Skalor — Machine-readable Reference

This page is designed for AI agents to read and act on. Every fact is in a code block or table. For programmatic consumption, fetch /llms.txt (summary) or /llms-full.txt (deep). The MCP server at mcp.skalor.xyz exposes the same primitives as native tools.

What

Skalor is open infrastructure for AI agents transacting on real money. Mandate enforces spending policy on-chain. Bureau gives every agent a signed reputation tier. Pay settles across Tempo / Base / Canton. Receipts are Ed25519-signed and verifiable offline.

Primitives

Name	What it does	Canonical URL
`Mandate`	Per-agent on-chain spending guard. Programmable per-tx, daily limit, vendor allowlist, kill switch.	/open
`Bureau`	Federated reputation primitive for AI agents. Signed records, tier AAA→CCC.	/rfc/kya-bureau-v0.1
`Pay`	Three-rail settlement engine. Tempo (PathUSD), Base (USDC), Canton (InstitutionalToken).	/docs/rails
`Receipts`	Ed25519-signed compliance receipts. Verifiable offline against published JWKS.	/verify

On-chain (Base Sepolia)

{
  "chain":      "base-sepolia",
  "chain_id":   84532,
  "rpc":        "https://sepolia.base.org",
  "factory":    "0x61FD854454e954a5B2C2844533A1fbB98eD4aA85",
  "demo_mandate": "0xB774bD25Ef8EC3D76f1E024712A6Debb95B1baC3",
  "solidity":   "0.8.24",
  "license":    "MIT",
  "source":     "https://github.com/SkalorAI/skalor-protocol"
}

API Endpoints

All endpoints under https://augvmbhpuchkqqowxmrk.supabase.co/functions/v1/. Most are public (no JWT). Authenticated endpoints expect Authorization: Bearer zc_....

Method	Path	Purpose
POST	`/authorize-intent`	Run 7 fiduciary gates + clear on a settlement rail. Returns signed receipt.
POST	`/skalor-pay`	A2A agent-to-agent settlement on Tempo / Base / Canton.
POST	`/canton-pay`	Canton Network settlement rail (flag-flipped to live ledger when configured).
GET	`/bureau?agent_id=<uuid>`	Signed bureau score receipt for an agent (by UUID).
GET	`/bureau?did=<did:key:...>`	Signed bureau score receipt for an agent (by DID).
GET	`/bureau-list`	Public registry browse.
GET	`/bureau-lookup`	Cross-org pulls (Phase B).
GET	`/bureau-crl`	Signed Certificate Revocation List of revoked agents.

SDKs

TypeScript

npm install @skalor/sdk

import { Client } from "@skalor/sdk";
const skalor = new Client({ apiKey: process.env.SKALOR_API_KEY });
const result = await skalor.authorizeIntent({
  agent_id: "<uuid>",
  amount_usd: 100,
  merchant: "vendor.example",
  intent: "Pay for monthly API quota",
});

Python

pip install skalor-sdk

from skalor import Client
client = Client(api_key=os.environ["SKALOR_API_KEY"])
result = client.authorize_spend(
    agent_id="<uuid>",
    amount_usd=100,
    merchant="vendor.example",
    intent="Pay for monthly API quota",
)

MCP Server

Skalor exposes its primitives as MCP tools so any MCP-compatible agent (Claude, Cursor, custom) can call them directly.

{
  "mcpServers": {
    "skalor": {
      "url": "https://mcp.skalor.xyz",
      "transport": "sse"
    }
  }
}

Available tools: authorize_payment · check_budget · list_vendors · get_agent_score · verify_receipt

Receipt Formats

All Skalor receipts are Ed25519-signed and use the same JWKS at /.well-known/skalor-key.json.

# Transaction attestation v1
skalor_v1.<base64url(payload)>.<base64url(ed25519_sig)>

# Transaction attestation v2 (adds Gate 0 runtime attestation)
skalor_v2.<base64url(payload)>.<base64url(ed25519_sig)>

# Bureau score receipt (per-agent KYA tier)
skalor_bureau_v1.<base64url(payload)>.<base64url(ed25519_sig)>

Verify in-browser at /verify, or share a single receipt via /receipt?r=<receipt>.

Fiduciary Gates

Every transaction through /authorize-intent passes 7 gates in order. Fail-fast: first failure denies the transaction.

#	Gate	What it checks
0	Runtime Attestation	SHA-256 of (model + system prompt + tool schema) matches agent registration.
1	Kill Switch	Agent is active and not paused.
1.5	OFAC Sanctions	Counterparty not on SDN list.
2	Vendor Allowlist	Merchant is on the agent's allowlist.
3	Per-Tx Limit	Amount ≤ configured per-transaction cap.
4	Daily Budget	Today's cumulative spend ≤ daily cap.
5	HITL	Human-in-the-loop policy satisfied (e.g. CFO co-sign).
6	Behavioral Anomaly	Statistical (Phase 1) + ML (Phase 2) anomaly scoring.

Authentication

# Request header
Authorization: Bearer zc_<key>

# Some endpoints (POST /authorize-intent) additionally require an
# ECDSA secp256k1 credential signature when agents.requires_signature = TRUE.
# Sign the canonical JSON payload with the agent's private key and pass
# the signature in the X-Skalor-Credential header.

License & Source

License:  MIT
Source:   https://github.com/SkalorAI/skalor-protocol
SDK (TS): https://github.com/SkalorAI/skalor-sdk-ts (mirror of @skalor/sdk)
SDK (Py): https://github.com/SkalorAI/skalor-sdk-py (mirror of skalor-sdk)
RFC:      https://skalor.xyz/rfc/kya-bureau-v0.1

Programmatic Consumption

If you are an automated agent and prefer plain text:

/llms.txt — summary (under 1k tokens)
/llms-full.txt — full reference (under 10k tokens)
/.well-known/skalor-key.json — JWKS for offline receipt verification

Contact

Human contact: founders@skalor.xyz. Issues: GitHub Issues.