aisthetic·servicesRequest lifecycle
From an unknown call to a verifiable economic event.
Every paid agent request becomes four artefacts: a verified call, a signed receipt, an audit entry, and an offline-verifiable proof bundle. Here is the full flow.
step 01POST /<provider>/dataAn agent makes a paid call against your protected endpoint. Identity evidence travels in headers; payment evidence is empty until the gateway challenges.
step 02401 UnauthorizedUnknown agent. Identity evidence missing or invalid: no wallet signature, expired VC, untrusted issuer, or missing principal mapping. The gateway returns a bounded reason; nothing reaches the upstream.
step 03402 Payment RequiredVerified, unpaid. Identity is good, policy allows the call, but the call is paid. The gateway emits a payment challenge bound to this exact request. Replay against another request is rejected.
step 04Verify proofThe agent retries with payment proof. The gateway runs verify-first / settle-once / never-retry. Production rails sit behind a triple-gate operator opt-in.
step 05200 OKVerified, paid, audited. The upstream provider sees a clean request. Response carries an
X-AgentTrust-Receipt-Id header pointing at the canonical receipt.step 06Receipt issuedEd25519 signature over the canonical receipt body. Offline-verifiable against a published public key. Receipt is also indexed in the audit chain.
step 07Audit appendedHash-chained per provider. Append-only. Postgres-backed segments + retention worker. No decision is silent.
step 08proof.bundle.v1Downloadable proof artefact. The agent's principal verifies it with
pnpm proof:verify, no network call, no auth, no contact with us required.step 09Browser-side verifyAnyone with the receipt JSON can paste it at
aisthetic.services/verify. WebCrypto Ed25519 verification runs entirely client-side, pasted receipt never leaves the browser. Same algorithm as the offline CLI; same public-key directory at /v1/signing-keys/public.step 10Receipt detail / provider profileEvery receipt id lands at
/r?id=<receipt-id> with bounded field grid + browser-side verify. Provider activity surfaces at /p?slug=demo (or /p?slug=sandbox via the M106 alias), recent receipts table + embed-snippet generator.step 11Embed badgeProvider drops
<script src="…/embed-v2.js" data-provider="…"> on their page. Animated “Verified by AgentTrust” badge auto-mounts; static <img> form available for CSP-strict hosts. SRI hash recipe at /embed-demo.step 12Posture snapshotPilot recipients hit
sandbox.aisthetic.services/v1/status for a single bounded JSON snapshot, sandbox status, mainnet canary outcome, external verification level, billing readiness, pilot stage, and the canonical “does not claim” caveat list, all in a parsable shape. Schema agenttrust.public_status.v1.What happens next
Choose the next stop based on what you want to wire next. Identity, payment, and proof are independent surfaces of the same gateway.
- Agent identity, wallet, DID, VC, registry evidence.
- Payment lifecycle, HTTP 402, x402, verify-first.
- Receipts & proof, Ed25519 signing, proof bundle, offline verifier.
- Audit & SIEM, hash chain, Splunk / Elastic / webhook delivery, retention.