Request lifecycle

From an unknown call to a verifiable economic event.

Every paid agent request becomes four artefacts: a verified call, a signed receipt, an audit entry, and an offline-verifiable proof bundle. Here is the full flow.

step 01POST /<provider>/dataAn agent makes a paid call against your protected endpoint. Identity evidence travels in headers; payment evidence is empty until the gateway challenges.
step 02401 UnauthorizedUnknown agent. Identity evidence missing or invalid: no wallet signature, expired VC, untrusted issuer, or missing principal mapping. The gateway returns a bounded reason; nothing reaches the upstream.
step 03402 Payment RequiredVerified, unpaid. Identity is good, policy allows the call, but the call is paid. The gateway emits a payment challenge bound to this exact request. Replay against another request is rejected.
step 04Verify proofThe agent retries with payment proof. The gateway runs verify-first / settle-once / never-retry. Production rails sit behind a triple-gate operator opt-in.
step 05200 OKVerified, paid, audited. The upstream provider sees a clean request. Response carries an X-AgentTrust-Receipt-Id header pointing at the canonical receipt.
step 06Receipt issuedEd25519 signature over the canonical receipt body. Offline-verifiable against a published public key. Receipt is also indexed in the audit chain.
step 07Audit appendedHash-chained per provider. Append-only. Postgres-backed segments + retention worker. No decision is silent.
step 08proof.bundle.v1Downloadable proof artefact. The agent's principal verifies it with pnpm proof:verify — no network call, no auth, no contact with us required.

What happens next

Choose the next stop based on what you want to wire next. Identity, payment, and proof are independent surfaces of the same gateway.