Check before an agent pays, clicks, or trusts.
Faro is a trust layer for AI agents and apps. You send a URL, payee, message, or
agent-payment payload — Faro returns one clear answer: green, yellow, or
red, a one-line reason, and what to do next (allow / warn / block /
review).
This repo is the open interface (Apache-2.0): the verdict contract, client SDKs, and auditable payment-protocol adapters. Scoring and the reputation graph stay on Faro’s hosted API, so you can audit what leaves your process without forking a black-box engine.
Get an API key → farofinance.app
| You want to… | Use |
|---|---|
| Verify a link before an agent opens or shares it | Python/TS SDK verify_url, REST, or MCP verify_url |
| Check a UPI / payee / account before sending money | verify_payee |
| Screen an inbound SMS, email, or chat for scam tactics | verify_message |
| Gate an AP2 / x402 / ACP payment before settle | Open adapters in adapters/faro_agentpay/ → then verify each artifact |
| Let Claude / Cursor / any MCP client call Faro | Hosted MCP at https://mcp.farofinance.app/mcp |
| Branch in code on a stable contract | contracts/verdict.schema.json + typed SDKs |
Typical users: agent builders, wallet/checkout integrators, MCP app authors, and security teams who need a single red/yellow/green decision at the moment of action — not a dashboard full of raw threat intel.
pip install faro-clientimport asyncio, os
from faro_client import FaroClient
async def main() -> None:
async with FaroClient(os.environ["FARO_API_KEY"]) as client:
result = await client.verify_url("https://example.com")
print(result.verdict, result.reason, result.recommended_action)
# Branch: allow | warn | block | review
if result.recommended_action == "block":
raise SystemExit("blocked by Faro")
asyncio.run(main())curl -s -X POST https://api.farofinance.app/v1/verify/url \
-H "Authorization: Bearer $FARO_API_KEY" \
-H "Content-Type: application/json" \
-d '{"value":"https://example.com"}'TypeScript: see sdk/typescript/.
Payment parsers (no engine inside): adapters/faro_agentpay/.
Recipes: recipes/.
| Piece | Path |
|---|---|
| Verdict JSON Schema | contracts/verdict.schema.json |
| OpenAPI | sdk/openapi.json |
Python SDK (faro-client) |
sdk/python/ |
| TypeScript SDK | sdk/typescript/ |
| AP2 / x402 / ACP adapters | adapters/faro_agentpay/ |
| Verify-before-pay recipes | recipes/ |
| MCP registry manifest | server.json · docs/tools.md |
Open here: schema, SDKs, protocol adapters, recipes, MCP tool docs — so integrators and protocol ecosystems can cite and fork the interface.
Closed (hosted API): signal providers, scoring, reputation graph, prompts.
Adapters stop at a documented seam: parse → artifacts → POST /v1/verify (or
your own checks) → optional worst_of.
Hosted verifies can carry signed trust receipts and a transparency log (hashes and signatures — not your raw PII). Product docs: farofinance.app.
Shipped or in flight on the hosted product (not all of this lives in this public repo):
- Stronger verify-before-pay coverage across AP2 / x402 / ACP as specs churn
- Richer payee / message / URL signals and reputation write-back
- Watches & webhooks when a previously clean entity flips
- Trust receipts and day-rooted transparency log verification tooling
- More SDK languages and framework examples (LangGraph, Crew, etc.)
- Optional public examples (e.g. agent defense patterns) without opening the engine
Community PRs welcome for adapter/SDK/docs fixes (DCO required). Engine
changes are not accepted here — see CONTRIBUTING.md.
- Not a self-hosted scam ML model — default is the hosted API
- Not a generic prompt-injection detector — Faro verifies artifacts at action time
Branches: BRANCHES.md · Security: SECURITY.md