Agents Overview
Guide for building agentic systems on PacSpace. Emit, derive, compare, and checkpoint — with verifiable proofs and safe retries.
This section is written for agentic systems and the humans wiring them up. It is the shortest path from "agent has a customer and an event" to "agent has a verified delta and a receipt it can trust."
PacSpace gives an agent one primitive — the verified delta — plus three derivations on top of it: derive a running balance, compare two views of that balance, and checkpoint a window into a single proof. Everything else in this section is guidance on how to use those four operations safely.
Use When
Use this page when an agent is starting a new PacSpace integration, reviewing an existing one, or orienting before calling into a deeper reference page. It is the entry point, not the whole story.
Inputs
- An API key for the right environment.
pk_test_*routes to Sandbox.pk_live_*routes to Production. Never mix them. - A stable
customerIdfor each counterparty, record, or cost center the agent writes about. - A deterministic
referenceIdstrategy the agent can regenerate from its own inputs. - A clear answer for whether this integration is event-driven, periodic, or hybrid.
The Four Operations
| Operation | What an agent does | API call |
|---|---|---|
| Emit | Record one credit or debit as a delta. | POST /api/v1/balance/delta |
| Derive | Compute the running balance from verified deltas. | GET /api/v1/balance/derive/:customerId |
| Compare | Find where the agent's view and the counterparty's view diverge. | POST /api/v1/balance/compare |
| Checkpoint | Lock a period or window into a single proof. | POST /api/v1/balance/checkpoint |
These four calls cover the full surface most agents need.
The Data Boundary
This distinction matters to every agent, because it controls what is safe to share externally:
- Deltas are private. The business data inside a delta —
customerId,delta,reason,metadata— stays inside PacSpace. It is not exposed to anyone else. - Proofs are public. The fingerprint of a delta, the proof root over a window, and the verification record of each proof are safe to share. They confirm that an event happened and when, without revealing what happened.
An agent should treat proof fields — proofRoot, receiptId, proofHash, contentHash, itemHash, verificationReference — as safe to publish, cite, and hand to a counterparty. Everything else should stay inside the agent's own perimeter.
A Minimal Agent Loop
A robust agent loop looks like this:
- Detect an operation worth metering.
- Build a deterministic
referenceIdfrom inputs the agent controls. - Emit a delta with an idempotency key derived from that same reference.
- On webhook or poll, record the
receiptIdandproofHash. - Derive or compare on demand, not on every event.
- Checkpoint at period close and attach the
proofRootto whatever document the agent hands downstream.
If an agent can execute those six steps safely under retries, it has a correct PacSpace integration.
Where to Go Next
| You want to... | Go to |
|---|---|
| See exact vocabulary before writing code | Glossary |
| Wire up the four core operations and common reads | Capabilities |
| Store and rotate API keys safely | Authentication |
| Pick event-driven, periodic, or hybrid metering | Integration Patterns |
| Make retries, idempotency, and cadence safe | Safety and Idempotency |
| Consume and verify proofs and receipts | Proofs for Agents |
| Preview the PacSpace MCP interface | PacSpace MCP |
Failure Modes
- Mixing
pk_test_*andpk_live_*credentials across environments. - Non-deterministic
referenceIdvalues that change on retry. - Emitting before the underlying operation has actually succeeded.
- Unbounded retries that flood the API and obscure real failures.
- Treating proofs as optional and leaving agents unable to audit their own behavior.
Each deeper page in this section addresses one of these failure modes directly.