Agent Access on Graunt

What agents can read today

• Structured listing metadata — asset_class, file_format, category, declared rights, provenance metadata, the Packet Evidence Record, and (where applicable) signed-manifest references.
• Public search — GET /v1/listings with filters on category, asset class, file format, price range, tags, and free-text q. Filters include rights_block fields, publication metadata, and packet kind. There is no public quality filter or quality sort.
• Public detail — GET /v1/listings/{id} returns declared rights, the rights passport, provenance metadata, the Packet Evidence Record (packet_checks JSON field), intended-use declarations, the seller's rights attestation, and packet manifest where applicable.
• Pricing — GET /v1/meta/pricing exposes the platform fee rate, processing-fee formula, delivery-fee schedule, and current marketplace checkout constraints. All money values are integer cents.

How an agent uses Graunt today

Acquire a free packet (e.g., Packet 3 — OMB Federal AI Use Case Inventory)

1. Discover via GET /v1/listings?per_page=20. Pick the listing where is_free=true and asset_class=PACKET_BUNDLE.
2. Inspect via GET /v1/listings/{id}. Confirm rights_block.training_allowed, rights_passport.agent_access_allowed, and the bundle asset_count + manifest_sha256.
3. Authenticate as a registered organization. POST /v1/auth/login returns a 24-hour JWT. (One-time setup: POST /v1/auth/register with type=BOTH and complete email verification.)
4. Acquire via POST /v1/purchases with body {listing_id, idempotency_key, declared_use}. Free listings clear immediately to status=COMPLETED with free_acquisition=true; client_secret is null (Stripe is skipped on the free path).
5. Deliver via GET /v1/entitlements/{entitlement_id}/packet-bundle. Returns a manifest body with asset_count, manifest_sha256, and one short-lived presigned URL per asset.

Acquire a paid packet (e.g., the SEC Marketing Rule reference packet at $2.50)

1. Discover + Inspect as above. Paid listings carry price_cents > 0 and the commercial_terms block surfaces processing fee, delivery fee, and buyer total. Full marketplace pricing metadata lives at GET /v1/meta/pricing.
2. Authenticate as a registered buyer organization. The buyer org's verification_tier must clear the listing's min_buyer_tier (default REGISTERED — verified email).
3. Initiate purchase via POST /v1/purchases. The response includes a Stripe client_secret for the PaymentIntent created on the buyer's behalf, along with the listing's delivery_kind.
4. Complete payment. Today: the buyer organization's operator completes the payment in a browser at /buyer/checkout/{listing_id} (Stripe Elements mounted on Graunt). The publishable key is fetched from GET /v1/meta/stripe-publishable-key and the client confirms the PaymentIntent against the same Stripe account that issued the secret. Fully autonomous agent paid checkout is on the roadmap (delegated agent purchasing under buyer-defined credentials, spend controls, approval policies, and audit records); it is not the current public surface.
5. Observe completion. Stripe webhook flips the purchase to COMPLETED and creates the entitlement. The agent polls GET /v1/purchases/{id} or GET /v1/entitlements?per_page=10.
6. Deliver via GET /v1/entitlements/{entitlement_id}/packet-bundle. Same shape as the free path.

Create a listing (seller-side agent flow)

1. Authenticate as a seller organization (type SELLER or BOTH, status ACTIVE).
2. Open an upload session: POST /v1/packet-upload-sessions with body {idempotency_key, name, description}. Returns session_id and a new bundle_id.
3. Register each asset: POST /v1/packet-upload-sessions/{sid}/assets with {original_filename, declared_size_bytes, declared_content_sha256, declared_role, ordering, file_format}. Returns a presigned PUT URL with the matching content-type.
4. Upload bytes: PUT the file to the presigned URL. Include header x-amz-server-side-encryption: AES256.
5. Finalize: POST /v1/packet-upload-sessions/{sid}/finalize with {idempotency_key}. Returns bundle_revision_id, manifest_sha256, and the validated asset_count.
6. Create the listing: POST /v1/listings with body referencing packet_bundle_revision_id, plus price_cents, tags, rights_block, rights_passport, publication_metadata, industry_tag_codes, intended_uses, aup_version_acknowledged, aup_text_hash_acknowledged, idempotency_key.
7. Admin review. The new listing lands in PENDING_REVIEW. An admin completes POST /v1/admin/listings/{id}/review with {decision: "APPROVED"} before it appears in the public catalog. Every seller path goes through the same review gate.

Idempotency: every write that creates a new resource accepts an idempotency_key (≥32 chars). Replays return the original response without re-executing side effects. Errors carry a machine-readable error.code (e.g., VALIDATION_ERROR, BUNDLE_NOT_FOUND, BUNDLE_ARCHIVED, EMAIL_VERIFICATION_REQUIRED, ORG_NOT_ACTIVE, EMAIL_IN_USE).

Account state, verification, and recovery

Every authenticated route returns structured precondition errors so an agent never has to guess what went wrong. A buyer or seller agent should always check the org's verification state before triggering paid flows or seller payout setup.

• GET /v1/auth/me — JWT-only. Returns {org_id, org_name, type, status, email, email_masked, email_verified, stripe_connect_account_id, stripe_connect_onboarded}. Use this right after login to branch. The caller is the org itself, so the full email is returned for that org's own use; email_masked is suitable for human display ("a***x@example.com").
• POST /v1/auth/login response also carries status + email_verified directly; an agent that already calls login can branch without an extra round-trip.
• POST /v1/auth/me/resend-verification — JWT-only; the address is read from the org row server-side. Returns {message, email_masked, cooldown_seconds: 60}. Use this when the agent already has a session token. Returns 502 EMAIL_SEND_FAILED if SES rejects (caller may retry after the cooldown).
• POST /v1/auth/resend-verification — unauthenticated alias. Takes {email}; rate-limited to 3 / hour / email; returns a generic-success response either way (no enumeration). Use this only when no session token is available.
• POST /v1/auth/change-email — JWT-only; takes {new_email, current_password}. Allowed only while status=PENDING_VERIFICATION. Old token is invalidated and a new one is sent to the new address. Returns EMAIL_UNCHANGED if new_email equals the current address (caller should call /me/resend-verification instead).

Actionable error codes returned by gated routes:

• EMAIL_VERIFICATION_REQUIRED — the org is in PENDING_VERIFICATION. Body includes next_actions with the resend / change-email / human-recovery URLs. Agents should surface these to the buyer-org operator rather than retrying.
• ORG_NOT_ACTIVE — the org is in some other non-ACTIVE state (PAUSED, SUSPENDED). Resolution is operator-side; agents should not retry.
• SELLER_PAYOUT_SETUP_REQUIRED / CONNECT_ONBOARDING_REQUIRED — Stripe Connect must be completed before paid listings can be activated. Trigger via POST /v1/auth/stripe/connect and follow the returned onboarding_url in a browser.
• PAYMENT_REQUIRED — downstream of paid checkout; resolve via POST /v1/purchases + Stripe confirmation.
• ENTITLEMENT_REQUIRED — the caller has no entitlement for the requested asset. Resolve via acquisition.

Human counterparts of these flows live at /account, /account/verify-email, /seller, and /buyer/checkout/{listing_id}. Errors include a recovery_suggestion string that mirrors the human-page CTA copy.

Accountable agent commerce

Graunt is built for agent-readable commerce: structured packet metadata, declared rights, provenance, Packet Evidence Records, prices, signed manifests, and entitlement paths are exposed so software can discover, compare, and prepare acquisition decisions.

Current paid purchase execution runs through authenticated buyer-organization accounts. Graunt's direction is delegated agent purchasing under buyer-defined credentials, permissions, spend controls, approval policies, and audit records — designed so authorized agents can transact without turning the marketplace into unauthenticated bot checkout.

Unauthenticated agent paid checkout is not part of the current public surface. Every paid purchase remains accountable to a registered buyer organization. Free listings (price_cents = 0) can additionally be acquired through the public-token-grant flow described above.

Fields agents should read before recommending an asset

• rights_block — license family, citation requirement, no-train / no-redistribute / personal-data-sensitive flags.
• rights_passport — access mode, delivery mode, agent-access-allowed declaration (D-186, listing-level only).
• packet_manifest — for packet-overlay listings, the structured family / kind / sources / structure / evidence_refs payload.
• publication_metadata — publisher role, jurisdictions, language, publication date, standard identifiers (D-187).
• packet_checks — API field carrying the Packet Evidence Record: bounded declared-rights, provenance, manifest, validation, and content-metadata signals.
• provenance — seller-declared source, fetched-at timestamp, version identifier, citation template.
• lineage — superseded_by_listing_id / replaces_listing_id for declarative listing supersession.
• Signed manifest endpoint — GET /v1/listings/{id}/manifest returns the canonical manifest body. For pilot-stage signed listings, integrity headers carry the signing-key id, custody tier, and signature.

See also /llms.txt for the orientation manifest and additional pointers.

Seller vs. source / publisher

Two distinct identifiers live on every listing and they should never be conflated:

• seller_org_name — the organization that lists on Graunt (the packager). For the current packets, this is Lapidary.
• publication_metadata.publisher_name — the source authority that originated the underlying material (e.g., the U.S. Office of Management and Budget for the federal AI use-case inventory; the U.S. SEC for the Marketing Rule reference packet). The publisher_role classifies the authority kind (GOVERNMENT, STANDARDS_BODY, REGULATORY_AGENCY, etc.).

Agents recommending an asset should surface both: who packaged it and where the underlying material comes from. Domains and email addresses (thelapidary.ai, etc.) are contact information, never seller display names.

Browsing package contents pre-purchase

For bundle listings, every machine consumer can read the full per-asset inventory at GET /v1/listings/{id}/manifest before any purchase. The response carries kind: "PACKET_BUNDLE_MANIFEST_PUBLIC", the bundle manifest_sha256, and an assets[] array with each asset's ordering, role, original_filename, file_format, file_size_bytes, and content_sha256. Presigned download URLs are never returned on this endpoint — those are issued only to authenticated buyers via GET /v1/entitlements/{entitlement_id}/packet-bundle after acquisition.

Humans browsing graunt.com see the same inventory at /catalog/{listing_id}/contents grouped by role.

Entitlement access policy

An entitlement is a durable access right, not a finite download coupon. Packet-bundle entitlements grant ongoing access according to listing terms; delivery is protected by per-call rate limits and short-TTL presigned URLs rather than by a lifetime download counter.

Entitlement responses (GET /v1/entitlements/{id}, GET /v1/entitlements?per_page=N) include both the legacy download_count / max_downloads fields (single-file safety) AND the canonical Pre P6-6 access-policy block:

{
  "access_status": "ACTIVE",
  "delivery_policy": {
    "mode": "RATE_LIMITED",
    "lifetime_download_limit": null,
    "presigned_url_ttl_seconds": 900,
    "max_urls_per_batch": 100
  },
  "rate_limit": {
    "limited": false,
    "retry_after_seconds": null,
    "policy": "per_org_per_entitlement_delivery_window"
  }
}

For packet-bundle entitlements, delivery_policy.lifetime_download_limit is null — access does not expire by usage. Single-file entitlements continue to echo the legacy lifetime cap until a follow-up slice replaces it with the Redis-backed per-window rate limit. Either way: agents and UIs should consume delivery_policy + rate_limit, not the legacy download_count diff.

Native bundle capacity

Native packet-bundle delivery is canonical. Multi-asset packets — including reference packets that ship hundreds of source documents alongside the primary data — are uploaded as a single packet_bundle_revision with one row per delivered file and a single manifest_sha256 covering the canonical inventory.

• Default launch cap: 1000 assets per bundle.
• Max bytes per asset: 5 GB.
• Max total bytes per bundle: 50 GB.
• Public manifest (GET /v1/listings/{id}/manifest) returns the full canonical inventory in one response. Higher caps (operator-tier overrides) and paginated manifest retrieval are reserved for follow-up slices and are not yet enabled.
• Entitled delivery (GET /v1/entitlements/{entitlement_id}/packet-bundle) issues one short-TTL presigned URL per delivered asset.

Optional ZIP archive export is reserved as a derived convenience artifact — it is generated from the canonical bundle revision when requested and is never the source of truth. Agents should consume the manifest and retrieve assets individually or through the bundle delivery route.

Machine surface

• /.well-known/ai-plugin.json — plugin manifest.
• /openapi.json — full OpenAPI 3.1 contract for the live machine surface.
• /v1/meta/seller-standards — machine-readable seller and agent acceptance standards (evaluated, not verified posture). Paired human page at /sellers/standards.
• /v1/meta/agent-surface — omnibus agent-readable contract: trust primitives, scanner signals, search contract, roadmap direction. Single deterministic JSON source of truth for agents (P6-Agent2).
• /v1/meta/agent-participation — machine-readable contract describing the role kinds, reward kinds, allocation-ledger status, disclosure rules, and roadmap direction for planned / gated programs.
• /v1/meta/scanner-signals — machine-readable scanner-signal catalog with DISCLOSE_ONLY ceiling and bounded-language vocabulary.
• /v1/meta/search-contract — machine-readable search / discovery contract: supported filters, ranking formula summary, ranking invariants (no opaque rollup score; no agent reputation multiplier; no hidden quality boost).
• /trust — evidence model, review gates, and bounded scanner-signal posture. Describes what an agent can rely on (declared rights, provenance, Packet Evidence Records, signed manifests, admin review) and what bounded scanner outputs are vs. what they are not.
• /operator-approval — publication review gate as a product feature.
• /examples — concrete examples of Graunt packets, manifests, scanner signal shapes, agent discovery workflows, and search query patterns.
• /commissioned-agents — planned and gated builder, curator, validator, and reviewer surfaces under the existing publication review gate. Roadmap direction only.

The OpenAPI document covers only endpoints that exist at runtime today. Roadmap surfaces (machine-native access, pools, demand signals, broader signing-key management) are feature-flagged off and are intentionally absent from the spec.

Search and discovery

Listing search is hard-filter first. The machine-readable contract at /v1/meta/search-contract (schema_version 2) describes every supported filter, groups them under filter_groups for clarity, and enumerates the canonical taxonomy under tag_taxonomy. Agents reading the contract can construct valid queries without scraping human pages.

Ranking is ts_rank_cd × title_coef. There is no quality coefficient, no seller-prestige boost, no agent-reputation multiplier, no composite trust score, and no hidden rerank. Manifest-completeness is a sort tiebreaker only when q is present. Common agent guesses that are not supported (verified_quality, quality_score, composite_trust_score, seller_prestige, training_safe, guaranteed_clean, scanner-presence filters while substrate is inert) live under unsupported_filters with their reason — that block is the contract's anti-hallucination guard.

Concrete search examples live at /examples. For seller-side guidance on which structured fields drive which filter groups, see /sellers/standards and the deterministic seller_discoverability_guidance block on the contract.

Forward direction

Graunt's long-term direction includes expanded machine participation across the marketplace lifecycle — agent-assisted supply creation, discovery, and procurement — with delegated agent purchasing under buyer-governed authority, spend controls, approval policies, and audit records. That capability is under development; no external program for it is open today.

Graunt is not affiliated with, partnered with, or endorsed by any specific model vendor or agent runtime. The marketplace is provider-neutral; references to LLMs and agents describe consumers of the data, not commercial partnerships.