Documentation

Authority infrastructure for AI agents — scoped delegation, policy enforcement, append-only audit trails, and verifiable accountability across every action.

Quick start

  1. Create an account and organization
  2. Register an agent with a required human sponsor
  3. Delegate scoped, expiring authority (action types + limits)
  4. Create an API key in the console
  5. Call evaluateAction before every agent action

Install SDK

Version 0.3.5 includes typed Core Intelligence APIs on npm with TypeScript declarations and both ESM and CommonJS entry points — @auctra/sdk

npm install @auctra/sdk
// ESM
import { Auctra } from "@auctra/sdk";

// CommonJS
const { Auctra } = require("@auctra/sdk");

Evaluate an action

import { Auctra } from "@auctra/sdk";

const auctra = new Auctra({
  apiKey: process.env.AUCTRA_API_KEY,
  // defaults to https://console.auctra.tech
});

const decision = await auctra.evaluateAction(
  {
    agentId: "your-agent-uuid",
    actionType: "send_payment",
    payload: { amount: 1200, currency: "USD" },
  },
  { idempotencyKey: crypto.randomUUID() },
);

if (decision.decision === "allowed") {
  // proceed
} else if (decision.decision === "require_approval") {
  // pause for human review
} else {
  throw new Error(decision.reason);
}

The SDK generates an idempotency key when one is not supplied. For a retried business action, persist and reuse your own stable key as shown above.

Trust infrastructure (0.3.5)

Every protected action can declare why it is happening, prove who delegated authority, and trace back to a root human-approved intent. Deterministic rules make allow/block decisions; intelligence metadata explains the trust trace.

Intent

Declare human-approved objectives. Actions must align before execution.

Authority Graph

Map delegation chains across humans, agents, tools, and services.

Root Human Intent

Verify critical actions trace to an accountable human objective.

// 1. Declare intent (console or SDK)
const { intent } = await auctra.createIntent({
  title: "Renew SaaS contracts under $500/month for Q3",
  description: "Procurement agent may renew eligible vendor subscriptions.",
});

// 2. Evaluate with trust fields
const decision = await auctra.evaluateAction({
  agentId: "your-agent-uuid",
  actionType: "send_payment",
  claimedIntentId: intent.id,
  intentAnchorToken: intent.anchor_token,
  parentActionId: "optional-parent-action-uuid",
  actor: { type: "agent", name: "Procurement Agent" },
  action: {
    target: "vendor:slack",
    description: "Renew Slack Team plan for Q3",
    riskLevel: "medium",
  },
  payload: { amount: 420, currency: "USD" },
});

console.log(decision.intelligence?.trust_summary);
// authority_valid, root_intent_valid, intent_status included in response

// 3. Inspect decision record and root intent chain
const evaluation = await auctra.getActionEvaluation(decision.action_request_id);
const chain = await auctra.getRootIntentChain(decision.action_request_id);

Plan availability

Safety decisions are never paywalled. Every plan runs deterministic policy, authority, intent, and risk checks. Plans control scale, investigation surfaces, retention, and production evidence.

CapabilityBuilderTeamBusiness
Action evaluationIncludedIncludedIncluded
Active intents350Unlimited
Authority edges10250Unlimited
Visual Authority GraphIncludedIncluded
Root Intent evidenceIncluded

Limit responses use plan_*_limit orplan_feature_unavailable and include the recommended upgrade tier.

New organizations always begin on Builder. Contact billing from the pricing page to activate Team or Business; signup parameters cannot grant paid entitlements.

Intents and authority graph

await auctra.listIntents();
await auctra.getIntent("intent-uuid");
await auctra.getAuthorityGraph();

Create intents in the console at /console/intents or via POST /v1/intents. View the authority graph at /console/authority-graph.

Delegate authority via SDK

const validUntil = new Date();
validUntil.setDate(validUntil.getDate() + 30);

await auctra.createDelegation({
  agentId: "your-agent-uuid",
  actionTypes: ["send_payment"],
  maxAmount: 500,
  currency: "USD",
  validUntil: validUntil.toISOString(),
});

REST API

Base URL: https://console.auctra.tech
Auth: Authorization: Bearer YOUR_API_KEY

POST /v1/action-requests/evaluate
GET /v1/action-requests/:id/evaluation
GET /v1/action-requests/:id/root-intent
POST /v1/actions/evaluate
POST /v1/intents · GET /v1/intents · GET /v1/intents/:id
POST /v1/authority/edges · GET /v1/authority/graph
POST /v1/agents · GET /v1/agents
POST /v1/delegations · GET /v1/delegations
POST /v1/delegations/:id/revoke
POST /v1/action-requests/:id/approve|reject|escalate
GET /v1/policies · GET /v1/audit-events
GET /v1/openapi.json
curl -X POST https://console.auctra.tech/v1/action-requests/evaluate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Idempotency-Key: YOUR_STABLE_UUID" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "your-agent-uuid",
    "action_type": "send_payment",
    "claimed_intent_id": "your-intent-uuid",
    "action": {
      "target": "vendor:slack",
      "description": "Renew Slack Team plan",
      "risk_level": "medium"
    },
    "payload": { "amount": 100, "currency": "USD" }
  }'

SDK inputs use camelCase; raw REST request bodies use snake_case. The complete machine-readable contract is available from the OpenAPI endpoint above.

Demo trust infrastructure

Load sample intents, authority edges, and trust traces in your organization from the console (Intents → Load demo data) or via CLI:

npm run seed:demo

Optional: SEED_ORG_EMAIL=you@company.com npm run seed:demo -- --force

Production behavior

Safe, bounded retries

The SDK retries transient failures only for reads and idempotent evaluations, honors Retry-After, and never retries non-idempotent writes.

Timeouts and cancellation

Configure timeoutMs and maxRetries on the client. Pass an AbortSignal to stop an evaluation and any scheduled retry.

import { Auctra, AuctraApiError } from "@auctra/sdk";

try {
  await auctra.listAgents();
} catch (error) {
  if (error instanceof AuctraApiError) {
    console.error(error.status, error.code, error.requestId, error.details);
  }
}

Typed SDK methods

The 0.3.5 client covers agents, delegations, action requests and reviews, policies, audit events, API-key metadata, and the Core Intelligence Layer (intents, authority graph, trust trace).

evaluateAction (with trust fields)
listIntents · createIntent · getIntent
getAuthorityGraph
getActionEvaluation · getRootIntentChain
listAgents · getAgent · createAgent
listDelegations · getDelegation
createDelegation · revokeDelegation
listActionRequests
approveActionRequest · rejectActionRequest
escalateActionRequest
listPolicies · createPolicy
listAuditEvents
listApiKeys

Decision outcomes

allowed

Action is within delegated authority and org policies.

require_approval

Exceeds limits or policy requires human review.

blocked

No valid delegation, expired grant, or policy blocks the action.

Append-only, tamper-evident audit trails

Once recorded, database controls reject updates and deletion. Each organization receives a serialized event sequence hash-chained to the previous record, so integrity and ordering can be verified independently.

Every record captures agent, action, policy, delegator, sponsor, approval chain, decision, and outcome — the fields enterprises need for AI governance, not just user and timestamp.

GET /v1/audit-events

// Each event includes hash + previousHash for tamper detection

10-minute launch checklist

  • ✓ Create organization and register agent with sponsor
  • ✓ Delegate authority ($500 limit, 30-day expiry)
  • ✓ Add org policy as safety net
  • ✓ Evaluate action within limit → allowed
  • ✓ Evaluate above limit → require approval
  • ✓ Approve in Authority Reviews
  • ✓ Verify audit ledger with full authority chain
  • ✓ Revoke delegation → next action blocked