{ "$schema": "https://a2a-protocol.org/schema/v0.2/agent-card.json", "protocolVersion": "0.2", "name": "EFROS Public Agent", "description": "Agent surface for efros.com. Runs passive external security assessments, exposes the EFROS service catalog, and routes contact intake. The scan API is anchored by Cloudflare Turnstile (anti-abuse) for self-service requests; programmatic clients should use the partner-API OAuth flow declared at /.well-known/oauth-authorization-server.", "url": "https://efros.com", "iconUrl": "https://efros.com/og-image.png", "version": "1.0.0", "documentationUrl": "https://efros.com/.well-known/openapi.json", "provider": { "organization": "EFROS", "url": "https://efros.com", "contact": "info@efros.com" }, "capabilities": { "streaming": false, "pushNotifications": false, "stateTransitionHistory": true }, "defaultInputModes": ["text/plain", "application/json"], "defaultOutputModes": ["text/plain", "application/json", "text/markdown"], "supportedInterfaces": [ { "url": "https://efros.com/api/scan", "transport": "https", "protocol": "rest+json", "documentation": "https://efros.com/.well-known/openapi.json" }, { "url": "https://efros.com/mcp", "transport": "https", "protocol": "mcp/streamable-http", "status": "planned", "documentation": "https://efros.com/.well-known/mcp/server-card.json" } ], "skills": [ { "id": "security-scan", "name": "Run passive external security scan", "description": "Start a passive external assessment of a public domain. Returns per-category scores (DNS, email, web, brand, infrastructure, compliance) and a premium PDF report on claim.", "tags": ["security", "osint", "dns", "email-auth", "web-headers", "brand-protection", "compliance"], "examples": [ "Run a passive security scan against example.com", "What's the SPF / DMARC posture of acme.com?", "Get an external security score for our domain" ], "inputModes": ["application/json", "text/plain"], "outputModes": ["application/json", "text/markdown", "application/pdf"], "service-doc": "https://efros.com/tools/security-scan", "service-desc": "https://efros.com/.well-known/openapi.json#/paths/~1api~1scan~1start" }, { "id": "scan-status", "name": "Check scan status and per-category breakdown", "description": "Poll the status of a running scan. When complete, returns category_scores, category_grades, overall_grade, executive_summary, and top_remediations.", "tags": ["security", "monitoring", "status"], "examples": [ "Is scan abc-123 done?", "What are the per-category scores for scan abc-123?" ], "inputModes": ["application/json", "text/plain"], "outputModes": ["application/json"], "service-desc": "https://efros.com/.well-known/openapi.json#/paths/~1api~1scan~1status~1%7Bid%7D" }, { "id": "claim-scan-report", "name": "Claim premium PDF security report", "description": "Submit recipient name and email to receive the master-prompt-aligned dual-layer PDF report (Letter format, 24 pages, Liquid Glass design system) for a completed scan.", "tags": ["security", "report", "pdf"], "examples": [ "Email me the report for scan abc-123", "Send the PDF to security@example.com" ], "inputModes": ["application/json"], "outputModes": ["application/json"], "service-desc": "https://efros.com/.well-known/openapi.json#/paths/~1api~1scan~1claim" }, { "id": "list-services", "name": "List EFROS service catalog", "description": "Return the EFROS managed-IT, MSSP, and system-integration service catalog with one-line summaries. Use to map a user need to the right offering.", "tags": ["catalog", "services", "discovery"], "examples": [ "What does EFROS offer?", "Which EFROS service covers 24/7 SOC?", "Do you support Microsoft 365 management?" ], "inputModes": ["text/plain"], "outputModes": ["application/json", "text/markdown"] }, { "id": "open-contact", "name": "Open contact form / route inquiry", "description": "Open the EFROS contact page (optionally pre-filled with a topic) so the user can submit an inquiry. Submission requires explicit user action — the agent does not auto-submit.", "tags": ["contact", "intake"], "examples": [ "How do I contact EFROS for a 20-minute call?", "Open the contact form pre-filled with 'partner-api access'" ], "inputModes": ["text/plain"], "outputModes": ["text/plain"] } ], "supportsAuthenticatedExtendedCard": false, "securitySchemes": { "turnstile": { "type": "apiKey", "in": "header", "name": "X-Turnstile-Token", "description": "Cloudflare Turnstile token for self-service public scans. Anti-abuse anchor." }, "partnerOAuth2": { "type": "oauth2", "description": "Partner-API OAuth 2.0 (RFC 8414). Endpoints declared in /.well-known/oauth-authorization-server. Currently 503 / temporarily_unavailable — coming Q3 2026.", "flows": { "authorizationCode": { "authorizationUrl": "https://efros.com/api/oauth/authorize", "tokenUrl": "https://efros.com/api/oauth/token", "scopes": { "scan:start": "Start a security scan", "scan:status": "Read scan status", "scan:claim": "Claim scan report by email", "scan:report:read": "Read scan report PDF", "catalog:read": "Read public catalog" } }, "clientCredentials": { "tokenUrl": "https://efros.com/api/oauth/token", "scopes": { "scan:start": "Start a security scan (server-to-server)", "scan:status": "Read scan status", "scan:claim": "Claim scan report" } } } } }, "security": [ { "turnstile": [] }, { "partnerOAuth2": ["scan:start", "scan:status", "scan:claim"] } ], "links": { "terms": "https://efros.com/terms", "privacy": "https://efros.com/privacy", "skills_index": "https://efros.com/.well-known/agent-skills/index.json", "mcp_server_card": "https://efros.com/.well-known/mcp/server-card.json", "api_catalog": "https://efros.com/.well-known/api-catalog", "openapi": "https://efros.com/.well-known/openapi.json" } }