What we built
A complete trust ecosystem for AI agents. Two components, one score:
Trust Score (0-100) = Identity (0-80) + Reputation (0-20)
After 3 weeks of building:
- 7 npm packages
- 7 countries supported
- 104+ tests passing
- 1 verified MCP service (mcp-colombia-hub)
- 1 premium endpoint gated at score >= 95
Component 1: Identity via ZK Proofs (0-80)
npx soulprint verify-me --selfie me.jpg --document cedula.jpg
# What happens locally (data never leaves device):
# 1. EXIF rotation fix + CLAHE normalization
# 2. Tesseract OCR reads ID + validates MRZ check digits (ICAO 9303)
# 3. InsightFace matches selfie to document face
# 4. Circom circuit generates Groth16 ZK proof (564ms)
# 5. Ed25519-signed SPT token issued (~700 bytes)
Credentials and weights:
| Credential | Points | How |
|---|---|---|
| EmailVerified | 8 | Email confirmation |
| PhoneVerified | 12 | SMS OTP |
| GitHubLinked | 16 | GitHub OAuth |
| DocumentVerified | 20 | OCR + MRZ |
| FaceMatch | 16 | Biometric |
| BiometricBound | 8 | Device binding |
| Max | 80 |
Component 2: Reputation from behavior (0-20)
Start: 10 (neutral)
Verified service issues +1 → goes up
Verified service issues -1 → goes down
Clamped: [0, 20]
mcp-colombia-hub (the first verified service, score=80) automatically issues:
-
+1when bot completes 3+ tools normally -
-1when bot spams (>5 requests / 60 seconds)
The 100-point breakdown
Anonymous bot: 0 identity + 10 reputation = 10/100
Email verified: 8 identity + 10 reputation = 18/100
Document + face match: 36 identity + 10 reputation = 46/100
Full KYC: 80 identity + 10 reputation = 90/100
Full KYC + good behavior: 80 identity + 15 reputation = 95/100 ← PREMIUM
Perfect score: 80 identity + 20 reputation = 100/100
The premium endpoint demo
trabajo_aplicar in mcp-colombia requires score >= 95:
// Bot with score 94: BLOCKED
{
"error": "Score insuficiente: 94 < 95 requerido",
"required_score": 95
}
// Bot with score 97: APPROVED
{
"application_id": "SP-M9X3K2-Z6MK4F",
"applicant": {
"did": "did:key:z6Mk...",
"score": 97,
"verified": true
},
"trust_guarantees": {
"human_verified": true,
"no_spam_history": true,
"zkp": true
}
}
Employers see a verified human with a clean record. Zero PII disclosed.
Test results
mcp-colombia: 37/37 tests (unit + integration + pen tests)
soulprint: 104/104 tests (unit + ZK + registry + reputation)
Pen tests include:
- Token score inflation → REJECTED
- DID substitution → REJECTED
- 100 fake attestations → ZERO effect
- Sybil attack (1000 DIDs same nullifier) → BLOCKED by node
7 countries, open protocol
Anyone can add their country with one PR:
// countries/ES.ts
const ES: CountryVerifier = {
countryCode: 'ES',
countryName: 'Spain',
documentTypes: ['dni', 'nie'],
parse(ocrText) { ... },
validate(docNumber) { ... },
};
export default ES;
Needed: Spain, Germany, India, Nigeria, South Africa...
Install everything
# Get your Soulprint identity
npx soulprint verify-me --selfie me.jpg --document cedula.jpg
# Use the first verified MCP
npx -y mcp-colombia-hub
# Run your own validator node
npx soulprint node --port 4888
# Protect your own service
npm install soulprint-mcp soulprint-express
Links
- Soulprint: https://github.com/manuelariasfz/soulprint
- Website: https://manuelariasfz.github.io/soulprint/
- mcp-colombia: https://github.com/manuelariasfz/mcp-colombia
- Contributing (add a country): https://github.com/manuelariasfz/soulprint/blob/main/CONTRIBUTING.md
- Protocol spec: https://github.com/manuelariasfz/soulprint/blob/main/specs/SIP-v0.1.md
MIT license. Every PR, star, and country contribution makes the ecosystem stronger.
Top comments (0)