Skip to main content
The Prometheus App Store is your central hub for discovering services to integrate with your AI agent. But it’s more than just a search engine; it’s a transparent, on-chain registry that allows you to verify the security and quality of any service before you use it.

From Discovery to Certificate

After browsing the App Store and clicking on a service, you’ll land on its App Info page. The most important feature here is the Prometheus Certificate, which you can access by clicking the “view certificate” link under the verification badge. This certificate is the immutable, on-chain proof of the service’s quality and security.

Anatomy of a Prometheus Certificate

The certificate page provides a detailed breakdown of the service’s audit results. Let’s break down what you’re seeing.
When evaluating a certificate, focus on these key areas:
  1. Verification Tier: The badge at the top represents the service’s overall level of trust, based on the audits it has passed.
    • Gold: The highest tier. The service has a reproducible build and has passed all declarative audits, including App Information, Tools & Dependencies, and Data Safety.
    • Silver: A high level of trust. The service has a reproducible build and has passed audits for App Information and Tools & Dependencies.
    • Bronze: The foundational tier of trust. The service has a reproducible build and has passed the App Information audit.
    • Unranked: The service has not yet passed the minimum audits required for a Bronze tier.
  2. Audit Checklist: This section shows the status of individual, declarative audits. A service must pass a specific combination of these to achieve a verification tier.
    • Build Reproducibility: Verifies that the deployed canister was built from the claimed source code. This is the cornerstone of on-chain trust and is required for any tier.
    • App Information: Confirms the accuracy of the app’s name, description, and publisher details.
    • Tools & Dependencies: Verifies the tools, libraries, and dependencies used in the application.
    • Data Safety: Assesses how the application collects, uses, and shares user data.
  3. Cryptographic Provenance: This is the core of the on-chain trust. It provides a verifiable link between the source code, the compiled code, and the running service.
    • Wasm Hash: The unique cryptographic fingerprint of the compiled code that was audited and deployed.
    • Git Commit: The specific commit hash from the source code repository that corresponds to the deployed Wasm. You can click “View Commit on GitHub” to inspect the exact source code that was audited.
    • Canister ID: The on-chain address of the live, running service.
A strong Prometheus Certificate, with a high verification tier and complete provenance data, is your guarantee that the service you’re about to use is exactly what it claims to be.
After you’ve discovered a service and verified its trustworthiness, the next step is to connect to it. If the service requires payment or authentication, you’ll need to generate credentials to connect.
I