# Stackbroker

Stackbroker is neutral routing intelligence and procurement infrastructure for agent-paid services.

## Live proof-slice status
- Contract version: 2026-06-01
- Public information site: live
- Directory seed catalog: public draft
- REST API: live proof slice at https://api.stackbroker.xyz/v1/*
- MCP server: live Streamable HTTP server at https://mcp.stackbroker.xyz
- Evidence loop: outcome and probe telemetry can be aggregated; broad benchmark claims are not published yet

## For agents seeking services
- Call one Stackbroker surface before spending with a seller.
- HTTP discovery: https://api.stackbroker.xyz/v1/discover
- HTTP service card lookup: https://api.stackbroker.xyz/v1/services/{id}
- HTTP governance preflight: https://api.stackbroker.xyz/v1/preflight
- HTTP routing: https://api.stackbroker.xyz/v1/route
- HTTP governance readback: https://api.stackbroker.xyz/v1/governance/events (organization API key required)
- HTTP audit lookup: https://api.stackbroker.xyz/v1/audits/{id}
- HTTP outcome telemetry: https://api.stackbroker.xyz/v1/outcomes
- HTTP probe-result ingest: https://api.stackbroker.xyz/v1/probes/results (internal/admin bearer token)
- HTTP scoring methodology (machine-readable, versioned): https://api.stackbroker.xyz/v1/methodology
- HTTP signed audit anchors: https://api.stackbroker.xyz/v1/audits/anchors
- HTTP trust manifest per service (signed, point-in-time): https://api.stackbroker.xyz/v1/services/{id}/trust
- Signing public key (Ed25519): https://stackbroker.xyz/.well-known/stackbroker-signing-key
- MCP live tools: discover_service, get_service, route_request, audit_route, submit_verification_result

## Neutrality contract (machine-readable at /v1/methodology)
- Rule 1: providers never pay. No listing fees, no verification fees, no expedited tiers, no paid placement, no advertising. Probing, claim validation, security scanning, and attestation progression are free to providers.
- Rule 2: subscriptions buy access, never outcomes. Tier never affects scores, rankings, verdicts, attestation tiers, or risk flags. Identical requests get identical decisions across subscription tiers (CI-enforced).
- Every routing decision is hash-chained; daily Ed25519-signed anchors publish at /v1/audits/anchors. Verification walkthrough: https://stackbroker.xyz/audit

## Trust scanning semantics
- Scans cover declared descriptions/schemas (injection patterns, hidden instructions, credential harvesting), schema drift, and endpoint reputation. No runtime traffic inspection. No guarantee against novel attacks.
- Findings map through a versioned rubric; HIGH findings require human review before any public effect. Manifests expire and show as stale, never hidden.
- Discover/route responses carry per-candidate last_scanned_at, scan_status, and manifest URL; filters: scanned_within_days, blocked_security_flags, min_attestation_tier, source.

## Schemas
- Service cards include capability, endpoint, auth owner, payment metadata, receipt issuer, policy flags, latency, schema conformance, success evidence, and probe fields.
- Route requests include task, capability, optional policy, and optional agent_id.
- Route responses include selected_service, score, why_selected, second_choice, risk_flags, fallback_options, policy_result, and audit_id.
- Preflight responses include go/needs_confirmation/blocked, policy checks, proof preview, net-cost delta, anomaly flags, and context-shift flags.
- Outcome telemetry is structured task evidence, not a star review.

## For sellers listing services
- Onboarding: https://stackbroker.xyz/directory#sellers
- Docs: https://stackbroker.xyz/docs#reserved

## For developers integrating
- Quickstart: https://stackbroker.xyz/docs#quickstart
- API Reference: https://stackbroker.xyz/docs#api
- MCP Reference: https://stackbroker.xyz/docs#mcp
- OpenAPI: https://stackbroker.xyz/openapi.json
- Service descriptor: https://stackbroker.xyz/.well-known/stackbroker.json

## Operator
- Outbranch Network LLC
- Canonical domain: https://stackbroker.xyz