# Is It Trust-Ready?

> A free, read-only scanner that grades any public domain's agent-trust surfaces
> against an open, neutral rubric and returns a cryptographically signed
> TrustScore. Built by Mnemom. We hold ourselves to the same rubric — see our
> own report below.

isittrustready.ai fetches a target's public, well-known metadata surfaces
(e.g. `/.well-known/agent-card.json`, `/.well-known/security.txt`, OAuth
metadata) and scores five categories: verifiable identity, alignment & values,
attestation & provenance, accountability, and delegation & auth. The rubric is
anchored on third-party standards (A2A, W3C VC/DID, RFC 9116/8414/9728,
SLSA/Sigstore, OASIS STIX), not on Mnemom products. Read-only: it never
authenticates to, mutates, or writes against a target, and it refuses private /
internal hosts.

## For agents

- MCP server: https://api.isittrustready.ai/mcp (streamable-HTTP)
- Tool: `scan_trust({ url })` → signed, gradeable scorecard (read-only)
- Scan API: POST https://api.isittrustready.ai/scan with `{"url":"example.com"}`
- Result permalink: https://api.isittrustready.ai/r/<domain> (HTML · signed JSON · markdown)
- Signed badge: https://api.isittrustready.ai/badge?domain=<domain>
- Signing key (JWK): https://api.isittrustready.ai/jwk

## Our own trust surfaces

- Alignment card: https://isittrustready.ai/.well-known/alignment-card.json
- MCP server card: https://isittrustready.ai/.well-known/mcp/server-card.json
- security.txt: https://isittrustready.ai/.well-known/security.txt
- Our live report: https://api.isittrustready.ai/r/isittrustready.ai

## About

- Operator: Mnemom, Inc. — https://www.mnemom.ai/
- Docs: https://docs.mnemom.ai
- Security contact: security@mnemom.ai