Full Platform Path
You both issue credentials for your agents AND protect resources with gates. This unlocks the complete agent economy: service discovery, bilateral metering, Anti-Bait-and-Switch guarantees, and settlement.
Your path: Issue + Protect + Commerce
The full platform lets you participate in the agent economy on both sides, your agents discover and use other services, while your services accept and meter other agents. Everything is cryptographically verifiable and tamper-proof.
Architecture Overview
Your Organization
Issuers
Your agent signing identities. Issue passports to Agent A (web:search, documents:read) and Agent B (payments:process, spend cap $50/day).
Gates
Your protected resources. Each gate has a permission catalog, billing via consumption attestations, service-level agreement (SLA) tracking, and optional anonymous access.
Agent Economy
↔ Your agents discover other gates via GET /api/discover
↔ Other agents discover your gate via GET /api/discover
↔ Bilateral metering, both parties hold signed receipts
Setup Checklist
Create an Issuer
Your signing identity for passport issuance.
Issue passports for your agents
With guardrails: spend caps, rate limits, domain allowlists.
Create a Gate
Ed25519 (an industry-standard elliptic curve signing algorithm) signing keypair, security profile (L1/L2/L3).
Build a Permission Catalog
Define permissions, pricing, and SLA terms, sign and publish.
Enable service discovery
Make your gate discoverable so agents can find it via GET /api/discover.
Configure billing
Consumption attestations and settlement.
Set up anonymous access
Onboard new agents gracefully with upgrade prompts.
Commerce: The Complete Flow
Once your gate has a published catalog and is discoverable, the full commerce flow works automatically:
Agent discovers your gate
GET /api/discover?capability=api:search, returns your gate with catalog_signature
Agent verifies terms locally
Recomputes content hash, verifies Ed25519 signature, trustless, no need to trust the discovery node
Operator issues passport
Pinned to current catalog version (catalog_content_hash), immutable at issuance
Agent calls your API
Gate runs POST /api/enforce, the enforcement layer evaluates constraints, issues consumption attestation on allow
Both parties hold receipts
Signed consumption attestations, bilateral proof of every transaction
Monthly settlement
Aggregate CAs, batch-verify signatures, bigint math (no floats), immutable summary
Anti-Bait-and-Switch
Passports are pinned to a catalog_content_hash at issuance. If you update your catalog (price increases, SLA downgrades), existing passports are not affected. Agents can choose to reissue and accept new terms, or keep operating under the original.
# Agent gets breaking change diff before deciding to reissue
curl -X POST https://modei.ai/api/v1/passports/pass_01HABC.../reissue \
-H "Authorization: Bearer mod_your_key" \
-d '{"accept_catalog_version": 3}'
# Returns: { terms_changed: true, has_breaking_changes: true, changes: [...] }See Anti-Bait-and-Switch for the full reissue flow.
Deep Dives
- Commerce Overview, The four pillars: catalogs, discovery, billing, anti-bait-and-switch.
- Bilateral Metering, Consumption attestations, settlement, SLA compliance.
- Enforcement Layer, 40 constraint evaluators, allow/request_hold/block decisions.
- MCP Integration (48 tools), Full automation via Model Context Protocol.
- Agent Autonomy Guide, Bootstrap, self-rotate, spawn sub-agents autonomously.