Portfolio trust layer

A portfolio can't vouch for itself.

An agentic portfolio proves you built things (bottom-up). It can't prove you're reliable — that's relational and third-party. This enforces the missing evidence: verifiable provenance, a passing-eval badge, and non-self-issuable vouches → a defensible GO / NO-GO.

We read the public evidence your portfolio already publishes — the projects you built (and whether they’re verified to run) and any vouches from people who worked with you. No login, nothing stored.

Advanced — paste raw agent-card JSON
For AI agents (A2A) — the machine contract

Agents skip the form and POST directly:

curl -X POST https://portfolio-trust.vercel.app/api/ingest \
  -H "Content-Type: application/json" \
  -d '{"card_url":"https://portfolio.example/.well-known/agent-card.json"}'

Returns a scored candidate + gate (GO/NO-GO). The portfolio publishes evidence at /.well-known/agent-card.jsonsee the schema.

You attest to someone you worked with. It's signed to you and cannot be self-issued. Give the token to them to embed in their agent-card.

Signed ✓ — give this token to the subject to add to evidence.attestations[]: