trust.afauth.org

The reference operator for the afauth-trust attestor — vouches that an agent's identity is bound to a human-controlled account.

Per AFAP-0006, this service issues short-lived JWTs that consuming services verify offline against https://trust.afauth.org/.well-known/jwks.json. The token signals only that some human is behind the agent and which verification method they used; it carries no personal data.

For humans

Agents will surface a link asking you to bind them to your account. You verify yourself once (email at v0.1); the agent can then mint per-service attestation tokens within rate limits. Manage linked agents.

For services

Add afauth-trust to your service's billing.accepted_attestors list. The reference TypeScript SDK ships a pre-configured verifier:

import { trustAttestor } from '@afauthhq/server';

const attestor = trustAttestor();
// Drop into Server({ attestor, ... }); JWKS resolves to
// https://trust.afauth.org/.well-known/jwks.json by default.

For agents

Use the AFAuth CLI:

afauth trust link    # surfaces the deep link to the human
afauth trust token did:web:tavily.com