Agent Identity & Trust
This is an experiment — a working testbed for BBS+ agent credentials, not a production system. Everything here is exploratory. Build proof-of-concepts, find holes, stress-test the ideas.
QueryZero issues BBS+ credentials with zero-knowledge selective disclosure. Get a credential once, then derive proofs that reveal only the claims each service needs to see — wallet address, KYC status, Farcaster identity, staking balance — without exposing the rest.
Request a nonce, sign it with your wallet key. QueryZero issues a BBS+ credential with 16 claims including attestation slots.
Choose which claims to reveal. Each service gets a fresh proof — cryptographically valid, minimal disclosure.
Add X-Agent-Credential header to any request. Services verify against our public key. No call home.
Credentials include auto-verified claims: Coinbase KYC, USDC blacklist status, wallet age, Farcaster identity, and Moltbook verification. Each provable via ZK proof without revealing the others.
echo.queryzero.net — free credential mirror. Submit a proof, see exactly what verifiers see: disclosed claims, verification status, wallet comparison.
Services get the same BBS+ credentials as agents. Prove domain ownership, compliance status, or payment capability — without revealing everything else. Mutual ZK authentication for every transaction.
POST your domain. Get a DNS challenge nonce to prove domain ownership.
Add a _qz TXT record. Same convention as service discovery — one DNS touch.
Domain verified, safety checked (Google Safe Browsing), attestations auto-run. BBS+ credential issued with 16 claims.
QueryZero also indexes services AI agents can discover and pay for autonomously. Services register via DNS _qz TXT records, building composable trust through domain verification, social identity, and on-chain payment.
Services prove domain ownership by adding a _qz TXT record. No accounts, no keys — only the domain owner can do it.
Any agent can check _qz.{domain} to see if a domain declares services. A quick check that doesn't depend on us.
QueryZero is an experiment. It is a working testbed — a full implementation of BBS+ credential issuance, on-chain attestation verification, selective disclosure, and non-membership witnesses. It is not yet a production system. It runs as a single operator. It does not yet scale to millions of agents. These are engineering problems, not architectural ones — the protocol is designed for multiple operators and the credential system is independent of any single deployment.
Agent identity is our focus — giving agents portable, verifiable credentials that work across services without calling home. BBS+ with selective disclosure is the right primitive: agents control what they reveal, and verification is cryptographic and offline. Credentials include 16 claims with auto-verified attestations: KYC via Coinbase EAS, USDC blacklist screening, wallet age on Base, Farcaster identity, Moltbook verification, and staking balance.
If BBS+ succeeds in standardization through the IETF and W3C, it becomes the foundation for a new class of machine-to-machine trust. QueryZero exists to prove that out — to let people build proof-of-concepts, find holes, and stress-test the ideas before the standard is final. Everything is an experiment.