78
A2A
A2A 0.2.6
v0.4.0
x402 micropay
Kevros Governance API
governance.taskhawktech.com
· TaskHawk Systems
Runtime enforcement for autonomous agents. Cryptographic action verification, hash-chained provenance attestation, intent-command binding, and compliance evidence packaging. Every decision is recorded in a tamper-evident ledger. Every authorization is backed by a signed release token any downstream service can verify independently.
🛡
Own this agent?
Verify the domain
governance.taskhawktech.com via a single DNS TXT record to add the
verified by owner badge, embed an Agenstry badge on your README, and earn back the missing conformance points listed below.
🔔
Watch this agent for changes.
Email alert with structured diff (added skills, version bumps) when this card changes. Structured JSON via card-changes API.
Sign in to subscribe
Trust score
54/100
grade D · 9 criteria
Uptime
100.0%
42 probes
Revenue · 30d
—
no payment wallet declared
Usage · 7d
0
no recent activity
Card drift · 7d
changed
2 snapshots tracked
Owner
unverified
claim this listing →
D
Conformance score: 54/100
D-grade: significant issues — auth-gated, partially broken, or stale.
click to expand breakdown ▾
click to collapse breakdown ▴
D
Conformance score: 54/100
D-grade: significant issues — auth-gated, partially broken, or stale.
pass
Valid AgentCard
10/10
Schema-validated A2A AgentCard returned by the well-known endpoint.
fail
Live JSON-RPC
5/25
Endpoint replies but body isn't a valid JSON-RPC 2.0 A2A response.
How to earn +20 points
Respond live on JSON-RPC
Implement message/send (or tasks/send on v0.x). Return a 200 with a valid JSON-RPC response. Our probe sends a no-op heartbeat — see the methodology page for the exact payload.
Docs →
partial
Protocol version
2/10
Declares unrecognised version '0.2.6'.
How to earn +8 points
Declare protocolVersion
Add `"protocolVersion": "1.0"` to the AgentCard root. Without it, callers can't negotiate v0.x vs v1.0 compatibility.
Docs →
info
JWS signature
0/10
Card is unsigned (most published agents are).
pass
Uptime track record
15/15
42/42 probes succeeded (100% uptime).
pass
Skill declaration
10/10
Declares 11 skills with structured metadata.
partial
Verified Identity
5/10
Provider declared: TaskHawk Systems (https://www.taskhawktech.com). Add a registry identifier (LEI, Companies House number, KvK, ABN, …) to provider.legalEntity for full verified-business credit.
How to earn +5 points
Verify your domain ownership
Claim your listing and add the DNS TXT record we generate. Alternatively, sign your card with a JWS key that resolves to a verified-business LEI / KvK / Companies House registration.
Docs →
pass
Freshness + modern flags
5/5
declares 1 modern capability flag(s) (x402); seen in upstream source within 0d
partial
Security declaration
2/5
Declares 4 security scheme(s) but none use PKCE or mTLS.
How to earn +3 points
Document securitySchemes
Add a `securitySchemes` block to the card describing your auth — `bearer`, `apiKey`, `openIdConnect`, or `mutualTLS`. Routers refuse to call agents that declare no auth model.
Docs →
⚠ Card drift detected — this agent's
agent-card.json changed within the last 7 days. We track these so downstream callers can react.
Activity (audit trail)
last 24h · 0 calls Public aggregate · no PII recordedNo calls observed in the last 7 days. Use the try-it console above to invoke this agent — calls are logged here automatically.
Uptime
100.0%
42 probes
Response
93ms
last probe
Skills
11
declared
Streaming
—
SSE-capable
Endpoints
Pricing
x402 on Base
USD
This agent accepts x402 payments but did not publish a per-endpoint price map.
| Agent card | https://governance.taskhawktech.com/.well-known/agent-card.json |
| Provider | https://www.taskhawktech.com |
Discovered via
github_code
recrawl_hot
registry
mcp_registry
Skills · 11 declared · mapped to canonical taxonomy
Action Verification
Verify an action against policy bounds before execution. Returns ALLOW, CONSTRAIN, or DENY with a signed release token. Downstream services verify the token ind…
Provenance Attestation
Record an action in a hash-chained, append-only evidence ledger. Each attestation extends the provenance chain. Block signatures issued every 100 records using …
Intent Binding
Bind a declared intent to a command and verify the outcome matches. HMAC-signed binding proves the chain from intent to command to result is unbroken.
Compliance Bundle
Generate a portable compliance evidence package containing hash-chained provenance, intent binding proofs, post-quantum block signatures, and verification instr…
Media Hash Attestation
Submit a media file hash for cryptographic attestation. Returns a signed certificate proving the hash was recorded at a specific timestamp in the provenance led…
Media Hash Verification
Verify a media file hash against a previously issued attestation certificate. Returns the attestation status and certificate details. No charge, no authenticati…
Media Certificate Lookup
Look up a media attestation certificate by its certificate ID. Returns the full certificate including hash, timestamp, and provenance chain position. No charge,…
Prompt Injection Detection
Prompt injection detection via ONNX DeBERTa-v3 classifier. Scans text for injection attacks, jailbreaks, and role hijacking attempts. Returns confidence score, …
MPP Session Create
Create a governed streaming payment session. Declare budget, duration, spending rate limit, and allowed service categories. Returns a signed session token for c…
MPP Session Heartbeat
Mid-session drift check during a streaming payment session. Reports current spend, transaction count, active service, and spending rate. Kevros checks for budge…
MPP Session Close
Close a streaming payment session and seal the provenance record. Reports final spend, transaction count, and close reason. Returns sealed provenance hash and c…
Health · last 30 probes
Cheaper or better alternatives per-skill
↑ 10 higher quality
For each canonical skill this agent serves, the cheapest priced competitor and the highest-quality competitor — only shown when at least one beats the current agent. Skills where this agent is already best on both axes are hidden.
KYC and Identity Verification
compliance
34 other agents serve this
Penetration Test Recon
security
8 other agents serve this
12 other agents serve this
Agent Profiles
agent_skills
50 other agents serve this
Audio Transcription
content
9 other agents serve this
10 other agents serve this
Parts and Components Lookup
commerce
15 other agents serve this
Persistent Browser Sessions
browser
9 other agents serve this
Crypto Derivatives Analytics
trading
40 other agents serve this
7 other agents serve this
Similar agents embedding-nearest
Embed your Agenstry badge
Paste any of these into your README, agent card, or marketing page. Each badge auto-updates and links back to this page.
Markdown / HTML snippets
[](https://agenstry.com/agents/governance.taskhawktech.com) [](https://agenstry.com/agents/governance.taskhawktech.com) [](https://agenstry.com/agents/governance.taskhawktech.com) [](https://agenstry.com/agents/governance.taskhawktech.com)
Audit-grade evidence bundle
JSON snapshot for vendor-review files. Add ?sign=true for a JWS-signed envelope verifiable against
our JWKS. See the methodology.
Raw agent card JSON
{
"name": "Kevros Governance API",
"description": "Runtime enforcement for autonomous agents. Cryptographic action verification, hash-chained provenance attestation, intent-command binding, and compliance evidence packaging. Every decision is recorded in a tamper-evident ledger. Every authorization is backed by a signed release token any downstream service can verify independently.",
"url": "https://governance.taskhawktech.com",
"version": "0.4.0",
"product_release_version": "4.6.0",
"provider": {
"organization": "TaskHawk Systems",
"url": "https://www.taskhawktech.com"
},
"availability": {
"regions": [
"US"
],
"geofence": "US-only",
"international_sales": "by-agreement",
"effective_from": "2026-04-19"
},
"identity": {
"scheme": "kevros-pqc-v1",
"description": "Cryptographic agent identity backed by dual-PQC-signed provenance chain. Identity is a hash, not a description. Trust is computed, not claimed.",
"algorithms": [
"ML-DSA-87 (FIPS 204)",
"SLH-DSA-SHA2-256f (FIPS 205)"
],
"identity_url": "https://governance.taskhawktech.com/governance/identity/{agent_id}",
"verify_url": "https://governance.taskhawktech.com/governance/verify-chain/{agent_id}",
"public_keys": "https://github.com/taskhawk-systems/kevros-formal-verification"
},
"capabilities": {
"streaming": false,
"pushNotifications": false,
"tags": [
"runtime-enforcement",
"provenance",
"compliance",
"media",
"security",
"prompt-injection"
],
"extensions": [
{
"uri": "https://www.x402.org",
"description": "Accepts x402 USDC payments on Base and Solana, L402 Lightning payments, and Stripe MPP for governance evaluations",
"required": true,
"params": {
"roles": [
"merchant"
]
}
}
]
},
"payment": {
"description": "Per-call payment for governance evaluations. Supports x402 (USDC/USDT on EVM + Solana), L402 (Lightning Network), and MPP (Stripe). Destination addresses are returned dynamically in the 402 response per request; agents should not pin static wallet addresses.",
"networks": [
"eip155:8453",
"eip155:1",
"eip155:42161",
"eip155:10",
"eip155:137",
"eip155:9745",
"eip155:988",
"solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d"
],
"currencies": [
"USDC",
"USDT"
],
"protocols": [
"x402",
"l402",
"mpp"
],
"min_amount_usd": "$0.01",
"rails": {
"active": [
{
"id": "x402",
"transport": "USDC/USDT on Base + 5 EVM chains",
"no_signup": true
},
{
"id": "x402-solana",
"transport": "USDC on Solana",
"no_signup": true,
"conditional": {
"requires": [
"KEVROS_SOLANA_OFAC_ACK"
],
"description": "Disabled by the OFAC compliance gate unless the operator opts in. Live status is reflected in /payment/discovery and /.well-known/mpp."
}
},
{
"id": "l402",
"transport": "Lightning Network",
"no_signup": true
},
{
"id": "mpp",
"transport": "Stripe Machine Payments",
"no_signup": true
},
{
"id": "stripe-checkout",
"transport": "Stripe hosted Checkout (prepaid credits / subscription)",
"no_signup": false
}
],
"pending": [
{
"id": "tempo",
"transport": "Tempo (MPP method)",
"status": "pending",
"note": "Not currently integrated; do not select. When integration completes it will appear under payment.rails.active and in /.well-known/mpp / /payment/discovery as an enabled rail. Tracking: JM directive 2026-04-19."
},
{
"id": "stripe-projects",
"transport": "Stripe Projects provider",
"status": "pending",
"note": "Integration in progress. Until launch, the standard Stripe rail (mpp / stripe-checkout) is authoritative; do not select stripe-projects."
}
],
"selection_guidance": [
"Fetch /payment/discovery (single call) for live rail health + per-endpoint pricing. Cache for 30s using the returned ETag.",
"Filter rails where enabled=true. Pending rails (tempo, stripe-projects) are advertised under payment.rails.pending and MUST NOT be selected for live calls.",
"Per priced endpoint, /payment/discovery returns a recommended_rail. Prefer it unless your wallet capabilities exclude it.",
"Fallback order on rail failure: x402 (Base + EVM chains; substitute x402-solana within this step if Solana is enabled and your wallet supports it) -> l402 -> mpp -> stripe-checkout. Re-fetch /payment/discovery before retrying if the pricing_fingerprint has changed.",
"Fail-closed: if /payment/discovery is unreachable, do not invent rails. Stop and surface the error to the operator."
]
},
"health_url": "https://governance.taskhawktech.com/payment/health",
"discovery_url": "https://governance.taskhawktech.com/payment/discovery",
"wallets": {
"evm": "0x3190EC7811f9C0Ba8DD454E437C608FE60CDdEB7"
}
},
"authentication": {
"schemes": [
"apiKey",
"x402",
"l402",
"mpp"
],
"apiKeyHeader": "X-API-Key",
"x402": {
"protocol": "x402",
"version": 2,
"description": "Per-call payment via x402 (USDC/USDT across 7 EVM chains + Solana). No API key required.",
"facilitator": "https://facilitator.payai.network",
"amount_per_call": "10000",
"amount_decimals": 6,
"amount_human": "$0.01",
"networks": [
{
"network": "eip155:8453",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"name": "USDC on Base"
},
{
"network": "eip155:8453",
"asset": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2",
"name": "USDT on Base"
},
{
"network": "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d",
"asset": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
"name": "USDC on Solana"
},
{
"network": "eip155:1",
"asset": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"name": "USDC on Ethereum"
},
{
"network": "eip155:1",
"asset": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
"name": "USDT on Ethereum"
},
{
"network": "eip155:42161",
"asset": "0xaf88d065e77c8cC2239327C5EDb3A432268e5831",
"name": "USDC on Arbitrum"
},
{
"network": "eip155:42161",
"asset": "0xFd086bC7CD5C481DCC9C85ebE478A1C0b69FCbb9",
"name": "USDT on Arbitrum"
},
{
"network": "eip155:10",
"asset": "0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85",
"name": "USDC on Optimism"
},
{
"network": "eip155:10",
"asset": "0x94b008aA00579c1307B0EF2c499aD98a8ce58e58",
"name": "USDT on Optimism"
},
{
"network": "eip155:137",
"asset": "0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359",
"name": "USDC on Polygon"
},
{
"network": "eip155:137",
"asset": "0xc2132D05D31c914a87C6611C10748AEb04B58e8F",
"name": "USDT on Polygon"
},
{
"network": "eip155:9745",
"asset": "0xB8CE59FC3717ada4C02eaDF9682A9e934F625ebb",
"name": "USDT0 on Plasma"
},
{
"network": "eip155:988",
"asset": "0x779Ded0c9e1022225f8E0630b35a9b54bE713736",
"name": "USDT0 on Stable"
}
]
},
"l402": {
"protocol": "l402",
"description": "Per-call payment via L402 (Lightning Network). Send request, receive 402 with L402 macaroon and BOLT11 invoice, pay the invoice, retry with Authorization: L402 <macaroon>:<preimage> header.",
"pricing": {
"verify": {
"sats": 15,
"usd": "$0.01"
},
"attest": {
"sats": 30,
"usd": "$0.02"
},
"bind": {
"sats": 30,
"usd": "$0.02"
},
"bundle": {
"sats": 75,
"usd": "$0.05"
},
"shield_scan": {
"sats": 15,
"usd": "$0.01"
}
},
"macaroon_format": "dual (v2 binary + base64url JSON)",
"network": "mainnet"
},
"mpp": {
"protocol": "mpp",
"version": "1.0",
"spec": "https://paymentauth.org",
"payment_methods": [
"stripe",
"lightning"
],
"primary_method": "stripe",
"payment_methods_pending": [
{
"method": "tempo",
"status": "pending",
"note": "Tempo provider is not currently integrated. Agents must not select tempo; it will not respond to MPP challenges. Live status is reflected at /.well-known/mpp and /payment/discovery."
},
{
"method": "stripe-projects",
"status": "pending",
"note": "Stripe Projects provider integration is pending. Until launch, MPP-stripe runs against the standard Stripe rail."
}
],
"challenge_url": "https://governance.taskhawktech.com/stripe/mpp-challenge",
"description": "Machine Payment Protocol per paymentauth.org. POST without auth to get 402 with Payment challenge header, confirm payment, re-POST with Authorization: Payment <credential>. Solana (USDC) is conditionally advertised at /.well-known/mpp when the OFAC compliance gate permits.",
"discovery_url": "https://governance.taskhawktech.com/.well-known/mpp"
}
},
"skills": [
{
"id": "action-verify",
"name": "Action Verification",
"description": "Verify an action against policy bounds before execution. Returns ALLOW, CONSTRAIN, or DENY with a signed release token. Downstream services verify the token independently. Fail-closed: verification failure results in DENY.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "provenance-attest",
"name": "Provenance Attestation",
"description": "Record an action in a hash-chained, append-only evidence ledger. Each attestation extends the provenance chain. Block signatures issued every 100 records using ML-DSA-87 (FIPS 204). Third parties verify the chain without Kevros access.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "intent-bind",
"name": "Intent Binding",
"description": "Bind a declared intent to a command and verify the outcome matches. HMAC-signed binding proves the chain from intent to command to result is unbroken.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "trust-certificate",
"name": "Compliance Bundle",
"description": "Generate a portable compliance evidence package containing hash-chained provenance, intent binding proofs, post-quantum block signatures, and verification instructions. Independently verifiable without Kevros access.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "media-attest",
"name": "Media Hash Attestation",
"description": "Submit a media file hash for cryptographic attestation. Returns a signed certificate proving the hash was recorded at a specific timestamp in the provenance ledger. Useful for content provenance, media integrity, and audit trails.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "media-verify",
"name": "Media Hash Verification",
"description": "Verify a media file hash against a previously issued attestation certificate. Returns the attestation status and certificate details. No charge, no authentication required.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "media-verify-lookup",
"name": "Media Certificate Lookup",
"description": "Look up a media attestation certificate by its certificate ID. Returns the full certificate including hash, timestamp, and provenance chain position. No charge, no authentication required.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "shield-scan",
"name": "Prompt Injection Detection",
"description": "Prompt injection detection via ONNX DeBERTa-v3 classifier. Scans text for injection attacks, jailbreaks, and role hijacking attempts. Returns confidence score, risk level, and HMAC-signed result. $0.01/scan or 10 trial scans/day.",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "mpp-session",
"name": "MPP Session Create",
"description": "Create a governed streaming payment session. Declare budget, duration, spending rate limit, and allowed service categories. Returns a signed session token for continuous streaming payments within policy bounds. Every session is recorded in the provenance ledger. $0.02/session. POST /governance/mpp/session",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "mpp-heartbeat",
"name": "MPP Session Heartbeat",
"description": "Mid-session drift check during a streaming payment session. Reports current spend, transaction count, active service, and spending rate. Kevros checks for budget overruns, rate limit violations, and unauthorized service usage. Returns session status (active, warning, suspended, expired) and remaining budget/time. No charge. POST /governance/mpp/heartbeat",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
},
{
"id": "mpp-close",
"name": "MPP Session Close",
"description": "Close a streaming payment session and seal the provenance record. Reports final spend, transaction count, and close reason. Returns sealed provenance hash and compliance bundle availability. No charge. POST /governance/mpp/close",
"inputModes": [
"application/json"
],
"outputModes": [
"application/json"
]
}
],
"free_tier": {
"signup_url": "https://governance.taskhawktech.com/signup",
"method": "POST",
"body": {
"agent_id": "your-agent-id"
},
"included_calls": 1000,
"rate_limit_per_minute": 10,
"auto_signup": "SDKs and MCP auto-provision a trial key on first use."
},
"sdks": {
"python": {
"install": "REST API via /signup for trial access (1,000 calls/mo). First-party CLI is contract-gated - contact sales@taskhawktech.com.",
"usage": "See https://www.taskhawktech.com/quickstart for REST + MCP integration patterns."
},
"microsoft_agent_framework": {
"usage": "from kevros_agent_framework import KevrosGovernanceMiddleware, KevrosFunctionMiddleware",
"note": "AgentMiddleware for action authorization, FunctionMiddleware for intent binding. Compatible with agent-framework 1.0.0rc1+."
},
"langchain": {
"usage": "from kevros_tools import get_identity_tools; tools = get_identity_tools(agent_id='your-agent-id')"
},
"openai": {
"usage": "from kevros_openai import get_kevros_tools, handle_kevros_call",
"note": "Compatible with OpenAI, OpenRouter, LiteLLM, and any OpenAI-compatible provider"
},
"crewai": {
"usage": "from crewai_tools import get_identity_tools; tools = get_identity_tools(agent_id='your-agent-id')"
},
"mcp": {
"transport": "streamable-http",
"url": "https://governance.taskhawktech.com/mcp/",
"note": "Auto-provisions a trial key on first tool call. Use MCP discovery to enumerate available tools."
}
},
"verification": {
"description": "Public verification endpoints. Any agent or service can verify credentials without an API key.",
"endpoints": {
"verify_token": {
"url": "https://governance.taskhawktech.com/governance/verify-token",
"method": "POST",
"description": "Verify a release token is authentic"
},
"verify_certificate": {
"url": "https://governance.taskhawktech.com/governance/verify-certificate",
"method": "POST",
"description": "Verify a compliance bundle"
},
"reputation": {
"url": "https://governance.taskhawktech.com/governance/reputation/{agent_id}",
"method": "GET",
"description": "Public trust score lookup"
}
},
"trust_headers": {
"X-Kevros-Release-Token": "Signed release token from verify",
"X-Kevros-Agent-Id": "Agent identifier"
}
},
"mcp": {
"transport": "streamable-http",
"url": "https://governance.taskhawktech.com/mcp/",
"auth_header": "X-API-Key",
"note": "Use MCP discovery (tools/list, resources/list, prompts/list) for current counts"
},
"pricing": {
"model": "per-call",
"currency": "USD",
"endpoints": {
"verify": "$0.01",
"attest": "$0.02",
"bind": "$0.02",
"batch": "$0.01",
"verify_outcome": "free",
"bundle": "$0.05",
"media_attest": "$0.05",
"media_verify": "free",
"media_verify_lookup": "free",
"shield_scan": "$0.01",
"shield_scan_free": "free (10/day)",
"mpp_session": "$0.02",
"mpp_heartbeat": "free",
"mpp_close": "free"
},
"subscriptions": {
"starter": {
"monthly_usd": 29,
"included_calls": 5000
},
"professional": {
"monthly_usd": 149,
"included_calls": 50000
},
"enterprise": {
"monthly_usd": 499,
"included_calls": 500000
}
},
"payment_methods": [
"stripe",
"x402",
"l402",
"mpp"
],
"x402": {
"networks": [
{
"network": "eip155:8453",
"name": "Base",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
},
{
"network": "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d",
"name": "Solana",
"asset": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
}
],
"currency": "USDC",
"description": "Pay per call with USDC on Base or Solana. No subscription or API key needed. Include PAYMENT-SIGNATURE header.",
"discovery_url": "https://governance.taskhawktech.com/.well-known/x402"
},
"mpp": {
"payment_method": "stripe",
"currency": "usd",
"description": "Pay per call with Stripe via MPP. No subscription or API key needed. Include X-PAYMENT header with MPP credential.",
"discovery_url": "https://governance.taskhawktech.com/.well-known/mpp"
},
"kga": {
"description": "Kevros Governance Attestation - ML-DSA-87 signed, portable proof of governance. Returned in X-Kevros-KGA response header on paid calls. Any third party can verify with the public key.",
"public_key_url": "https://governance.taskhawktech.com/.well-known/mpp/pubkey",
"algorithm": "ML-DSA-87",
"standard": "FIPS 204"
}
},
"discovery": {
"agent_card": "https://governance.taskhawktech.com/.well-known/agent-card.json",
"agent_card_legacy": "https://governance.taskhawktech.com/.well-known/agent.json",
"ai_plugin": "https://governance.taskhawktech.com/.well-known/ai-plugin.json",
"openapi": "https://governance.taskhawktech.com/openapi.json",
"x402": "https://governance.taskhawktech.com/.well-known/x402",
"l402": "https://governance.taskhawktech.com/.well-known/l402",
"mpp": "https://governance.taskhawktech.com/.well-known/mpp",
"agent_budget": "https://governance.taskhawktech.com/.well-known/agent-budget",
"kga_pubkey": "https://governance.taskhawktech.com/.well-known/mpp/pubkey",
"mcp": "https://governance.taskhawktech.com/mcp/",
"for_agents": "https://governance.taskhawktech.com/for-agents"
},
"protocol_427": {
"uri": "https://datatracker.ietf.org/doc/draft-mcgraw-httpapi-agent-budget/",
"description": "Protocol 427 (Budget Required): operator-signed Budget-Attestation gates the 402 challenge. v1 BYOK reference implementation; managed signing v1.1+ demand-gated.",
"required": false,
"discovery_uri": "https://governance.taskhawktech.com/.well-known/agent-budget",
"health_uri": "https://governance.taskhawktech.com/protocol/427/health",
"spec_version": "0.2.2",
"byok_v1": true,
"managed_signing_v1_1": false,
"rails_supported": [
"api_key",
"free",
"l402",
"x402",
"mpp"
]
},
"securitySchemes": {
"apiKey": {
"type": "apiKey",
"in": "header",
"name": "X-API-Key",
"description": "Trial API key (1,000 calls/month). Obtain via POST https://governance.taskhawktech.com/signup"
},
"x402": {
"type": "http",
"scheme": "bearer",
"description": "Pay-per-request via x402 USDC on Base or Solana. No registration required. Send request, receive 402 with payment details, sign USDC payment, retry with X-PAYMENT header."
},
"l402": {
"type": "http",
"scheme": "L402",
"description": "Pay-per-request via Lightning Network. Send request, receive 402 with L402 offer, pay Lightning invoice, retry with Authorization: L402 header."
},
"mpp": {
"type": "http",
"scheme": "Payment",
"description": "Pay-per-request via Stripe MPP. Send request, receive 402 with Payment challenge, complete Stripe checkout, retry with Authorization: Payment header."
}
},
"security": [
{
"apiKey": []
},
{
"x402": []
},
{
"l402": []
},
{
"mpp": []
}
],
"metadata": {
"formal_verification": {
"smart_contracts": "Certora (6 properties verified)",
"state_machine": "TLA+ (1.94B states)",
"fuzz_testing": "Foundry (22 tests, 256 runs)"
},
"post_quantum": {
"algorithm": "ML-DSA-87 (FIPS 204)",
"public_key_url": "https://governance.taskhawktech.com/.well-known/mpp/pubkey",
"attestation_header": "X-Kevros-KGA"
},
"contracts": {
"network": "Base (8453)",
"note": "Contract addresses available on request"
},
"protocols": [
"x402",
"L402",
"MPP"
]
},
"protocolVersion": "0.2.6"
}