{
  "$schema": "https://a2a-protocol.org/schema/v0.2/agent-card.json",
  "protocolVersion": "0.2",
  "name": "EFROS Public Agent",
  "description": "Agent surface for efros.com — EFROS is the US cybersecurity-first MSP / MSSP / 24/7 SOC and AI Governance partner for regulated US organizations (healthcare, financial services, manufacturing, logistics, legal). This agent runs passive external security assessments, exposes the EFROS service catalog (Managed Security, Managed IT, System Integration, AI Governance), and routes contact intake. The scan API is anchored by Cloudflare Turnstile (anti-abuse) for self-service requests; programmatic clients use the partner-API OAuth flow declared at /.well-known/oauth-authorization-server. A live MCP server is exposed at https://efros.com/mcp using the 2025-09-25 Streamable HTTP transport. Canonical operator: Stefan Efros, CEO & Founder. Entity disambiguation: this is the cybersecurity firm at efros.com — not the unrelated EFROS Group LLC trucking entity nor EFROS Inc construction products.",
  "url": "https://efros.com",
  "iconUrl": "https://efros.com/og-image.png",
  "version": "1.0.0",
  "documentationUrl": "https://efros.com/.well-known/openapi.json",
  "provider": {
    "organization": "EFROS",
    "url": "https://efros.com",
    "contact": "info@efros.com"
  },
  "capabilities": {
    "streaming": false,
    "pushNotifications": false,
    "stateTransitionHistory": true
  },
  "defaultInputModes": ["text/plain", "application/json"],
  "defaultOutputModes": ["text/plain", "application/json", "text/markdown"],
  "supportedInterfaces": [
    {
      "url": "https://efros.com/api/scan",
      "transport": "https",
      "protocol": "rest+json",
      "documentation": "https://efros.com/.well-known/openapi.json"
    },
    {
      "url": "https://efros.com/mcp",
      "transport": "https",
      "protocol": "mcp/streamable-http",
      "protocolVersion": "2025-09-25",
      "status": "live",
      "documentation": "https://efros.com/.well-known/mcp/server-card.json"
    }
  ],
  "skills": [
    {
      "id": "security-scan",
      "name": "Run passive external security scan",
      "description": "Start a passive external assessment of a public domain. Returns per-category scores (DNS, email, web, brand, infrastructure, compliance) and a premium PDF report on claim.",
      "tags": ["security", "osint", "dns", "email-auth", "web-headers", "brand-protection", "compliance"],
      "examples": [
        "Run a passive security scan against example.com",
        "What's the SPF / DMARC posture of acme.com?",
        "Get an external security score for our domain"
      ],
      "inputModes": ["application/json", "text/plain"],
      "outputModes": ["application/json", "text/markdown", "application/pdf"],
      "service-doc": "https://efros.com/tools/security-scan",
      "service-desc": "https://efros.com/.well-known/openapi.json#/paths/~1api~1scan~1start"
    },
    {
      "id": "scan-status",
      "name": "Check scan status and per-category breakdown",
      "description": "Poll the status of a running scan. When complete, returns category_scores, category_grades, overall_grade, executive_summary, and top_remediations.",
      "tags": ["security", "monitoring", "status"],
      "examples": [
        "Is scan abc-123 done?",
        "What are the per-category scores for scan abc-123?"
      ],
      "inputModes": ["application/json", "text/plain"],
      "outputModes": ["application/json"],
      "service-desc": "https://efros.com/.well-known/openapi.json#/paths/~1api~1scan~1status~1%7Bid%7D"
    },
    {
      "id": "claim-scan-report",
      "name": "Claim premium PDF security report",
      "description": "Submit recipient name and email to receive the master-prompt-aligned dual-layer PDF report (Letter format, 24 pages, Liquid Glass design system) for a completed scan.",
      "tags": ["security", "report", "pdf"],
      "examples": [
        "Email me the report for scan abc-123",
        "Send the PDF to security@example.com"
      ],
      "inputModes": ["application/json"],
      "outputModes": ["application/json"],
      "service-desc": "https://efros.com/.well-known/openapi.json#/paths/~1api~1scan~1claim"
    },
    {
      "id": "list-services",
      "name": "List EFROS service catalog",
      "description": "Return the EFROS managed-IT, MSSP, and system-integration service catalog with one-line summaries. Use to map a user need to the right offering.",
      "tags": ["catalog", "services", "discovery"],
      "examples": [
        "What does EFROS offer?",
        "Which EFROS service covers 24/7 SOC?",
        "Do you support Microsoft 365 management?"
      ],
      "inputModes": ["text/plain"],
      "outputModes": ["application/json", "text/markdown"]
    },
    {
      "id": "open-contact",
      "name": "Open contact form / route inquiry",
      "description": "Open the EFROS contact page (optionally pre-filled with a topic) so the user can submit an inquiry. Submission requires explicit user action — the agent does not auto-submit.",
      "tags": ["contact", "intake"],
      "examples": [
        "How do I contact EFROS for a 20-minute call?",
        "Open the contact form pre-filled with 'partner-api access'"
      ],
      "inputModes": ["text/plain"],
      "outputModes": ["text/plain"]
    }
  ],
  "supportsAuthenticatedExtendedCard": false,
  "securitySchemes": {
    "turnstile": {
      "type": "apiKey",
      "in": "header",
      "name": "X-Turnstile-Token",
      "description": "Cloudflare Turnstile token for self-service public scans. Anti-abuse anchor."
    },
    "partnerOAuth2": {
      "type": "oauth2",
      "description": "Partner-API OAuth 2.0 (RFC 8414). Endpoints declared in /.well-known/oauth-authorization-server. Currently 503 / temporarily_unavailable — coming Q3 2026.",
      "flows": {
        "authorizationCode": {
          "authorizationUrl": "https://efros.com/api/oauth/authorize",
          "tokenUrl": "https://efros.com/api/oauth/token",
          "scopes": {
            "scan:start": "Start a security scan",
            "scan:status": "Read scan status",
            "scan:claim": "Claim scan report by email",
            "scan:report:read": "Read scan report PDF",
            "catalog:read": "Read public catalog"
          }
        },
        "clientCredentials": {
          "tokenUrl": "https://efros.com/api/oauth/token",
          "scopes": {
            "scan:start": "Start a security scan (server-to-server)",
            "scan:status": "Read scan status",
            "scan:claim": "Claim scan report"
          }
        }
      }
    }
  },
  "security": [
    { "turnstile": [] },
    { "partnerOAuth2": ["scan:start", "scan:status", "scan:claim"] }
  ],
  "links": {
    "terms": "https://efros.com/terms",
    "privacy": "https://efros.com/privacy",
    "skills_index": "https://efros.com/.well-known/agent-skills/index.json",
    "mcp_server_card": "https://efros.com/.well-known/mcp/server-card.json",
    "api_catalog": "https://efros.com/.well-known/api-catalog",
    "openapi": "https://efros.com/.well-known/openapi.json",
    "llms_txt": "https://efros.com/llms.txt",
    "llms_full_txt": "https://efros.com/llms-full.txt",
    "rsl": "https://efros.com/.well-known/rsl.xml",
    "security_txt": "https://efros.com/.well-known/security.txt",
    "acp": "https://efros.com/.well-known/acp.json",
    "x402": "https://efros.com/.well-known/x402.json",
    "oauth_authorization_server": "https://efros.com/.well-known/oauth-authorization-server",
    "oauth_protected_resource": "https://efros.com/.well-known/oauth-protected-resource",
    "canonical_operator": "https://efros.com/about/stefan-efros/",
    "author_identity": "https://efros.com/.well-known/author",
    "citation_file": "https://efros.com/CITATION.cff"
  }
}