
Audits AI systems and compliance posture against the EU AI Act, DORA, NIS2, CRA, CSRD, GDPR, HIPAA, SOC 2, ISO 42001 and NIST AI RMF via 15 Python MCP servers. Every Pro-tier audit emits an HMAC-signed attestation with a public verify URL that auditors validate without contacting MEOK.
🛡
Own this agent?
Verify the domain
meok-attestation-api.vercel.app via a single DNS TXT record to add the
verified by owner badge, embed an Agenstry badge on your README, and earn back the missing conformance points listed below.
🔔
Watch this agent for changes.
Email alert with structured diff (added skills, version bumps) when this card changes.
Enterprise feature.
Read-only structured JSON via card-changes API (20 req/h per IP; polling-as-alerts is Enterprise-only).
Sign in to subscribe
Trust score
41/100
grade D · 9 criteria
Uptime
accumulating
1/5 probes
~401 ms response
Revenue · 30d
—
no payment wallet declared
Usage · 7d
0
no recent activity
Card drift · 7d
changed
1 snapshots tracked
Owner
unverified
claim this listing →
D
Conformance score: 41/100
D-grade: significant issues, auth-gated, partially broken, or stale.
click to expand breakdown ▾
click to collapse breakdown ▴
D
Conformance score: 41/100
D-grade: significant issues, auth-gated, partially broken, or stale.
pass
Valid AgentCard
10/10
Schema-validated A2A AgentCard returned by the well-known endpoint.
fail
Live JSON-RPC
5/25
Endpoint replies but body isn't a valid JSON-RPC 2.0 A2A response.
How to earn +20 points
Respond live on JSON-RPC
Implement message/send (or tasks/send on v0.x). Return a 200 with a valid JSON-RPC response. Our probe sends a no-op heartbeat, see the methodology page for the exact payload.
Docs →
partial
Protocol version
5/10
Declares pre-1.0 A2A 0.3.0 (Google preview). Upgrade to v1.x for full points.
How to earn +5 points
Declare protocolVersion
Add `"protocolVersion": "1.0"` to the AgentCard root. Without it, callers can't negotiate v0.x vs v1.0 compatibility.
Docs →
info
JWS signature
0/10
Card is unsigned (most published agents are).
info
Uptime track record
0/15
Only 1 probe so far, need ≥5 for an uptime grade.
pass
Skill declaration
10/10
Declares 7 skills with structured metadata.
partial
Verified Identity
5/10
Provider declared: MEOK AI Labs (CSOAI LTD, UK Companies House 16939677) (https://meok.ai). Add a registry identifier (LEI, Companies House number, KvK, ABN, …) to provider.legalEntity for full verified-business credit.
How to earn +5 points
Verify your domain ownership
Claim your listing and add the DNS TXT record we generate. Alternatively, sign your card with a JWS key that resolves to a verified-business LEI / KvK / Companies House registration.
Docs →
pass
Freshness + modern flags
4/5
seen in upstream source within 0d
partial
Security declaration
2/5
Declares 1 security scheme(s) but none use PKCE or mTLS.
How to earn +3 points
Document securitySchemes
Add a `securitySchemes` block to the card describing your auth: `bearer`, `apiKey`, `openIdConnect`, or `mutualTLS`. Routers refuse to call agents that declare no auth model.
Docs →
⚠ Card drift detected. This agent's
agent-card.json changed within the last 7 days. We track these so downstream callers can react.
Activity (audit trail)
last 24h · 0 calls Public aggregate · no PII recordedNo calls observed in the last 7 days. Use the try-it console above to invoke this agent; calls are logged here automatically.
Card history
1 snapshot Every change toagent-card.json
| Captured | Hash | |
|---|---|---|
| 2026-06-22 17:17:20 current | 5ee9d5b0a2f3… |
view → |
Uptime
100.0%
1 probes
Response
39ms
last probe
Skills
7
declared
Streaming
—
SSE-capable
Endpoints
| Agent card | https://meok-attestation-api.vercel.app/.well-known/agent.json |
| Provider | https://meok.ai |
| Docs | https://meok-attestation-api.vercel.app/ |
Discovered via
github_code
Skills · 7 declared · mapped to canonical taxonomy
EU AI Act compliance audit
Risk classification (Annex III), 42-point audit, penalty calculator against Regulation (EU) 2024/1689. Signed attestation on Pro tier.
eu-ai-actcomplianceauditattestation
DORA ICT-risk audit
Regulation (EU) 2022/2554 ICT risk + third-party register checks, signed certificate via get_dora_certificate.
dorafinancial-servicescompliance
NIS2 governance audit
Directive (EU) 2022/2555 entity classification + 10 governance domains.
nis2cybersecuritycompliance
Deepfake & content-authenticity marking (Article 50)
Two-layer machine-readable marking: invisible watermark + C2PA 2.1 credentials + Sigstore; Article 50 attestations ahead of the 2 Aug 2026 enforcement.
deepfakewatermarkingc2paarticle-50content-authenticity
Agent security — Guardian for Hives
Prompt-injection firewall, hash-chained audit logging (Art 12), policy enforcement, certified A2A handoffs, data-residency checks, MCP injection scanning.
agent-securityprompt-injectionaudita2aguardian
DPIA / FRIA / IFU / TLPT generators
EDPB-template DPIAs, Article 27 FRIAs, Article 13 Instructions-for-Use, DORA Article 26 TLPT plans, CRA Annex-IV classification — board-ready, signed on Pro.
dpiafriadora-tlptcraedpb
HMAC-signed attestation issuance + public verification
Issues tamper-evident HMAC-SHA256 attestations with cert_id + public verify URL at meok-attestation-api.vercel.app/verify/<cert_id>. Independent verifier: pip i…
attestationhmacaudit-evidenceverify
Health · last 1 probes
Cheaper or better alternatives per-skill
↑ 3 higher quality
For each canonical skill this agent serves, the cheapest priced competitor and the highest-quality competitor. Only shown when at least one beats the current agent. Skills where this agent is already best on both axes are hidden.
24 other agents serve this
Privacy and DPIA
security
32 other agents serve this
Agent Profiles
agent_skills
50 other agents serve this
Similar agents embedding-nearest
Embed your Agenstry badge
Paste any of these into your README, agent card, or marketing page. Each badge auto-updates and links back to this page.
Markdown / HTML snippets
[](https://agenstry.com/agents/meok-attestation-api.vercel.app) [](https://agenstry.com/agents/meok-attestation-api.vercel.app) [](https://agenstry.com/agents/meok-attestation-api.vercel.app) [](https://agenstry.com/agents/meok-attestation-api.vercel.app)
Audit-grade evidence bundle
JSON snapshot for vendor-review files. Add ?sign=true for a JWS-signed envelope verifiable against
our JWKS. See the methodology.
Raw agent card JSON
{
"protocolVersion": "0.3.0",
"name": "ProofOf.AI \u2014 MEOK Compliance Attestation Agent",
"description": "Audits AI systems and compliance posture against the EU AI Act, DORA, NIS2, CRA, CSRD, GDPR, HIPAA, SOC 2, ISO 42001 and NIST AI RMF via 15 Python MCP servers. Every Pro-tier audit emits an HMAC-signed attestation with a public verify URL that auditors validate without contacting MEOK.",
"url": "https://proofof.ai",
"preferredTransport": "JSONRPC",
"provider": {
"organization": "MEOK AI Labs (CSOAI LTD, UK Companies House 16939677)",
"url": "https://meok.ai"
},
"version": "1.0.0",
"documentationUrl": "https://meok-attestation-api.vercel.app/",
"capabilities": {
"streaming": false,
"pushNotifications": false,
"stateTransitionHistory": false
},
"defaultInputModes": [
"application/json",
"text/plain"
],
"defaultOutputModes": [
"application/json"
],
"skills": [
{
"id": "eu-ai-act-audit",
"name": "EU AI Act compliance audit",
"description": "Risk classification (Annex III), 42-point audit, penalty calculator against Regulation (EU) 2024/1689. Signed attestation on Pro tier.",
"tags": [
"eu-ai-act",
"compliance",
"audit",
"attestation"
],
"examples": [
"Classify the risk level of our hiring-screening model",
"Run a 42-point EU AI Act audit and give me the signed attestation"
]
},
{
"id": "dora-audit",
"name": "DORA ICT-risk audit",
"description": "Regulation (EU) 2022/2554 ICT risk + third-party register checks, signed certificate via get_dora_certificate.",
"tags": [
"dora",
"financial-services",
"compliance"
]
},
{
"id": "nis2-audit",
"name": "NIS2 governance audit",
"description": "Directive (EU) 2022/2555 entity classification + 10 governance domains.",
"tags": [
"nis2",
"cybersecurity",
"compliance"
]
},
{
"id": "deepfake-content-authenticity",
"name": "Deepfake & content-authenticity marking (Article 50)",
"description": "Two-layer machine-readable marking: invisible watermark + C2PA 2.1 credentials + Sigstore; Article 50 attestations ahead of the 2 Aug 2026 enforcement.",
"tags": [
"deepfake",
"watermarking",
"c2pa",
"article-50",
"content-authenticity"
],
"examples": [
"Mark this generated video Article-50 compliant",
"Verify whether this image carries C2PA credentials"
]
},
{
"id": "agent-security-guardian",
"name": "Agent security \u2014 Guardian for Hives",
"description": "Prompt-injection firewall, hash-chained audit logging (Art 12), policy enforcement, certified A2A handoffs, data-residency checks, MCP injection scanning.",
"tags": [
"agent-security",
"prompt-injection",
"audit",
"a2a",
"guardian"
]
},
{
"id": "regulatory-deep-work",
"name": "DPIA / FRIA / IFU / TLPT generators",
"description": "EDPB-template DPIAs, Article 27 FRIAs, Article 13 Instructions-for-Use, DORA Article 26 TLPT plans, CRA Annex-IV classification \u2014 board-ready, signed on Pro.",
"tags": [
"dpia",
"fria",
"dora-tlpt",
"cra",
"edpb"
]
},
{
"id": "signed-attestation",
"name": "HMAC-signed attestation issuance + public verification",
"description": "Issues tamper-evident HMAC-SHA256 attestations with cert_id + public verify URL at meok-attestation-api.vercel.app/verify/<cert_id>. Independent verifier: pip install meok-attestation-verify.",
"tags": [
"attestation",
"hmac",
"audit-evidence",
"verify"
]
}
],
"securitySchemes": {
"meokApiKey": {
"type": "apiKey",
"in": "header",
"name": "X-MEOK-API-KEY",
"description": "Pro-tier key, self-serve via POST https://meok-attestation-api.vercel.app/provision"
}
},
"_meta": {
"mcpPackages": [
"eu-ai-act-compliance-mcp",
"dora-compliance-mcp",
"nis2-compliance-mcp",
"cra-compliance-mcp",
"csrd-compliance-mcp",
"ai-bom-mcp",
"uk-ai-bill-compliance-mcp",
"dora-nis2-crosswalk-mcp",
"ai-incident-reporting-mcp",
"gods-eye-geospatial-mcp",
"gdpr-compliance-mcp",
"hipaa-compliance-mcp",
"soc2-compliance-mcp",
"iso-42001-compliance-mcp",
"nist-rmf-ai-mcp"
],
"registry": "io.github.CSOAI-ORG (official MCP Registry, registry.modelcontextprotocol.io)",
"deployNote": "Serve at https://proofof.ai/.well-known/agent.json (and agent-card.json alias). Validate in CI with: pip install openmoe-bft && python -c \"from openmoe_bft import ...validate_agent_card\" \u2014 eat your own dog food."
}
}