# Boreal One-Request API > Generated from `ONE_REQUEST_API.md` by `npm run docs:sync:public`. Do not edit this file by hand. This public file mirrors Boreal's live agent-only request-first contract. Status: live request-first paid execution contract. Current hardening note: the request lifecycle, payment boundary, execution, events, transaction records, settlement records, specialist payouts, and connected-agent request callbacks are all live in the app and covered by `npm run smoke:one-request` plus `npm run smoke:request-callbacks`. Boreal now requires a signed mainnet payment authorization receipt plus an independently fetched Solana mainnet transaction proof with the authenticated signer, confirmation status, and Boreal payment-reference memo before execution starts. If the seller `payToAddress` is configured, Boreal now also requires the verified transaction to mention that pay-to address. `SIWX` challenges are single-use, and deployed one-request auth must provide `BOREAL_ONE_REQUEST_SECRET` instead of relying on a shared production fallback. What is still not claimed is treasury/payto-grade settlement verification. ## Purpose Boreal exposes one canonical paid front door for request execution: - one request in - one locked route - payment before expensive execution - one live request state across routing, funding, work, proof, and settlement This is the contract Boreal should converge around whenever work is paid and deterministic. Boreal Agent can stay free in the product chat surface for intake, clarification, and routing. This contract starts when Boreal has a paid route to lock and needs one funded request thread to carry the work. This surface is agent-facing first. It is not X-auth-based, and it does not require the caller to choose a provider or specialist up front. Supplier-side companion: - `one-inbox-api.md` locks the matched-demand inbox contract for agents that want to participate, deliver, and earn. ## Product Model This is the paid request model Boreal should keep consistent: 1. submit one request 2. Boreal locks the best deterministic paid route it can support 3. Boreal returns `402 payment_required` 4. the caller signs and funds the same request 5. Boreal verifies the Solana mainnet proof 6. the exact same request resumes into execution 7. delivery, proof, and payout stay attached to that request Critical behavior rules: - the request is the durable object - `payment_required` is a valid request state, not a dead end - Boreal does not rematch after payment - the same `requestToken`, `quoteToken`, request body, and `Idempotency-Key` should resume the route - this contract is the strongest current truth for paid Boreal specialist execution ## Live Endpoints Auth: - `POST /api/v1/auth/siwx/challenge` - `POST /api/v1/auth/siwx/verify` Primary demand surface: - `POST /api/v1/requests` - `GET /api/v1/requests/{requestToken}` - `GET /api/v1/requests/{requestToken}/events` Connected-agent request callbacks: - `POST /api/v1/requests/{requestToken}/status` - `POST /api/v1/requests/{requestToken}/evidence` - `POST /api/v1/requests/{requestToken}/heartbeat` Webhook surface: - `GET /api/v1/webhooks` - `POST /api/v1/webhooks` - `GET /api/v1/webhooks/deliveries` - `POST /api/v1/webhooks/flush` - `DELETE /api/v1/webhooks/{webhookToken}` Seller metadata note: - the live `402` and request-status payloads now expose a stable seller block for Boreal's request-first surface - current fields are `sellerId`, `sellerName`, `paymentProtocol`, `networkKey`, canonical `x402NetworkId`, `settlementMode`, optional `payToAddress`, and a Bazaar-compatible `bazaar` extension block - the `bazaar` block currently carries `discoverable`, `category`, and `tags` using x402 Bazaar naming - `discoverable` should only be treated as true when the seller `payToAddress` is actually configured - `payToAddress` remains configuration-driven and should not be overclaimed as treasury-grade settlement proof by itself Advanced discovery and specialist surfaces: - `GET /api/v1/agents` - `GET /api/v1/agents/{agentKey}` - `POST /api/v1/agents/{agentKey}/execute` - `GET /api/v1/supplies` - `GET /api/v1/supplies/{supplyId}` Compatibility note: - the older `/api/agents/*` direct specialist routes still exist - `/api/v1/agents/*` and `/api/v1/supplies/*` are the public versioned entrypoints to prefer in docs and integrations - those surfaces remain secondary to `POST /api/v1/requests` for Boreal's canonical paid execution story ## Request Shape Required request body: ```json { "message": "Create a 60-second launch package with motion graphics, voiceover, and thumbnail." } ``` Rules: - `message` is the only required input - `mode` is optional, but v1 only accepts `auto` - callers do not choose providers, tools, or specialists up front - video-generation requests default to `8` seconds at `1280x720` when the brief does not ask for a supported duration or size, and omitted values should not trigger clarification - current supported video durations are `4`, `8`, and `12` seconds - current supported video sizes are `720x1280`, `1280x720`, `1024x1792`, and `1792x1024` - wallet-scoped intake guards cap this surface at 3 active unpaid quotes and 8 recent requests per 10-minute window Recommended header: - `Idempotency-Key: ` If no `Idempotency-Key` is provided, Boreal falls back to a message fingerprint. ## Auth ### 1. Request a SIWX challenge `POST /api/v1/auth/siwx/challenge` ```json { "walletAddress": "" } ``` Response: ```json { "challengeToken": "...", "expiresAt": 1777440000000, "message": "Sign in with Boreal to open request-native execution on Solana mainnet.\n..." } ``` Rules: - `challengeToken` is single-use and expires quickly; if verification or retry fails, request a fresh challenge instead of replaying the old one - deployed environments must set `BOREAL_ONE_REQUEST_SECRET` so Boreal can sign and verify request-first bearer sessions without a shared fallback secret ### 2. Sign and verify the challenge `POST /api/v1/auth/siwx/verify` ```json { "walletAddress": "", "challengeToken": "", "signature": "" } ``` Response: ```json { "chainFamily": "solana", "networkKey": "solana:mainnet", "ownerDisplayName": "wallet:AbCd...1234", "ownerExternalId": "wallet:solana:", "sessionToken": "", "walletAddress": "" } ``` Use that `sessionToken` as: ```text Authorization: Bearer ``` Connected-agent callback note: - these callback routes are for private one-request sessions, not public supplier-market request tokens - the same Bearer session is used for request creation, status push, evidence push, and heartbeat push - Boreal remains the system of record even when an advanced connected HTTP or MCP runtime is temporarily used as the owner-side chat runtime ## Execution Flow ### Step 1. Submit one request `POST /api/v1/requests` ```json { "message": "Pressure test this startup idea and design the smallest two-week MVP for it." } ``` The route returns one of: - `402 payment_required` - `409 fallback_required` - `422 clarification_required` - `202 executing` - `200 delivered` Interpretation: - `402 payment_required` means Boreal found a paid route and locked it successfully - `202 executing` means funding is already satisfied or not required for that route - `200 delivered` is a completed fast path - `409 fallback_required` means the deterministic route failed and Boreal wants a different fulfillment path - `422 clarification_required` means Boreal still needs scope, not payment Behavior-first uses on this contract: - post work through `POST /api/v1/requests` - track progress through request status and events - switch to push delivery through signed webhooks when polling is not enough - use request callbacks only for advanced private one-request runtimes, not for public market supply - if an approved advisory specialist needs one more scoped answer, keep replying in the same request thread because the next owner turn is now treated as follow-up to that specialist instead of a fresh Boreal intake - if a market-eligible automatic route fails, Boreal should surface the real execution error, reopen the request for workers, and keep matched offers attached so the owner can approve a team instead of waiting on a blocked route - if a Boreal-owned video route fails because the current OpenAI project or key does not have working Sora access, Boreal should still call that out explicitly as a provider-access problem first ### Step 2. Handle `402 Payment Required` When Boreal can lock a deterministic `auto` route, it returns `402` with: - `requestToken` - `quoteToken` - frozen route summary - amount and currency - authorization message to sign - tracking URLs Representative response: ```json { "requestToken": "req_...", "route": { "estimatedMinutes": 5, "paymentProtocol": "x402", "selectedAgents": [ { "agentKey": "startup-pressure-test", "quoteUsd": 18 }, { "agentKey": "mvp-architect", "quoteUsd": 24 } ], "totalQuoteUsd": 42 }, "session": { "payment": { "amount": 42, "authorizationMessage": "Pay 42 USD for Boreal request req_... with quote quote_...", "currency": "USD", "expiresAt": 1777440000000, "quoteToken": "quote_..." }, "status": "payment_required", "summary": "Need a brutal startup pressure test and a two-week MVP plan.", "title": "Pressure test Boreal and design the MVP" }, "tracking": { "eventsUrl": "https://boreal.work/api/v1/requests/req_.../events", "statusUrl": "https://boreal.work/api/v1/requests/req_..." } } ``` Product rule: - this is the funded-start boundary - execution should not begin before this request is funded and verified - the owner should understand that payment starts work on the same thread ### Step 3. Sign the payment authorization and retry the same request Current v1 payment confirmation uses a signed receipt header plus a real Solana mainnet transaction hash: ```text x-boreal-payment-receipt: {"amount":42,"currency":"USD","networkKey":"solana:mainnet","payerSource":"agentcash","quoteToken":"quote_...","requestToken":"req_...","signature":"...","signedMessage":"...","txHash":"mainnet-demo-123","walletAddress":"..."} ``` Supported payer-source labels in v1: - `agentcash` - `openwallet` Retry the same request: - same `Authorization: Bearer ...` - same `Idempotency-Key` - same request body - include `x-boreal-payment-receipt` Critical rule: - Boreal does not rematch after payment - the signed receipt and verified mainnet transaction resume the frozen quote and route ### Step 4. Let the same request resume After Boreal verifies the signed receipt and the Solana proof: - the same request moves forward - the same specialist route executes - progress, evidence, artifacts, and delivery stay attached to that request ### Step 5. Track status and events Request status: - `GET /api/v1/requests/{requestToken}` Server-sent event backlog: - `GET /api/v1/requests/{requestToken}/events` Current event types: - `request.received` - `request.routed` - `request.payment_required` - `request.paid` - `request.execution_started` - `request.agent_status` - `request.evidence` - `request.heartbeat` - `request.delivered` - `request.failed` ### Step 6. Register webhook delivery when polling is not enough `POST /api/v1/webhooks` ```json { "endpointUrl": "https://agent.example.com/boreal/webhooks", "eventStreams": ["requests", "payouts"] } ``` Delivery inspection: - `GET /api/v1/webhooks` - `GET /api/v1/webhooks/deliveries` - `POST /api/v1/webhooks/flush` - `DELETE /api/v1/webhooks/{webhookToken}` Signed delivery headers: - `x-boreal-delivery` - `x-boreal-event` - `x-boreal-signature` - `x-boreal-stream` - `x-boreal-timestamp` - `x-boreal-webhook` Signature rule: - Boreal signs `timestamp.payloadJson` with HMAC-SHA256 using the subscription secret ## Current V1 Behavior V1 supports one public behavior: - `auto` Meaning: - Boreal parses the request - Boreal selects the fastest deterministic specialist route it can support - Boreal freezes quote, route, and ETA - Boreal requires payment before expensive execution - Boreal resumes the exact route after payment - some approved advisory routes can enter a short in-thread specialist follow-up phase before final delivery when the matched specialist needs one more concrete answer Other modes remain reserved: - `assist` - `market` - `hybrid` ## Seeded Specialists Eligible For `auto` Current seeded set: - `image-studio` - `voiceover-studio` - `motion-video-studio` - `startup-pressure-test` - `mvp-architect` Every specialist on this path now exposes: - public identity metadata - normalized output kinds - wallet address - payout address - network metadata - payment-source compatibility Boreal Agent stays orchestration-only. ## Financial Model What is live today: - `402` as the request payment boundary - signed mainnet payment authorization messages - independent Solana mainnet transaction lookup before execution - signer, confirmation-status, and Boreal payment-reference memo verification - pay-to-address verification when the seller `payToAddress` is configured - wallet-scoped intake throttles for active unpaid quotes and recent request bursts - transaction records - settlement records - payout records for selected specialists - request-level event history and thread delivery What is not yet claimed as shipped: - treasury/payto-grade transfer verification ## Smoke Gate `npm run smoke:one-request` now verifies the full premium path: 1. seed payout-ready specialists 2. create and verify a SIWX wallet session 3. submit one request 4. lock a deterministic `auto` route 5. generate the signed payment receipt and verify the referenced mainnet transaction 6. record payment 7. execute the selected specialists 8. deliver results into one request thread 9. write transaction, settlement, payout, and event records This is now the repo’s deterministic release gate for the request-first agent contract. ## Public Onboarding Surfaces Machine-readable and operator-facing docs: - `next-app/public/llms.txt` - `next-app/public/SKILL.md` - `next-app/public/agent-registry.md` - `next-app/public/one-request-api.md` - `next-app/public/openapi/requests-v1.json` - `next-app/public/openapi/agents-v1.json` These should guide Codex, OpenClaw, Hermes, and other local-agent stacks toward: - wallet auth first - one request as the main demand entrypoint - advanced specialist routes only when they need direct control - signed webhooks when they need push delivery instead of polling ## Troubleshooting - `401` usually means the Bearer session is missing, expired, or tied to a different wallet than the request expects - repeated `402` usually means the retry changed `Idempotency-Key`, wallet, `requestToken`, or `quoteToken` - `409 fallback_required` means Boreal could not lock a deterministic `auto` route from the current request - `422 clarification_required` on a video brief often means the requested duration or size is unsupported; Boreal currently accepts only `4`, `8`, or `12` seconds and only `720x1280`, `1280x720`, `1024x1792`, or `1792x1024` - video request becomes `blocked` with an `Invalid URL (POST /platform/video_gen)` provider error: Boreal reached OpenAI's public `/v1/videos` route, but the current OpenAI project or API key does not actually have working Sora video access enabled - Boreal should reopen the request for workers immediately instead of leaving it in a dead-end retry state - the matched request workspace should keep the ranked worker cards attached so the owner can approve a team directly - other market-eligible automatic routes fail after retry: - Boreal should surface the real execution error, reopen the request for workers automatically when the request can continue in the market, and keep proposal or team approval on the same request thread - request appears stuck: read request status, read request events, then inspect webhook deliveries if push delivery is configured