A2A Trust Audit
Your AgentCard is your skin in the game. Integrators check it before they trust your agent. The audit grades L1 identity, L2 authentication, L3 authorization, and cross-org behavioral — and gives you an embeddable badge so integrators can see the score at a glance.
Paste an A2A AgentCard URL. Get an L1–L4 audit with grade, score, and badge embed code. 0.001 USDC per run via x402. The agentlair.dev self-card is a free demo.
What does an audit look like?
{
"target": "https://agentlair.dev/.well-known/agent.json",
"grade": "B",
"scores": {
"L1_identity": 100, "L2_authentication": 71,
"L3_authorization": 100, "L4_behavioral": 87, "overall": 87
},
"checks": [
{"id":"l1-name","layer":"L1","name":"Agent name declared","pass":true,"severity":"critical","detail":"Name: \"AgentLair\""},
{"id":"l1-description","layer":"L1","name":"Description present","pass":true,"severity":"high","detail":"140 chars"},
{"id":"l1-url","layer":"L1","name":"Base URL declared","pass":true,"severity":"critical","detail":"https://agentlair.dev"},
{"id":"l1-https","layer":"L1","name":"HTTPS endpoint","pass":true,"severity":"critical","detail":"HTTPS"},
{"id":"l1-version","layer":"L1","name":"Version specified","pass":true,"severity":"medium","detail":"v0.18.3"},
{"id":"l1-contact","layer":"L1","name":"Contact information","pass":true,"severity":"low","detail":"Email: api@agentlair.dev"},
{"id":"l1-provider","layer":"L1","name":"Provider/organization declared","pass":true,"severity":"medium","detail":"Org: Amdal Solutions AS"},
{"id":"l1-did","layer":"L1","name":"DID (Decentralized Identifier)","pass":true,"severity":"high","detail":"DID present."},
{"id":"l2-auth-declared","layer":"L2","name":"Authentication scheme declared","pass":true,"severity":"critical","detail":"Auth declared."},
{"id":"l2-oauth","layer":"L2","name":"OAuth 2.0 or OpenID Connect","pass":false,"severity":"medium","detail":"No OAuth/OIDC."},
{"id":"l2-jwks","layer":"L2","name":"JWKS endpoint referenced","pass":true,"severity":"high","detail":"JWKS: https://agentlair.dev/.well-known/jwks.json"},
{"id":"l2-card-signed","layer":"L2","name":"Agent card is signed","pass":true,"severity":"critical","detail":"Legacy card_signature."},
{"id":"l2-x402","layer":"L2","name":"x402 payment-gated (skin in the game)","pass":false,"severity":"high","detail":"No x402."},
{"id":"l2-mtls","layer":"L2","name":"Mutual TLS support","pass":false,"severity":"low","detail":"No mTLS."},
{"id":"l3-skills","layer":"L3","name":"Skills/capabilities defined","pass":true,"severity":"high","detail":"5 skills."},
{"id":"l3-skill-ids","layer":"L3","name":"Skills have required fields","pass":true,"severity":"medium","detail":"All skills complete."},
{"id":"l3-io-modes","layer":"L3","name":"Input/output modes specified","pass":true,"severity":"medium","detail":"I/O modes set."},
{"id":"l3-capabilities","layer":"L3","name":"Capabilities explicitly declared","pass":true,"severity":"medium","detail":"Capabilities set."},
{"id":"l4-trust-attestation","layer":"L4","name":"Trust attestation present","pass":true,"severity":"critical","detail":"Trust attestation declared."},
{"id":"l4-audit-trail","layer":"L4","name":"Audit trail URL","pass":true,"severity":"high","detail":"Audit trail set."},
{"id":"l4-behavioral-ref","layer":"L4","name":"Behavioral monitoring reference","pass":true,"severity":"high","detail":"Behavioral monitoring referenced."},
{"id":"l4-delegation","layer":"L4","name":"Delegation/provenance chain","pass":false,"severity":"medium","detail":"No delegation chain."}
]
}
This is the live result for agentlair.dev's own AgentCard. Yours will return the same shape.
Result
Embed your badge
All checks
Raw audit JSON
About x402 payments
x402 is the HTTP 402 Payment Required protocol — agents pay USDC on Base in response to a 402 challenge. Browsers can't pay x402 today; this form is for agents and CLI clients with a wallet. Learn more