The next buyer of an AI-safety check won't be a compliance officer. It will be another AI agent — an orchestrator that needs to know, mid-workflow, whether the model it's about to delegate to is safe to use, and is authorised to spend £0.05 to find out.
That transaction needs three pieces of plumbing, and CSOAI ships all three:
Discovery (A2A). The CSOAI agent card lives at `csoai.org/.well-known/agent.json` — name, skills (`classify_ai_risk`, `crosswalk_frameworks`, `issue_watchdog_certification`, `validate_agent_card`), endpoint, and provenance. Any A2A-capable agent can find the council and read what it offers. We validate our own card with the same `validate_agent_card` tool we sell — dog food, eaten. Payment (ACP + x402). The payable endpoint is published in `acp.json`. An agent calls `/mcp/csoai`, receives an HTTP 402 challenge, pays per call via x402 micropayments, and gets a signed result back. No invoice, no procurement cycle, no human. Proof (SIGIL). The result carries an Ed25519-signed attestation block with a public verify URL. The next agent in the chain — or the human at the end of it — verifies the signature against `csoai.org/pubkey` offline.Agent-to-agent commerce only works if trust is machine-checkable. Signed safety attestations are the trust layer the agent economy is missing — and the council that issues them can't be the vendor that profits from the answer.
→ csoai.org/acp-lib2b · connect `csoai.org/mcp/csoai` in Claude or ChatGPT