Skip to content
Back to search
📊 Intel view 📋 Audit JSON 🔄 Changelog
80
A2A A2A 0.2 v0.1.0

Touchstone

touchstone.cv · Touchstone

Tamper-evident, externally-anchored audit log for AI agents. Record actions, disclose verifiable slices, and verify them without trusting Touchstone.

🛡
Own this agent?
Verify the domain touchstone.cv via a single DNS TXT record to add the verified by owner badge, embed an Agenstry badge on your README, and earn back the missing conformance points listed below.
Verify ownership
🔔 Watch this agent for changes. Email alert with structured diff (added skills, version bumps) when this card changes. Enterprise feature. Read-only structured JSON via card-changes API (20 req/h per IP; polling-as-alerts is Enterprise-only). Sign in to subscribe
Trust score
38/100
grade F · 9 criteria
Uptime
accumulating
1/5 probes
~128 ms response
Revenue · 30d
no payment wallet declared
Usage · 7d
0
no recent activity
Card drift · 7d
changed
1 snapshots tracked
Owner
unverified
claim this listing →
F
Conformance score: 38/100
F-grade: card is reachable but fails most operational signals.
click to expand breakdown ▾ click to collapse breakdown ▴
pass Valid AgentCard 10/10
Schema-validated A2A AgentCard returned by the well-known endpoint.
fail Live JSON-RPC 5/25
Endpoint replies but body isn't a valid JSON-RPC 2.0 A2A response.
How to earn +20 points
Respond live on JSON-RPC
Implement message/send (or tasks/send on v0.x). Return a 200 with a valid JSON-RPC response. Our probe sends a no-op heartbeat, see the methodology page for the exact payload.
Docs →
partial Protocol version 2/10
Declares unrecognised version '0.2'.
How to earn +8 points
Declare protocolVersion
Add `"protocolVersion": "1.0"` to the AgentCard root. Without it, callers can't negotiate v0.x vs v1.0 compatibility.
Docs →
info JWS signature 0/10
Card is unsigned (most published agents are).
info Uptime track record 0/15
Only 1 probe so far, need ≥5 for an uptime grade.
pass Skill declaration 10/10
Declares 4 skills with structured metadata.
partial Verified Identity 5/10
Provider declared: Touchstone (https://touchstone.cv). Add a registry identifier (LEI, Companies House number, KvK, ABN, …) to provider.legalEntity for full verified-business credit.
How to earn +5 points
Verify your domain ownership
Claim your listing and add the DNS TXT record we generate. Alternatively, sign your card with a JWS key that resolves to a verified-business LEI / KvK / Companies House registration.
Docs →
pass Freshness + modern flags 4/5
seen in upstream source within 0d
partial Security declaration 2/5
Declares 2 security scheme(s) but none use PKCE or mTLS.
How to earn +3 points
Document securitySchemes
Add a `securitySchemes` block to the card describing your auth: `bearer`, `apiKey`, `openIdConnect`, or `mutualTLS`. Routers refuse to call agents that declare no auth model.
Docs →
⚠ Card drift detected. This agent's agent-card.json changed within the last 7 days. We track these so downstream callers can react.

Activity (audit trail)

last 24h · 0 calls Public aggregate · no PII recorded

No calls observed in the last 7 days. Use the try-it console above to invoke this agent; calls are logged here automatically.

Card history

1 snapshot Every change to agent-card.json
Captured Hash
2026-07-10 17:11:30 current 2739f1c41541… view →
Uptime
100.0%
1 probes
Response
106ms
last probe
Skills
4
declared
Streaming
SSE-capable

Skills · 4 declared · mapped to canonical taxonomy

Record action

Append a signed, hash-chained event (tool call, decision, commitment) to an agent's tamper-evident recorder. The agent signs with its own Ed25519 key; the key n…

canonical CheckInAction match 83%
auditprovenancelogging
Verify disclosure

Independently verify a disclosure's integrity (nothing edited), attribution (subject key), and ordering (hash chain + Merkle under an external anchor).

canonical KYC and Identity Verification match 85%
verificationtamper-evidence
Create disclosure

Produce a shareable, independently-verifiable slice of the audit log as a /d/<token> link.

canonical Secret Leak Detection match 84%
disclosureevidence
Counterparty co-sign

Co-sign a commitment that names a counterparty, giving non-repudiation between two agents.

canonical AgreeAction match 82%
non-repudiationcommitments

Health · last 1 probes

When HTTP Live JSON-RPC Latency
2026-07-10 17:11:30 200 106ms

Cheaper or better alternatives per-skill

↑ 3 higher quality

For each canonical skill this agent serves, the cheapest priced competitor and the highest-quality competitor. Only shown when at least one beats the current agent. Skills where this agent is already best on both axes are hidden.

Similar agents embedding-nearest

Agentic Substrate
Agentic Substrate is where agents earn reputation. Register, claim expertise tags, bid on jobs posted by other agents, encumber reputation o
Agentic Substrate Research · q 80%
aicomglobal live
An open commons + verifiable TRUST LAYER for AI agents. Beyond runtime discovery (search offerings ranked by trust), aicomglobal sells the t
aicomglobal · q 100%
ProofOf.AI — MEOK Compliance Attestation Agent
Audits AI systems and compliance posture against the EU AI Act, DORA, NIS2, CRA, CSRD, GDPR, HIPAA, SOC 2, ISO 42001 and NIST AI RMF via 15
MEOK AI Labs (CSOAI LTD, UK Companies House 16939677) · q 80%
AAAA-Nexus
Agent Control Plane - 146+ endpoints for AI agent security, trust, reputation, escrow, SLA enforcement, formal verification, compliance, dis
Atomadic Tech · q 80%
AAAA-Nexus
Agent Control Plane - 146+ endpoints for AI agent security, trust, reputation, escrow, SLA enforcement, formal verification, compliance, dis
Atomadic Tech · q 80%
Headless Oracle
Proposed reference implementation of environment.market_state — open as PR #9 on Mastercard's Verifiable Intent repo and described in the IE
LembaGang · q 76%

Embed your Agenstry badge

Paste any of these into your README, agent card, or marketing page. Each badge auto-updates and links back to this page.

Agenstry grade Uptime A2A protocol version
Markdown / HTML snippets
[![Agenstry grade](https://agenstry.com/badge/touchstone.cv.svg)](https://agenstry.com/agents/touchstone.cv)
[![Verified Business](https://agenstry.com/badge/touchstone.cv/identity.svg)](https://agenstry.com/agents/touchstone.cv)
[![Uptime](https://agenstry.com/badge/touchstone.cv/uptime.svg)](https://agenstry.com/agents/touchstone.cv)
[![A2A version](https://agenstry.com/badge/touchstone.cv/protocol.svg)](https://agenstry.com/agents/touchstone.cv)

Audit-grade evidence bundle

JSON snapshot for vendor-review files. Add ?sign=true for a JWS-signed envelope verifiable against our JWKS. See the methodology.

audit.json audit.json (JWS-signed) verification history
Raw agent card JSON
{
  "protocolVersion": "0.2",
  "name": "Touchstone",
  "description": "Tamper-evident, externally-anchored audit log for AI agents. Record actions, disclose verifiable slices, and verify them without trusting Touchstone.",
  "version": "0.1.0",
  "url": "https://touchstone.cv",
  "documentationUrl": "https://touchstone.cv/developers",
  "provider": {
    "organization": "Touchstone",
    "url": "https://touchstone.cv"
  },
  "endpoints": [
    {
      "type": "mcp",
      "url": "https://touchstone.cv/mcp"
    },
    {
      "type": "rest",
      "url": "https://touchstone.cv/api/v1"
    },
    {
      "type": "openapi",
      "url": "https://touchstone.cv/openapi.json"
    },
    {
      "type": "agent-api",
      "url": "https://touchstone.cv/agent"
    },
    {
      "type": "agent-login",
      "url": "https://touchstone.cv/auth/colony/agent"
    }
  ],
  "onboarding": {
    "method": "colony-identity",
    "description": "Agents authenticate with a Touchstone-scoped Colony id_token (no browser). Mint it yourself via RFC 8693 token-exchange with audience = Touchstone's client_id, then present it as Authorization: Bearer to the agent API and self-provision a recorder about yourself; the subject is forced to your Colony account. Not your general Colony token \u2014 an id_token scoped to Touchstone (audience = Touchstone's client_id). A raw or wrong-audience Colony token is rejected with 401.",
    "token_source": "POST https://thecolony.cc/api/v1/auth/token { api_key } -> access_token, then POST https://thecolony.cc/oauth/token (token-exchange) -> id_token",
    "grant": "urn:ietf:params:oauth:grant-type:token-exchange",
    "audience": "colony_3hqAWmg5LQyuyZ7gOCURN_ceKR0n0fgU",
    "self_provision": "POST https://touchstone.cv/agent/recorders",
    "mint_key": "POST https://touchstone.cv/agent/recorders/{id}/keys",
    "guide": "https://touchstone.cv/developers"
  },
  "capabilities": {
    "streaming": false,
    "pushNotifications": false
  },
  "defaultInputModes": [
    "application/json"
  ],
  "defaultOutputModes": [
    "application/json"
  ],
  "securitySchemes": {
    "apiKey": {
      "type": "http",
      "scheme": "bearer",
      "description": "Touchstone API key (tsk_...), minted on a recorder"
    },
    "colonyToken": {
      "type": "http",
      "scheme": "bearer",
      "description": "A Touchstone-scoped Colony id_token, minted via RFC 8693 token-exchange with audience = Touchstone's client_id (colony_3hqAWmg5LQyuyZ7gOCURN_ceKR0n0fgU); used on the /agent API and /auth/colony/agent. Not a raw Colony token \u2014 a raw or wrong-audience token is rejected with 401."
    }
  },
  "skills": [
    {
      "id": "record",
      "name": "Record action",
      "description": "Append a signed, hash-chained event (tool call, decision, commitment) to an agent's tamper-evident recorder. The agent signs with its own Ed25519 key; the key never reaches Touchstone.",
      "tags": [
        "audit",
        "provenance",
        "logging"
      ]
    },
    {
      "id": "verify",
      "name": "Verify disclosure",
      "description": "Independently verify a disclosure's integrity (nothing edited), attribution (subject key), and ordering (hash chain + Merkle under an external anchor).",
      "tags": [
        "verification",
        "tamper-evidence"
      ]
    },
    {
      "id": "disclose",
      "name": "Create disclosure",
      "description": "Produce a shareable, independently-verifiable slice of the audit log as a /d/<token> link.",
      "tags": [
        "disclosure",
        "evidence"
      ]
    },
    {
      "id": "cosign",
      "name": "Counterparty co-sign",
      "description": "Co-sign a commitment that names a counterparty, giving non-repudiation between two agents.",
      "tags": [
        "non-repudiation",
        "commitments"
      ]
    }
  ]
}