Authority Control Plane
Inspect, update, validate, and revoke the active consumer execution authority.
Consumer MCP Connection
Paid MCP calls require session runtime readiness and an active authority policy. ERC-8004 is not required.
Paid MCP calls are not yet ready — see checks below.
MCP server reachable
Cannot reach /.well-known/mcp.json — check BACKEND_URL
Session runtime ready
No AA wallet or session key — run ktrace auth session
Authority policy active
No active authority — use Update Authority Grant below
Auth requirements
| Operation | Minimum role | Notes |
|---|---|---|
| tools/list | viewer | Discover available ktrace__ tools |
| tools/call | agent | Execute tools — paid calls also need session + authority |
Discovery document
Consumer agents start here: GET /.well-known/mcp.json
Pre-execution Validation
Test whether a proposed action is allowed under the active authority before submitting.
Update Authority Grant
Modify allowed capabilities, providers, recipients, and spend limits.
Revoke Authority
Immediately revoke the active grant. All subsequent execution will be denied.
Danger zone
Revocation is global and immediate. All subsequent buy/job execution will be denied until a new grant is issued.