Agent due diligence

Verify an agent's capability claims, delegation provenance, and A2A trust chain before granting access or accepting outputs.

Use before trusting an external agent with sensitive workflows, PII, or financial actions. Patchr audits the declared capability set, traces the delegation chain from trust anchor to caller, and returns a grant/deny/escalate decision backed by a sealed proof card.

Try agent due diligence in sandbox API reference

Check what the agent claims to be able to do

Compare the agent's declared capabilities against verifiable evidence. Surface unverifiable claims before they become access decisions.

Trace the delegation chain

Walk the delegation provenance from the trust anchor through every intermediate mandate. Flag gaps, missing links, and unauthorized scope expansions.

Gate access on verified proof

The access decision — grant, deny, or escalate — is backed by a sealed proof card with a cite ref your policy engine can consume without re-running verification.

For implementation teams

Gate agent access on verified capability and delegation proof before any sensitive action.

Your orchestrator sends the agent ID, claimed capabilities, delegation chain, caller identity, requested scope, and policy constraints. Patchr returns a capability verdict with verified and unverifiable splits, a delegation audit with trust anchors and gaps, a grant/deny/escalate decision, and a sealed proof card.

Decionis interoperability

The proof card carries a stable citeRef in the format patchr:proofCard:card_agent_dd_001#v1 — importable by Decionis-compatible audit ledgers and A2A governance systems that track delegation chains across time.

Full template API reference

Implementation request

curl -X POST https://api.patchr.co/v1/workflows/templates/agentDueDiligence/run \
  -H "Authorization: Bearer $PATCHR_API_TOKEN" \
  -d '{
    "request": "Verify agent payment-executor-v2 before granting payment access",
    "conversationId": "conv_agent_dd_001",
    "metadata": {
      "agentId": "payment-executor-v2",
      "capabilityClaims": ["readFinancialData", "executePayments", "accessPII"],
      "delegationChain": ["mandate_root_001", "mandate_mid_002"],
      "callerIdentity": "orchestrator_v3",
      "requestedScope": "payments:write",
      "policyConstraints": ["requireVerifiedCapabilities", "maxDelegationDepth:3"]
    }
  }'

Implementation response

{
  "ok": true,
  "taskId": "task_agent_dd_001",
  "domain": "resolve",
  "template": {
    "templateId": "agentDueDiligence",
    "domain": "resolve",
    "name": "Agent due diligence"
  },
  "capabilityVerdict": {
    "claimed": ["readFinancialData", "executePayments", "accessPII"],
    "verified": ["readFinancialData"],
    "unverifiable": ["executePayments", "accessPII"]
  },
  "delegationAudit": {
    "depth": 3,
    "trustAnchors": ["operator_root"],
    "gaps": ["missingIntermediateMandate"]
  },
  "accessDecision": "escalate",
  "proofCard": {
    "cardId": "card_agent_dd_001",
    "kind": "proofCard",
    "title": "Agent due diligence: payment-executor-v2",
    "summary": "2 of 3 claimed capabilities unverifiable. Delegation chain has a missing intermediate mandate.",
    "evidenceStatus": "sourceBound",
    "confidence": 0.79,
    "openQuestions": ["delegationChainComplete", "capabilitySourceVerified"],
    "recommendedRestraint": "escalateBeforeActing",
    "cite": "patchr:proofCard:card_agent_dd_001#v1",
    "citeRef": "patchr:proofCard:card_agent_dd_001#v1"
  }
}

Trust moment

For multi-agent platforms and orchestrators that need to gate access on verified delegation proof.

Use it when an external agent requests access to sensitive workflows, PII, or financial actions. The output tells the orchestrator which capabilities are verified, where the delegation chain has gaps, and whether to grant access, deny it, or escalate to a human reviewer.

Talk to sales See all workflows