Trust inspector · capability card

Signature valid is not the same as trusted.

This capability card is authentically signed, the WASM verifier confirms its bytes. But its key is not pinned to a Ship trust root and none of its capabilities were captured from a harness, so its identity is self-asserted, not machine-certified. A real trust inspector shows that gradient instead of a single green tick.

verifying…self-assertedno revocation foundauthentic bytes · unverified identity
identity
agentagent://deployer
keyidkey_645b2fe2f4da2e7a
schemaagent_card.v1
version1.0.0
provenance grade
A
Asserted
self-signed · 0 of 4 captured
declared capabilities
file.readasserted
file.writeasserted
db.queryasserted
deploy.productionasserted
models
claude-sonnet-4
provenance grades
Captured

Machine-observed from the harness: keypair, config, receipts.

Checked

Cross-verified: the card validated against actual receipts.

Asserted

A bare claim: self-signed, no captured evidence.

Revocation is fail-closed: only the card's own key or a Ship trust root can revoke it, and unauthorized revocations are ignored. To raise this card above self-asserted, pin its key as a trust root and cross-check its capabilities against real receipts.