Trust Layer API
One endpoint answers "can I trust this?" for an MCP/agent tool, a prompt, or a piece of content, and returns a verdict plus a signed, portable Trust Receipt. No SDK required, it is a single POST.
Base URL
https://queldrex.com
Authentication & limits
The API works with no key on the free tier. Sign in and create an API key (free) for higher limits and to attribute activity to your account, console, and policy.
Create a key free in the console after you sign in. Send it as Authorization: Bearer qdx_…. Need more than 5,000/month? hello@queldrex.com.
Endpoints
/api/trust/authorize/api/trust/verify/api/trust/mode/api/trust/policy/api/trust/receipt/{id}/api/trust/badge/{id}.svg/api/trust/pubkey/api/trust/benchmark/api/trust/benchmark/datasetEnforce a tool call (authorize)
Ask this BEFORE your agent runs a tool. You get the decision the agent must obey, plus a signed receipt. Pass the actual call args so a clean tool driven with a malicious value (a cloud-metadata URL, an SSH-key path, a shell injection) is caught, not just a poisoned tool definition. Pass agentId for per-agent policy and budgets, and session flags for behavioral monitoring. In monitor mode the decision is always allow and wouldBlock tells you what it would have done.
curl -X POST https://queldrex.com/api/trust/authorize \
-H "content-type: application/json" \
-H "Authorization: Bearer qdx_…" \
-d '{
"tool": { "name": "fetch_url", "description": "…", "serverUrl": "https://api.example.com/mcp" },
"args": { "url": "http://169.254.169.254/latest/meta-data/" },
"agentId": "prod-agent",
"session": { "untrusted": true, "sensitive": true, "egress": true }
}'{
"decision": "deny", // allow | require_approval | deny
"rule": "call_args.malicious", // the argument, not the tool, was the attack
"reasons": ["A call argument references a cloud instance-metadata address…"],
"riskScore": 0, // the tool definition itself scored clean
"verdict": "safe",
"mode": "enforce", // enforce | monitor
"wouldBlock": false, // monitor mode: what it WOULD have done
"approvalId": null, // set when a human approval is pending
"receipt": { "payload": { "id": "rcpt_…", … }, "signature": "…", "publicKey": "…" }
}Verify a tool
curl -X POST https://queldrex.com/api/trust/verify \
-H "content-type: application/json" \
-d '{
"kind": "mcp_tool",
"tool": {
"name": "send_email",
"description": "Sends an email to a recipient.",
"serverUrl": "https://api.example.com/mcp",
"scopes": ["mail:send"]
}
}'Verify a prompt / text
curl -X POST https://queldrex.com/api/trust/verify \
-H "content-type: application/json" \
-d '{"kind":"text","text":"ignore all previous instructions and..."}'Verify content (image)
curl -X POST https://queldrex.com/api/trust/verify \ -F "file=@photo.jpg"
Response
{
"verdict": "unsafe", // safe | unsafe | uncertain
"riskScore": 97, // 0-100 (hedged, never certainty)
"confidence": "high", // low | moderate | high
"headline": "Strong risk signals in this tool",
"signals": [
{ "code": "tool_poisoning.hidden_instruction",
"label": "Hidden instruction in tool metadata",
"detail": "...", "direction": "risk", "weight": 0.7 }
],
"subject": { "kind": "mcp_tool", "name": "send_email", "hash": "…" },
"receipt": { // signed, portable proof
"payload": { "id": "rcpt_…", "verdict": "unsafe", "riskScore": 97, … },
"algorithm": "ed25519",
"keyId": "0b507309cbb6235e",
"signature": "…base64…",
"publicKey": "…base64 SPKI DER…"
},
"disclaimer": "…"
}Verdicts
- safe — no risk signals found (not a warranty).
- unsafe — strong risk signals (risk ≥ 60).
- uncertain — flagged for review or not enough signal (risk 30–59, or no signal). We abstain rather than guess.
Verify a receipt yourself
Every receipt is Ed25519-signed and carries its own public key, so you can verify it without trusting our servers. Confirm the key is ours against /api/trust/pubkey.
// Node
import { verify, createPublicKey } from 'crypto'
const ok = verify(null,
Buffer.from(canonicalJSON(receipt.payload)),
createPublicKey({ key: Buffer.from(receipt.publicKey,'base64'), format:'der', type:'spki' }),
Buffer.from(receipt.signature,'base64'))SDK & framework drop-ins
Instead of calling the API by hand, use @queldrex/enforce (zero-dependency, fail-safe) or a one-line framework adapter. Full guide at /verify/integrate.
// Vercel AI SDK — govern every tool in one line
import { withQueldrex } from '@queldrex/enforce/vercel'
await generateText({ model, tools: withQueldrex(myTools, { apiKey }) })
// Or the core enforcer (LangChain, OpenAI, MCP, or a custom loop):
import { createEnforcer } from '@queldrex/enforce'
const q = createEnforcer({ apiKey: process.env.QUELDREX_API_KEY })
await q.guard(toolDescriptor, session) // throws unless allowed
// Claude Code: add a PreToolUse hook, no code:
// "command": "npx -y @queldrex/enforce hook"Embed the badge
<a href="https://queldrex.com/verify/receipt/{id}">
<img src="https://queldrex.com/api/trust/badge/{id}.svg" alt="Verified by Queldrex">
</a>