Agents Overview
Guide for building agentic systems on PacSpace. Emit, derive, compare, and checkpoint with checkable proofs and safe retries.
This section is written for agentic systems and the humans wiring them up. It is the shortest path from "agent has a customer and an event" to "agent has a verified delta and a receipt it can trust."
PacSpace gives an agent one unit of record: the verified delta. Three operations build on it: derive a running balance, compare two views of that balance, and checkpoint a window into a single proof. Everything else in this section is guidance on how to use those four operations safely.
Use When
Use this page when an agent is starting a new PacSpace integration, reviewing an existing one, or orienting before calling into a deeper reference page. It is the entry point, not the whole story.
Inputs
- An API key for the right environment.
pk_test_*routes to Sandbox.pk_live_*routes to Production. Never mix them. - A stable
customerIdfor each counterparty, record, or cost center the agent writes about. - A deterministic
referenceIdstrategy the agent can regenerate from its own inputs. - A clear answer for whether this integration is event-driven, periodic, or hybrid.
The Four Operations
| Operation | What an agent does | API call |
|---|---|---|
| Emit | Record one usage change as a delta. | POST /api/v1/balance/delta |
| Derive | Compute the running balance from verified deltas. | GET /api/v1/balance/derive/:customerId |
| Compare | Find where the agent's view and the counterparty's view diverge. | POST /api/v1/balance/compare |
| Checkpoint | Lock a period or window into a single proof. | POST /api/v1/balance/checkpoint |
These four calls cover the full surface most agents need.
The Data Boundary
This distinction matters to every agent, because it controls what is safe to share externally:
- Deltas are private. The business data inside a delta -
customerId,delta,reason,metadata- stays inside PacSpace. It is not exposed to anyone else. - Proofs are public. The fingerprint of a delta, the proof root over a window, and the verification record of each proof are safe to share. They confirm that an event happened and when, without revealing what happened.
An agent should treat proof fields - proofRoot, receiptId, proofHash, contentHash, itemHash, verificationReference - as safe to publish, cite, and hand to a counterparty. Everything else should stay inside the agent's own perimeter.
A Minimal Agent Loop
A robust agent loop looks like this:
- Detect an operation worth metering.
- Build a deterministic
referenceIdfrom inputs the agent controls. - Emit a delta with an idempotency key derived from that same reference.
- On webhook or poll, record the
receiptIdandproofHash. - Derive or compare on demand, not on every event.
- Checkpoint at period close and attach the
proofRootto whatever document the agent hands downstream.
If an agent can execute those six steps safely under retries, it has a correct PacSpace integration.
Where to Go Next
| You want to... | Go to |
|---|---|
| See exact vocabulary before writing code | Glossary |
| Wire up the four core operations and common reads | Capabilities |
| Store and rotate API keys safely | Authentication |
| Pick event-driven, periodic, or hybrid metering | Integration Patterns |
| Make retries, idempotency, and cadence safe | Safety and Idempotency |
| Consume and verify proofs and receipts | Proofs for Agents |
| Preview the PacSpace MCP interface | PacSpace MCP |
Failure Modes
- Mixing
pk_test_*andpk_live_*credentials across environments. - Non-deterministic
referenceIdvalues that change on retry. - Emitting before the underlying operation has actually succeeded.
- Unbounded retries that flood the API and obscure real failures.
- Treating proofs as optional and leaving agents unable to audit their own behavior.
Each deeper page in this section addresses one of these failure modes directly.