Patchr is built around explicit protocol surfaces, scoped credential references, policy-gated execution, and tamper-evident audit records. Every significant action either produces proof or it doesn't happen.
Core principles
Connectors, sessions, and secret checks carry references only (e.g. env:TWILIO_AUTH_TOKEN). Raw tokens and client secrets are never accepted or stored in request payloads. Secret resolution happens server-side at execution time.
BRIDGE, PROXY, and PAY execution paths gate on mandate sessions, capability grants, and preflight checks. If a check fails or a connector is not ready, the route blocks — it doesn't degrade silently.
Receipts, proof cards, proof packs, and integration events keep agent actions inspectable after the workflow completes. There is always an auditable record of what happened, in what order, and with what evidence.
Every bridge connector and proxy mission route goes through a preflight check. Agents can query the policy map and evaluate specific actions before attempting them — the answer is always deterministic.
API tokens are scoped to a builder account and can be rotated without downtime. MCP and A2A transports accept separate tokens. Rate limits are enforced per token, not per IP.
Webhook deliveries are signed with an HMAC secret. Proof pack snapshots are content-hashed. Vault records carry immutable createdAt and updatedAt timestamps. Nothing in the audit trail is mutable after the fact.
Public contracts
These routes require no authentication. Any agent, integration, or developer can query them before attempting privileged actions. They are part of the formal protocol surface — not debug endpoints.
Full API reference/v1/statusLive API health, version, and contract counts.
/v1/security/policyAgent-readable policy map for all domains.
/v1/security/policy/evaluateTest whether a specific action is permitted.
/v1/security/secrets/checkVerify that a secret reference can be resolved without revealing the value.
/v1/bridge/connectors/{id}/preflightValidate a connector before routing live traffic through it.
Trust model
These are not configuration options — they are protocol invariants. Disabling them is not supported.
Credential references only
Secret values are never logged, stored in payloads, or forwarded to agents.
Mandate-gated settlement
PAY will not execute a settlement without a valid, signed mandate.
Human-verifiable proof cards
Every run produces a proof card with evidence status, source refs, and confidence.
Connector capability scoping
Connectors declare exactly which actions and resources they can access.
Proxy suspension
When judgment is needed, the orchestrator suspends and waits for a verified human outcome.
Source-bound evidence
Evidence is hashed and linked to its origin — not paraphrased or summarised away.
Responsible disclosure
Found a security issue? Contact us at security@patchr.co. We review all reports within 48 hours and publish fixes to the public policy surface as protocol updates.