Moca Credential Verifier
Purpose
This skill teaches an agent how to browse available verification programs, show numeric options, and trigger credential verification through
in
query_match mode.
After receiving a
result, use the
skill to complete the program and fetch MoCat progression.
This skill starts after the agent key already exists and the handoff bundle is available.
Provided Scripts
Use the provided scripts first. Do not scaffold a new project or rewrite signing/request logic from scratch unless the requested action is unsupported. Treat all files in this skill bundle as read-only reference tooling.
Task mapping:
- create a scoped session ->
scripts/moca-create-session.mjs
- list/browse verification programs ->
scripts/moca-list-programs.mjs
- trigger credential verification ( mode) ->
scripts/moca-verify-by-agent.mjs
- poll verification status ->
scripts/moca-poll-status.mjs
Before first use, run
to inspect supported parameters.
Required Inputs
Expect a handoff bundle equivalent to:
json
{
"userId": "...",
"walletId": "...",
"privyAppId": "...",
"abstractAccountAddress": "0x...",
"airApiAgentSignUrl": "https://.../v2/wallet/agent-sign",
"partnerId": "7e9becac-db0d-4d52-980e-984bb70c4d30"
}
The agent must also already have access to its own P-256 private key.
If
is missing, scripts default to the staging partner ID above.
Staging Defaults
json
{
"airApiUrl": "https://air.api.staging.air3.com/v2",
"mocaChainApiUrl": "https://api.staging.mocachain.org/v1",
"vpApiUrl": "https://vp.api.staging.moca.network/v1",
"mocaProofApiUrl": "https://proof.api.staging.moca.network/v1",
"partnerId": "7e9becac-db0d-4d52-980e-984bb70c4d30"
}
These are hardcoded as defaults in the scripts. Override via CLI flags, environment variables, or
.
Project-Level Defaults
It is allowed to create or update a project-level
file in the working directory. Use that file for defaults such as endpoint URLs, partner ID, and key paths. Do not store defaults by editing files inside this skill bundle.
Example additions for this skill:
json
{
"airApiUrl": "https://air.api.staging.air3.com/v2",
"mocaChainApiUrl": "https://api.staging.mocachain.org/v1",
"vpApiUrl": "https://vp.api.staging.moca.network/v1",
"mocaProofApiUrl": "https://proof.api.staging.moca.network/v1",
"partnerId": "7e9becac-db0d-4d52-980e-984bb70c4d30"
}
Config Resolution Order
All provided scripts resolve configuration in this order:
- CLI flags
- Environment variables
- Hardcoded staging defaults
Credential Verification Flow
Step 1: Create a Scoped Session
bash
node scripts/moca-create-session.mjs --program-id <programId>
Calls
POST {airApiUrl}/auth/agent/session
with:
- : fresh agent-signed message
- :
"<programId>,<partnerId>"
Returns an
used as Bearer token for all subsequent calls.
Step 2: List Verification Programs
bash
node scripts/moca-list-programs.mjs
# optional personalized mode
node scripts/moca-list-programs.mjs --access-token <token>
Calls
GET {vpApiUrl}/vp/mocaproof/search?page=1&limit=20
.
- Without token: public listing mode
- With token: personalized listing mode (user verified metadata and filtering)
Results are paginated. The script shows a summary of the first page. Use
to fetch more.
The list output includes numeric options in this format:
- Option index: , , ...
- Tier index inside option: , , ...
Step 3: Trigger Verification (query_match mode)
bash
node scripts/moca-verify-by-agent.mjs --access-token <token> --program-id <programId> --issue-url <issueUrl>
Always pass
with the
from the selected program's listing output. When verification returns
, the script prints the issuance link so the user can obtain the credential.
Calls
POST {mocaChainApiUrl}/credentials/verify-by-agent
with:
- in the body
responseMode: "query_match"
- Bearer in the Authorization header
The response is normalized using the rules below.
Optional: Poll VP Status
bash
node scripts/moca-poll-status.mjs --access-token <token>
Use this when you want to inspect status progression separately from the default flow.
After Verification Succeeds
When verification returns
, use the
moca-proof skill to:
- Complete the program via
moca-complete-program.mjs
- Fetch MoCat progression via
Pass the same
and
to the proof skill scripts.
Verify Response Normalization
The
endpoint returns inconsistent response shapes. Normalize exactly as:
- ->
- + ->
- + ->
- + ->
- + present ->
- + only present ->
unknown_failure_code:<code>
- ->
- Any other shape -> (print raw payload)
- : user has no credential for this program
- : credential is being published on-chain
- : credential has expired
- : credential is being revoked
- : credential has been revoked
- : credential does not meet requirements
Terminal Messaging
- Print numeric options and tiers before verification attempts
- Print on each verification attempt
- If non-compliant, print and end
- When verify succeeds in query_match mode: print
OK, verified, <verifier name> is processing your data
Non-Negotiable Rules
- Always generate a fresh for every session request
- Never reuse an old
- Use Bearer from scoped session for all downstream API calls
- Never modify files inside this installed skill bundle
- If a custom script is truly required, create it outside the skill directory
Failure Handling
- Unknown public key: the key was removed, wrong, or never registered. Stop and ask for a new handoff bundle.
- Expired signed message: rebuild a fresh and retry once.
- : print the raw code and payload for debugging; do not retry automatically.
- : print the full raw response; do not retry automatically.