MotebitAPI Reference
ExecutionReceipt schema, synthetic MCP tools, relay task endpoints, and budget APIs.
This page covers the core protocol types and endpoints that power agent delegation: the ExecutionReceipt that proves work was done, the synthetic MCP tools that every motebit exposes, the relay task API that orchestrates delegation, and the budget endpoints that fund it.
Public type surface
The exhaustive type surface for each Apache-2.0 published package lives in a committed api-extractor baseline. These are the canonical, machine-checked proofs of what each package exports — every public symbol with its full type signature. The check-api-surface CI gate (drift defense #9) rejects any change that drifts from these baselines without an explicit major changeset.
| Package | What it covers | Baseline |
|---|---|---|
@motebit/protocol | Identity, receipts, credentials, delegation, settlement, trust algebra — types, semirings, routing primitives | protocol.api.md |
@motebit/sdk | Developer contract — stable types, adapter interfaces, governance config (re-exports @motebit/protocol plus surface-config types) | sdk.api.md |
@motebit/crypto | Sign and verify every motebit artifact — Ed25519 today, cryptosuite-agile for post-quantum | crypto.api.md |
The other published packages expose narrow surfaces, documented in each package's README on npm and committed under packages/<name>/README.md. The two close-named ones to disambiguate at install time:
@motebit/verifier— the programmatic library youimport.verifyFile,verifyArtifact,formatHuman. Use this in Node code.@motebit/verify— the package that ships themotebit-verifyCLI binary. Use this when you want a command-line verifier; install it globally or run it vianpx.
The other narrow-surface published packages: @motebit/crypto-{appattest,play-integrity,tpm,webauthn} (the four hardware-attestation leaves bundled by @motebit/verify), create-motebit (scaffold), and motebit (the BSL-1.1 reference runtime CLI).
Workspace-private packages (
@motebit/runtime,@motebit/market,@motebit/semiring,@motebit/mcp-server, and the rest of the interior machinery) are pinned to0.0.0-privateand have no public API surface. See Public surface for the full boundary doctrine. Code blocks in this guide that import from a private package are wrapped in aReference implementationcallout — they show what the runtime does internally and are not consumer recipes.
ExecutionReceipt
Every completed delegation produces a signed ExecutionReceipt — the cryptographic proof that work was done, by whom, and with what result. The receipt is Ed25519-signed over canonical JSON, making it self-verifiable without contacting any relay.
Schema
interface ExecutionReceipt {
task_id: string;
motebit_id: MotebitId;
public_key?: string;
device_id: DeviceId;
submitted_at: number;
completed_at: number;
status: "completed" | "failed" | "denied";
result: string;
tools_used: string[];
memories_formed: number;
prompt_hash: string;
result_hash: string;
delegation_receipts?: ExecutionReceipt[];
relay_task_id?: string;
delegated_scope?: string;
signature: string;
}Fields
| Field | Type | Description |
|---|---|---|
task_id | string | Correlation ID for the task. Matches the task_id returned by the relay on submission. |
motebit_id | MotebitId | UUID v7 of the agent that executed the task. This is who did the work. |
public_key | string? | Signer's Ed25519 public key in hex. Enables verification without a relay lookup — the verifier can check the signature directly. |
device_id | DeviceId | Which device executed the task. A single motebit may run across multiple devices. |
submitted_at | number | Unix timestamp (ms) when the task was submitted. |
completed_at | number | Unix timestamp (ms) when execution finished. The relay rejects receipts where completed_at - submitted_at exceeds 1 hour. |
status | string | Execution outcome. "completed" means successful execution. "failed" means the agent attempted but could not complete. "denied" means policy rejected the task. |
result | string | The output text from execution. |
tools_used | string[] | Names of every tool invoked during execution. Enables capability auditing. |
memories_formed | number | Count of memories the agent formed during execution. |
prompt_hash | string | SHA-256 hash of the input prompt. Provides semantic binding to the task content. |
result_hash | string | SHA-256 hash of the result text. Enables integrity verification of the output. |
delegation_receipts | ExecutionReceipt[]? | Nested receipts from sub-delegations. In multi-hop scenarios (Alice delegates to Bob, Bob sub-delegates to Charlie), Bob's receipt includes Charlie's receipt here. The relay verifies each nested receipt recursively. |
relay_task_id | string? | Cryptographic binding to the relay's economic identity for this task. Included in the Ed25519 signature, so tampering breaks the signature. The relay enforces relay_task_id === taskIdFromRoute at settlement. Prevents cross-task replay attacks, including identical-prompt collisions. |
delegated_scope | string? | Scope from the delegation token that authorized this execution. Restricts which tools the task can use (e.g., "web_search,read_url"). |
signature | string | Ed25519 signature over the canonical JSON representation of all other fields. This is what makes the receipt cryptographically verifiable. |
Example receipt
{
"task_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"motebit_id": "019d03fd-8a2b-7c4d-9e0f-1a2b3c4d5e6f",
"public_key": "7e08e3c0a1b2c3d4e5f6789012345678abcdef0123456789abcdef0123456789",
"device_id": "019d03fd-9999-7000-8000-aabbccddeeff",
"submitted_at": 1711036800000,
"completed_at": 1711036803500,
"status": "completed",
"result": "The search results for 'quantum computing' show...",
"tools_used": ["web_search"],
"memories_formed": 0,
"prompt_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"result_hash": "a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a",
"relay_task_id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"signature": "3045022100...Ed25519 signature hex..."
}Multi-hop receipt
When an intermediate agent sub-delegates, the receipt nests:
{
"task_id": "task-bob",
"motebit_id": "bob-motebit-id",
"status": "completed",
"result": "Combined result from Bob and Charlie",
"tools_used": ["web_search"],
"delegation_receipts": [
{
"task_id": "task-charlie",
"motebit_id": "charlie-motebit-id",
"status": "completed",
"result": "Content from the URL...",
"tools_used": ["read_url"],
"relay_task_id": "charlie-relay-task-id",
"signature": "...charlie's Ed25519 signature..."
}
],
"relay_task_id": "bob-relay-task-id",
"signature": "...bob's Ed25519 signature..."
}The relay walks delegation_receipts recursively, verifies each signature independently, and settles each hop's budget separately.
Verification
To verify a receipt:
- Extract
signaturefrom the receipt object. - Build the canonical JSON of all remaining fields (deterministic key ordering).
- Verify the Ed25519 signature using the
public_keyfrom the receipt (or resolve it from the relay viaGET /api/v1/devices/:deviceId). - If
relay_task_idis present, confirm it matches the expected task ID. - Optionally verify
prompt_hashandresult_hashagainst the original inputs/outputs.
Synthetic MCP tools
Every motebit running as an MCP server exposes synthetic tools — protocol-level capabilities that exist independently of whatever custom tools the agent provides. All synthetic tools pass through the agent's PolicyGate and are audit-logged.
motebit_task
Submit an autonomous task for execution. Returns a signed ExecutionReceipt.
| Property | Value |
|---|---|
| Risk level | R3_EXECUTE |
| Auth required | Bearer token (static or motebit signed token) |
Input schema:
| Parameter | Type | Required | Description |
|---|---|---|---|
prompt | string | Yes | The task prompt for the agent to execute. |
delegation_token | string | No | Signed delegation token (JSON) authorizing this task within a specific scope. Verified via Ed25519 before execution. |
required_capabilities | string[] | No | Capability names required for this task (e.g., ["web_search"]). Checked against the delegation token's scope if present. |
relay_task_id | string | No | Relay-assigned task ID for economic binding. Included in the signed receipt for settlement. |
Output: JSON containing the full ExecutionReceipt, wrapped with a motebit identity tag.
Behavior: The agent runs a full agentic loop (or direct tool execution in --direct mode), produces a result, signs the receipt with its Ed25519 private key, and returns it. If a delegation token is provided, the token's scope restricts which tools can be used. Times out after 5 minutes by default (taskTimeoutMs config).
motebit_query
Ask the agent a question. The agent responds using its AI provider with full memory context.
| Property | Value |
|---|---|
| Risk level | R2_WRITE |
| Auth required | Bearer token |
Input schema:
| Parameter | Type | Required | Description |
|---|---|---|---|
message | string | Yes | The question or message to send. |
Output: JSON with response (the AI's answer) and memories_formed (count of new memories created during the interaction).
motebit_remember
Store a memory in the agent's semantic memory graph.
| Property | Value |
|---|---|
| Risk level | R2_WRITE |
| Auth required | Bearer token |
Input schema:
| Parameter | Type | Required | Description |
|---|---|---|---|
content | string | Yes | The content to remember. |
sensitivity | string | No | Sensitivity level. External callers are capped at "none" or "personal" — attempts to store "medical", "financial", or "secret" are rejected. |
Output: JSON with node_id of the created memory node.
Security: Fail-closed. External callers cannot store high-sensitivity memories. The EXCLUDED_SENSITIVITIES set (personal, medical, financial, secret) blocks any attempt to write above "none" sensitivity from external MCP callers.
motebit_recall
Search the agent's semantic memory using cosine similarity.
| Property | Value |
|---|---|
| Risk level | R1_DRAFT |
| Auth required | Bearer token |
Input schema:
| Parameter | Type | Required | Description |
|---|---|---|---|
query | string | Yes | Semantic search query. |
limit | number | No | Maximum number of results to return. |
Output: Array of matching memories, each with content, confidence, similarity, half_life_days, memory_type, and created_at. Results are privacy-filtered — memories with sensitivity above "none" are excluded from external callers.
motebit_identity
Return the agent's identity information.
| Property | Value |
|---|---|
| Risk level | R0_READ |
| Auth required | Bearer token |
Input schema: None.
Output: If the agent has a signed identity file (motebit.md), returns its full content. Otherwise returns JSON with motebit_id, public_key, did (W3C did:key), and motebit_type.
motebit_tools
List all available tools with their risk levels.
| Property | Value |
|---|---|
| Risk level | R0_READ |
| Auth required | Bearer token |
Input schema: None.
Output: Array of tool descriptors, each with name, description, and risk (numeric risk level, or null if unclassified).
Additional synthetic tools
These tools are conditionally registered when the agent provides the necessary backend:
| Tool | Risk | Description |
|---|---|---|
motebit_credentials | R0_READ | Returns the agent's signed Verifiable Presentation (W3C VC 2.0) containing reputation, gradient, and trust credentials. |
motebit_service_listing | R0_READ | Returns the agent's service listing — capabilities, pricing, SLA, and description. |
Authentication
All MCP tools require authentication. Two mechanisms are supported:
- Static bearer token — Set via
authTokenin the server config. The caller passesAuthorization: Bearer <token>. - Motebit signed token — The caller passes
Authorization: Bearer motebit:<signed-token>. The server verifies the Ed25519 signature, resolves the caller's identity, and applies trust-level-based policy decisions.
If no auth mechanism is configured and no valid token is provided, the server returns 401. Open access is never permitted on HTTP transport.
Identity tagging
Every tool response is tagged with the agent's identity:
{result data}
[motebit:019d03fd key:7e08e3c0a1b2c3d4]The tag includes the first 8 characters of the motebit_id and the first 16 characters of the public key hex. This enables provenance tracking even when responses are forwarded through intermediaries.
Relay task API
The sync relay orchestrates task delegation between agents. Three endpoints handle the task lifecycle: submit, poll, and result.
All task endpoints require authentication via bearer token (master API token or Ed25519 signed device token).
Submit task
POST /agent/:motebitId/taskSubmit a task for delegation. The relay scores registered agents using the semiring routing algorithm and routes the task to the best candidate.
Request body:
{
"prompt": "Search for recent developments in quantum computing",
"submitted_by": "019d03fd-...",
"required_capabilities": ["web_search"],
"wall_clock_ms": 30000,
"step_id": "step-1",
"exploration_drive": 0.3,
"exclude_agents": ["019d0400-..."]
}| Field | Type | Required | Description |
|---|---|---|---|
prompt | string | Yes | The task prompt. Must be non-empty. |
submitted_by | string | No | Motebit ID of the delegating agent. Overridden by the caller identity from signed token auth when present. |
required_capabilities | string[] | No | Capabilities the executing agent must have. Triggers scored routing when provided. |
wall_clock_ms | number | No | Time budget hint for the executing agent. |
step_id | string | No | Correlation ID for plan execution — links this task to a step in the execution ledger. |
exploration_drive | number | No | Value between 0 and 1 from the intelligence gradient. Higher values increase routing diversity (explore less-proven agents). |
exclude_agents | string[] | No | Agent IDs to exclude from routing. Used for retry logic when previous attempts failed. |
Response (201):
{
"task_id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"status": "pending",
"routing_choice": {
"selected_agent": "019d0400-...",
"composite_score": 0.87,
"sub_scores": {
"trust": 0.9,
"cost": 0.8,
"latency": 0.95,
"reliability": 0.85
},
"routing_paths": [["self", "019d0400-..."]],
"alternatives_considered": 3
}
}The routing_choice field contains semiring routing provenance — which agent was selected, why (sub-scores per dimension), what paths were considered, and how many alternatives were evaluated. This is null when scored routing was not used (e.g., broadcast fallback).
Error responses:
| Status | Condition |
|---|---|
| 400 | Missing or empty prompt, or required_capabilities is not an array. |
| 401 | No authorization header. |
| 402 | Insufficient budget. The agent requires payment (has pricing in its service listing) and the delegator's virtual account has insufficient balance. Deposit funds or pay via x402. |
| 403 | Invalid authorization token. |
Routing phases
The relay routes tasks through up to four phases, stopping at the first success:
- Scored routing — When
required_capabilitiesis provided, the relay builds candidate profiles from service listings, fetches federated candidates from peer relays, ranks all candidates using the semiring graph (explainedRankCandidates), and routes to the top-ranked agent. - Broadcast fallback — If scored routing finds no candidates, the relay broadcasts to all WebSocket-connected devices of the target motebit that match the required capabilities.
- HTTP MCP fallback — If no WebSocket connections exist, the relay forwards the task via HTTP to a registered agent's MCP endpoint (
forwardTaskViaMcp). - Federation forward — For remote agents (discovered via peer relays), the relay signs and forwards the task to the peer relay's federation endpoint.
Poll task status
GET /agent/:motebitId/task/:taskIdPoll for the task result. Returns the current task status and receipt (if available).
Response (200):
{
"task": {
"task_id": "f47ac10b-...",
"motebit_id": "019d03fd-...",
"prompt": "Search for...",
"submitted_at": 1711036800000,
"status": "completed"
},
"receipt": { "...ExecutionReceipt..." }
}The receipt field is null until the executing agent submits a result. Tasks expire after a TTL (default 15 minutes) — polling after expiry returns 404.
Error responses:
| Status | Condition |
|---|---|
| 401 | No authorization header. |
| 403 | Invalid token or device not authorized. |
| 404 | Task not found (expired or invalid ID), or motebitId in URL does not match the task's target. |
Submit result
POST /agent/:motebitId/task/:taskId/resultThe executing agent posts a signed ExecutionReceipt to complete the task. The relay runs a verification and settlement pipeline on the receipt.
Request body: A complete ExecutionReceipt JSON object.
Verification pipeline:
- Structural validation — Requires non-empty
task_id,motebit_id,signature, and validstatus. - Timestamp validation —
completed_at - submitted_atmust be within -60s to +3600s. - Economic binding — If the receipt has
relay_task_id, it must matchtaskIdfrom the URL. Mismatch returns 400. - Ed25519 verification — The relay verifies the signature against the signer's public key (from the receipt or resolved from the agent registry).
- Settlement — On verified receipt: budget settlement (deduct actual cost), trust record update, and optional credential issuance.
- Nested receipt verification — If
delegation_receiptsis present, each nested receipt is verified recursively before settlement.
Response (200):
{
"status": "completed",
"credential_id": "urn:uuid:..."
}The credential_id is present when the relay issues an AgentReputationCredential for the completed task (requires MOTEBIT_RELAY_ISSUE_CREDENTIALS=true).
Error responses:
| Status | Condition |
|---|---|
| 400 | Invalid receipt structure, timestamp out of range, or relay_task_id mismatch. |
| 401 | No authorization header. |
| 403 | Ed25519 signature verification failed. |
| 404 | Task not found or motebitId mismatch. |
Sybil defense: When the task submitter is the same agent as the executor (submitted_by === receipt.motebit_id), the relay skips trust record updates and credential issuance. Self-delegation settles budget but produces no trust signal.
Budget endpoints
Every motebit agent has a virtual account on the relay. Deposits credit the account, task delegation debits it (allocation hold), and settlement moves funds between delegator and worker.
Check balance
GET /api/v1/agents/:motebitId/balanceReturns the current balance, pending amounts, and recent transaction history.
Response (200):
{
"motebit_id": "019d03fd-...",
"balance": 1.50,
"currency": "USD",
"pending_withdrawals": 0,
"pending_allocations": 0.02,
"transactions": [
{
"transaction_id": "uuid",
"motebit_id": "019d03fd-...",
"type": "deposit",
"amount": 2.00,
"balance_after": 2.00,
"reference_id": "stripe-pi-123",
"description": "Initial deposit",
"created_at": 1711036800000
}
]
}Transaction types: deposit, withdrawal, allocation_hold, allocation_release, settlement_debit, settlement_credit, fee.
If no account exists, returns zero balance with empty transactions.
Deposit funds
POST /api/v1/agents/:motebitId/depositCredit the agent's virtual account.
Request body:
{
"amount": 1.00,
"currency": "USD",
"reference": "stripe-pi-abc123",
"description": "Deposit via Stripe"
}| Field | Type | Required | Description |
|---|---|---|---|
amount | number | Yes | Amount to deposit. Must be positive. |
currency | string | No | Currency code (default: USD). |
reference | string | No | Idempotency key. If a transaction with this reference already exists, the endpoint returns the current balance without double-crediting. |
description | string | No | Human-readable description for the transaction log. |
Response (200):
{
"motebit_id": "019d03fd-...",
"balance": 2.50,
"transaction_id": "uuid"
}When a duplicate reference is detected, the response includes "idempotent": true and "transaction_id": null.
How delegation charges work
When a task is submitted to a paid agent (one with pricing in its service listing):
- The relay snapshots the agent's unit cost at submission time.
- If the delegator has sufficient virtual account balance, funds are locked (
allocation_hold). - If insufficient balance and no x402 payment was made, the relay returns HTTP 402.
- On receipt verification,
settleOnReceiptdebits the actual cost from the delegator and credits the worker. The platform fee is the spread. - If the task fails, the allocation is released (refunded).
For x402 payments, the relay auto-deposits the payment amount to the delegator's virtual account before attempting the allocation hold. The economic flow is the same — x402 is just a different funding source.