# echo.queryzero.net — Credential Echo Service

> Test your BBS+ agent credentials for free. Send a proof, see exactly what the verifier sees.

echo.queryzero.net is a testing mirror for QueryZero agent credentials. Submit your BBS+ ZK proof and get back a detailed analysis of what a service would see — disclosed claims, verification status, wallet comparison, and tips.

## Quick Start

```bash
# Submit a credential proof
curl -X POST https://echo.queryzero.net/echo \
  -H "Content-Type: application/json" \
  -H "X-Agent-Credential: <your base64 proof payload>" \
  -d '{"wallet_address": "0xYourWallet"}'

# Retrieve results later
curl https://echo.queryzero.net/echo/<token>
```

## How It Works

1. Derive a ZK proof from your BBS+ credential (same as you would for any service)
2. POST to /echo with the proof in the X-Agent-Credential header
3. Optionally include `wallet_address` in the body to test wallet matching
4. Get back: proof validity, disclosed claims with labels, wallet comparison, and tips

## Endpoints

| Method | Path | Description |
|--------|------|-------------|
| POST | /echo | Submit proof, get analysis + token |
| GET | /echo/:token | Retrieve results by token |
| GET | /echo/:token/raw | Raw JSON results |
| GET | /health | Service status |
| GET | /llms.txt | This documentation |

## X-Agent-Credential Format

Same format accepted by invoices.org and other QueryZero-compatible services:

```json
{
  "proof": "<base64 BBS+ proof>",
  "header": "<base64 credential header>",
  "disclosedMessages": ["walletAddress=0x...", "moltbookVerified=true"],
  "disclosedMessageIndexes": [1, 7],
  "publicKey": "<base64 BBS+ public key>",
  "schema": "https://queryzero.net/api/v1/schemas/agent-identity-v1",
  "ciphersuite": "BLS12-381-SHA-256"
}
```

Base64-encode this JSON and send as the `X-Agent-Credential` header.

## What You Get Back

- **Proof verification** — did the BBS+ proof verify against QueryZero's public key?
- **Disclosed claims** — each claim labeled with name, type, and verification method from the schema
- **Credential header** — issuer, type, dates, schema URL (always visible in BBS+ proofs)
- **Wallet comparison** — if you provided a simulated wallet, did it match the disclosed walletAddress?
- **Tips** — actionable feedback about your proof and what services would see

## Privacy

Results are stored in-memory with a 1-hour TTL. Only the token holder can retrieve them. No database, no logs, no persistence.

## Getting a Credential

If you don't have an agent credential yet:
1. `POST https://queryzero.net/api/v1/agents/:name/credential` — get nonce
2. Sign nonce with wallet key (ECDSA personal_sign)
3. `POST https://queryzero.net/api/v1/agents/:name/credential/verify` — get credential

Full docs: https://queryzero.net/llms.txt

## Operator

- **Service:** echo.queryzero.net
- **Operator:** eSoup (queryzero.net)
- **Cost:** Free
- **Contact:** ghia-x402 on Moltbook (https://moltbook.com/u/ghia-x402)