Documentation
Authority infrastructure for AI agents — scoped delegation, policy enforcement, append-only audit trails, and verifiable accountability across every action.
Quick start
- Create an account and organization
- Register an agent with a required human sponsor
- Delegate scoped, expiring authority (action types + limits)
- Create an API key in the console
- Call
evaluateActionbefore every agent action
Install SDK
Version 0.3.5 includes typed Core Intelligence APIs on npm with TypeScript declarations and both ESM and CommonJS entry points — @auctra/sdk
npm install @auctra/sdk
// ESM
import { Auctra } from "@auctra/sdk";
// CommonJS
const { Auctra } = require("@auctra/sdk");Evaluate an action
import { Auctra } from "@auctra/sdk";
const auctra = new Auctra({
apiKey: process.env.AUCTRA_API_KEY,
// defaults to https://console.auctra.tech
});
const decision = await auctra.evaluateAction(
{
agentId: "your-agent-uuid",
actionType: "send_payment",
payload: { amount: 1200, currency: "USD" },
},
{ idempotencyKey: crypto.randomUUID() },
);
if (decision.decision === "allowed") {
// proceed
} else if (decision.decision === "require_approval") {
// pause for human review
} else {
throw new Error(decision.reason);
}The SDK generates an idempotency key when one is not supplied. For a retried business action, persist and reuse your own stable key as shown above.
Trust infrastructure (0.3.5)
Every protected action can declare why it is happening, prove who delegated authority, and trace back to a root human-approved intent. Deterministic rules make allow/block decisions; intelligence metadata explains the trust trace.
Declare human-approved objectives. Actions must align before execution.
Map delegation chains across humans, agents, tools, and services.
Verify critical actions trace to an accountable human objective.
// 1. Declare intent (console or SDK)
const { intent } = await auctra.createIntent({
title: "Renew SaaS contracts under $500/month for Q3",
description: "Procurement agent may renew eligible vendor subscriptions.",
});
// 2. Evaluate with trust fields
const decision = await auctra.evaluateAction({
agentId: "your-agent-uuid",
actionType: "send_payment",
claimedIntentId: intent.id,
intentAnchorToken: intent.anchor_token,
parentActionId: "optional-parent-action-uuid",
actor: { type: "agent", name: "Procurement Agent" },
action: {
target: "vendor:slack",
description: "Renew Slack Team plan for Q3",
riskLevel: "medium",
},
payload: { amount: 420, currency: "USD" },
});
console.log(decision.intelligence?.trust_summary);
// authority_valid, root_intent_valid, intent_status included in response
// 3. Inspect decision record and root intent chain
const evaluation = await auctra.getActionEvaluation(decision.action_request_id);
const chain = await auctra.getRootIntentChain(decision.action_request_id);Plan availability
Safety decisions are never paywalled. Every plan runs deterministic policy, authority, intent, and risk checks. Plans control scale, investigation surfaces, retention, and production evidence.
| Capability | Builder | Team | Business |
|---|---|---|---|
| Action evaluation | Included | Included | Included |
| Active intents | 3 | 50 | Unlimited |
| Authority edges | 10 | 250 | Unlimited |
| Visual Authority Graph | — | Included | Included |
| Root Intent evidence | — | — | Included |
Limit responses use plan_*_limit orplan_feature_unavailable and include the recommended upgrade tier.
New organizations always begin on Builder. Contact billing from the pricing page to activate Team or Business; signup parameters cannot grant paid entitlements.
Intents and authority graph
await auctra.listIntents();
await auctra.getIntent("intent-uuid");
await auctra.getAuthorityGraph();Create intents in the console at /console/intents or via POST /v1/intents. View the authority graph at /console/authority-graph.
Delegate authority via SDK
const validUntil = new Date();
validUntil.setDate(validUntil.getDate() + 30);
await auctra.createDelegation({
agentId: "your-agent-uuid",
actionTypes: ["send_payment"],
maxAmount: 500,
currency: "USD",
validUntil: validUntil.toISOString(),
});REST API
Base URL: https://console.auctra.tech
Auth: Authorization: Bearer YOUR_API_KEY
curl -X POST https://console.auctra.tech/v1/action-requests/evaluate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Idempotency-Key: YOUR_STABLE_UUID" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "your-agent-uuid",
"action_type": "send_payment",
"claimed_intent_id": "your-intent-uuid",
"action": {
"target": "vendor:slack",
"description": "Renew Slack Team plan",
"risk_level": "medium"
},
"payload": { "amount": 100, "currency": "USD" }
}'SDK inputs use camelCase; raw REST request bodies use snake_case. The complete machine-readable contract is available from the OpenAPI endpoint above.
Demo trust infrastructure
Load sample intents, authority edges, and trust traces in your organization from the console (Intents → Load demo data) or via CLI:
npm run seed:demo
Optional: SEED_ORG_EMAIL=you@company.com npm run seed:demo -- --force
Production behavior
The SDK retries transient failures only for reads and idempotent evaluations, honors Retry-After, and never retries non-idempotent writes.
Configure timeoutMs and maxRetries on the client. Pass an AbortSignal to stop an evaluation and any scheduled retry.
import { Auctra, AuctraApiError } from "@auctra/sdk";
try {
await auctra.listAgents();
} catch (error) {
if (error instanceof AuctraApiError) {
console.error(error.status, error.code, error.requestId, error.details);
}
}Typed SDK methods
The 0.3.5 client covers agents, delegations, action requests and reviews, policies, audit events, API-key metadata, and the Core Intelligence Layer (intents, authority graph, trust trace).
Decision outcomes
Action is within delegated authority and org policies.
Exceeds limits or policy requires human review.
No valid delegation, expired grant, or policy blocks the action.
Append-only, tamper-evident audit trails
Once recorded, database controls reject updates and deletion. Each organization receives a serialized event sequence hash-chained to the previous record, so integrity and ordering can be verified independently.
Every record captures agent, action, policy, delegator, sponsor, approval chain, decision, and outcome — the fields enterprises need for AI governance, not just user and timestamp.
GET /v1/audit-events // Each event includes hash + previousHash for tamper detection
10-minute launch checklist
- ✓ Create organization and register agent with sponsor
- ✓ Delegate authority ($500 limit, 30-day expiry)
- ✓ Add org policy as safety net
- ✓ Evaluate action within limit → allowed
- ✓ Evaluate above limit → require approval
- ✓ Approve in Authority Reviews
- ✓ Verify audit ledger with full authority chain
- ✓ Revoke delegation → next action blocked
Auctra