Master Technical Reference · v0.5

The whole system,
candidly documented.

18 chapters. Every route, schema, mandate, rail, and gate that's actually shipped — plus what's tracked. Pick a path: developer, security, ops, or architecture.

192 Postgres tables1100+ tools

WHY THESE DOCS READ DIFFERENT

We tell you what's actually wired up.

shipped

In production right now. Pen-tested where applicable. Used in customer pipelines.

partial / known gap

Two paths exist; one is the canonical and one is being aligned. We name the bypass and link the task.

planned / tracked

Defined, scoped, in .local/tasks/. Not deployed. We don't claim it.

Example. Chapter 07 §8

The Principal-facing wallet credit endpoint POST /agents/:id/wallet/credit calls addFunds directly. It bypasses the master-balance headroom check that the admin path enforces via allocateWalletFunds + pg_advisory_xact_lock. Tracked in Chapter 17. We don't pretend it isn't.

Table of Contents

01

Product Overview & Domain Model

Actors, agent lifecycle, multi-tenant scoping, RBAC, capability cascade.

principalsclientsrbac
02

Data Model

~192 tables. agent_identities, fiat ledger, AP2 mandates, communication tables.

postgresdrizzle
03

Wallet Service

Double-entry ledger. Balance is computed, never stored. Advisory locks for headroom.

ledgeradvisory-lock
04

Funding, Top-up & Payouts

Funding paths, payout rails (ACH/SEPA/Pix/UPI/Wire/SWIFT), USDC on/off-ramps.

airwallexbridge
05

Approvals & Execution Gates

Per-txn / daily / monthly caps. Auto-approve thresholds. Force-approve admin override.

policywidget
06

Agent Portal — Frontend

React app. Magic-link OTP. 17 tabs from Overview through Settings.

reacttanstack-query
07

Agent Portal — Backend

Express routes mounted at /api/agent-portal. RBAC middleware.

expressroutes
08

Communication Channels

Per-agent phone, SMS, email, WhatsApp. Inbound routing into the unified activity feed.

agentsimagentmail
09

MCP Surface

The per-agent MCP server at /mcp/agent. JSON-RPC over HTTP.

mcpjsonrpc
10

ACP, A2A & External Tool APIs

x402, Stripe SPT, VGS card tokens. /.well-known/agent.json.

acpa2ax402
11

AP2 & Payment Rails

ES256 mandate chain: Intent → Cart → Payment. EIP-3009 USDC on Base.

ap2jwseip-3009
12

Invoice & Purchase Pipelines

Invoice ingestion, bulk upload, KYB blockers, business verification.

invoiceskyb
13

Activity & Ledger

Unified activity feed. Append-only audit. Card-level filters.

activityaudit
14

Security, Secrets & Compliance

VGS tokenization. CDP HSM. AES-256-GCM for AP2 keys. SOC2 audit trail.

vgscdppci
15

Operations

Deployment topology. Env vars. Runbooks for every common failure.

runbooksmonitoring
16

Testing & QA

AP2 smoke test exists. End-to-end suites are tracked, not yet shipped.

smoke-test
17

Roadmap & Open Work

Everything we've shipped, what's in flight, and what's tracked. Honest list.

roadmap
18

Glossary & Index

Principal vs Client. Agent vs Tenant. The terms we use, consistently.

glossary

Compare AgentWallet