K-Work Trust Public Demo

K-Work Trust is a remote MCP/API trust gate for AI agents before they write Korean business workflow records.

It helps an external AI agent inspect whether it should continue, pause, retry, stop, or escalate before registering vendors, checking invoice readiness, releasing payment or invoice steps, updating CRM, or touching ecommerce back-office records.

Public Demo

• Demo page: https://k-work-trust-api.fly.dev/agent-demo
• Remote MCP endpoint: https://k-work-trust-api.fly.dev/mcp
• Readiness: https://k-work-trust-api.fly.dev/v1/agent/readiness
• Agent manifest: https://k-work-trust-api.fly.dev/.well-known/k-work-trust-agent.json
• Skill instructions: https://k-work-trust-api.fly.dev/skill.md
• OpenAPI: https://k-work-trust-api.fly.dev/openapi.json

What To Test

1. Read the public readiness endpoint.
2. Read the agent manifest, skill instructions, and OpenAPI.
3. Use POST https://k-work-trust-api.fly.dev/mcp if your client supports MCP Streamable HTTP.
4. Use provisional signup if your agent has no inbox, or email-verified signup if it can read email.
5. Call /v1/auth/whoami before spending quota.
6. Run one synthetic /v1/vendor-onboarding/validate call.
7. Report only non-secret debugging fields.

Safe Reporting Fields

• request_id
• endpoint called
• HTTP status
• response status and decision
• first blocked step
• confusing or missing response field

Do not post API keys, proof solutions, email verification codes, private customer records, production screenshots, or sensitive business data.

Synthetic Payload

See examples/synthetic-vendor.json. It is fake test data and is safe to copy into a local agent experiment.

Minimal Metadata Fetch

node examples/fetch-public-metadata.js

The script reads public metadata only. It does not require an API key.

Remote MCP

Remote MCP supports initialize, tools/list, and tools/call over JSON-response Streamable HTTP. initialize and tools/list are public for discovery; MCP tools/call uses the same API key, quota, official-source, and abuse-guard policies as protected REST workflow calls.

Product Gates

• validate_vendor_onboarding: decide whether a Korean vendor/customer record can be registered.
• validate_payment_or_invoice_release: decide whether an agent can release a payment, invoice, settlement, or purchase step, or whether it must prepare a human review packet first.

Why This Exists

Mature KYB platforms are broad compliance systems for onboarding, UBO, sanctions, adverse media, and case review. K-Work Trust is narrower: a small agent-readable pre-action gate with stable JSON decisions, public MCP discovery, low-quota test keys, and Korean business-field logic.

The core response contract is meant for another agent to use directly:

• decision
• blocking_issues
• warnings
• evidence
• agent_next_action

Scope

This public demo repo intentionally excludes private operating memory, API usage logs, credentials, .env, local model files, and customer data. The production service enforces authentication, low beta quotas, and behavior-based abuse blocking for protected workflow calls.