What we shipped.
What's in flight. What's tracked.
A live record. Every shipped feature has a date. Every in-flight item has an owner. Every planned item has a scope. We don't ship vapor and we don't market it either.
Recent shipments
What landed in the last 90 days.
Master Technical Reference v0.5
Full rewrite of the technical reference. 17 chapters covering every shipped subsystem, cross-referenced to source. Honest disclosures of known gaps. Published as the public source of truth.
Per-agent x402 wallet auto-topup
An agent's USDC wallet now auto-tops from the master CDP wallet when it falls below cryptoAutoTopupThresholdUsdc — by default 0.10 USDC, refilled to cryptoAutoTopupAmountUsdc (1.00 USDC). No more "your agent stalled mid-task because it ran out of gas."
New columns on agent_identities: cryptoAutoTopupEnabled, cryptoAutoTopupAmountUsdc, cryptoAutoTopupThresholdUsdc.
Top-up runs inside the same x402.send_usdc path; no separate cron.
AP2 mandate audit table + strict alg verification
Every sign / verify / execute now writes to ap2_mandate_audit with full claims snapshot. jwtVerify calls explicitly pin algorithms: ['ES256']; alg: 'none' and HS-confusion are structurally rejected.
Unified Activity feed in Agent Portal
Single timeline in the portal merging seven sources: ledger, payouts, card transactions, inbox, outbox, MCP tool calls, mandate audit. Card-level filter ships at the same time.
Magic-link OTP for Principal portal
Replaces password auth. 6-digit code via email. 30-day session, sliding rotation. Old password rows soft-deleted.
x402 EIP-3009 sign roundtrip — partial
Working on Base Sepolia. Mainnet flow validated against three counter-merchants but not yet GA. Known limit: we still rate-limit per-merchant during the rollout window.
Stripe SPT issuance for ACP card path
Per-cart Shared Payment Tokens — single-use, merchant-scoped, amount-bound. Logged to acp_spt_issuances. Replaces the long-lived card-token fallback for Stripe-supported merchants.
verifyAgentAccess RBAC matrix
All /api/agent-portal/* routes now run through one middleware. 6-role × 12-endpoint test matrix shipped. No route bypasses the gate.
AgentSim + AgentMail provisioning
Replaces Twilio with AgentSim for phone/SMS. AgentMail handles inbound + outbound email. Channel provisioning is now a single transaction inside provisionAgentIdentity.
Roadmap
Three quarters out. Scoped, not promised.
Anything below the line marked "tracked" has a task in .local/tasks/ with an owner and a target window. Anything labeled "exploratory" is exactly that — we're investigating, not committing.
Q2 2026 · in flight
Q3 2026 · planned
Q4 2026 · exploratory
Glossary
Terms we use, consistently.
Every word below appears repeatedly in the docs. We mean exactly this — not the slightly different thing the rest of the industry sometimes means.
Agent
A row in agent_identities. Has an identity, a wallet, optional channels, optional card, optional crypto wallet. Authenticated by a pak_… key. Distinct from a Principal: an agent acts, a Principal authorizes.
Principal
A human (or admin role) who owns one or more agents and authorizes their spending. Signs IntentMandates. Acts via the Agent Portal — never via the agent's API key.
Tenant / Client
A client organization. A row in clients. Owns Principals, agents, the master fiat balance, the master CDP wallet, and the banking-provider configuration. Multi-tenancy is enforced at every storage call.
Wallet
The fiat balance for one agent, computed live from agent_wallet_transactions. Never stored as a column. Distinct from the agent's crypto wallet.
Master balance
The client-level fiat pool from which every agent's wallet allocates. Headroom check is the SERIALIZABLE invariant that prevents over-allocation.
AP2
Agent Payments Protocol. ES256-signed JWS chain: IntentMandate → CartMandate → PaymentMandate. Provides cryptographic proof of authorization for every payment.
x402
HTTP 402 Payment Required protocol. Merchant returns an offer; agent signs an EIP-3009 USDC transferWithAuthorization on Base; replays request with signed auth in X-PAYMENT header.
SPT
Stripe Shared Payment Token. Single-use, merchant-scoped, amount-bound payment token. The card-rail equivalent of an x402 authorization.
VGS alias
A token (tok_card_…) that VGS swaps for a real PAN at the network edge. We hold the alias; the PAN never enters our application.
Mandate
A signed JWS authorizing a specific kind of action. Three types: Intent (Principal-signed envelope), Cart (agent-signed line items), Payment (agent-signed final transfer).
Approval (widget)
A pending agent action that exceeded a velocity cap. Held in an in-memory Map. Resolved by Principal via portal widget, SMS callback, or email callback. Force-approvable by admin with audit.
MCP
Model Context Protocol. JSON-RPC over HTTP. Per-agent endpoint at /mcp/agent (~15 tools) authenticated by the agent's pak_… key. Drop into Claude Desktop, Cursor, or any MCP-compatible client.
ACP
Agent Commerce Protocol. The umbrella for outbound merchant payments — covers x402, SPT issuance, and VGS card-token issuance.
A2A
Agent-to-Agent. Direct discovery and message exchange between two agents via /.well-known/agent.json. Distinct from ACP (which is agent-to-merchant).
Rail
An outbound payment route. Fiat rails: ACH, SEPA, Pix, UPI, Wire, SWIFT (via Airwallex). Crypto rails: USDC on Base. Card rail: Stripe SPT or VGS card token.
Capability cascade
Four-layer effective-permission resolution: banking API → product enabled → per-agent rails + countries → routing source. The intersection is the agent's actual rail set.
Append-only
Tables our application code only ever INSERTs into. Listed in Security → Audit. Postgres role-level REVOKE is the durable layer; environment-policy enforcement is tracked.
pak_…
Per-agent API key prefix. Returned once at creation or rotation. SHA-256 fingerprint stored. Constant-time compared on every request.
did:agentwallet:
The DID method we use as iss in AP2 JWSes. Resolves to the agent's discovery document at the agent's primary domain.
One email per shipped chapter.
No marketing. No "sneak peek." Only when something lands in production with a version tag, a date, and a paragraph.