# attn Agentic Credit Skill

Last reviewed: 2026-04-22

This is the public agent-facing guide for attn agentic credit.

It explains the current multirail program and its verification boundary without exposing operator hosts, wallet secrets, treasury internals, or private runbooks.

This page is public product truth. It is not the private operator checklist.

This page is the operational guide for agents using attn credit across the current hosted surfaces:

- public guide: `https://attn.markets/skill.md`
- public multirail launcher: `https://credit.attn.markets/agent-credit`
- canonical multirail runtime: `https://credit.attn.markets`
- XLayer hosted runtime override: `https://xlayer-credit-api-production.up.railway.app`

If this page, the live hosts, and an old thread disagree, trust the route-specific live host first:

1. `GET https://credit.attn.markets/api/release-stamp`
2. `GET https://credit.attn.markets/api/tempo/agent-credit/live/capabilities`
3. `GET https://credit.attn.markets/api/tempo/agent-credit/live/catalog`
4. `GET https://credit.attn.markets/api/tempo/agent-credit/operator/ledger`
5. for fresh XLayer exact flows, use `https://xlayer-credit-api-production.up.railway.app` instead of assuming `credit.attn.markets` owns the newest XLayer path

## What this agent can do

- discover current chain and rail support
- distinguish verified rails from implemented-but-not-current rails
- route partner-credit workflows to `GET /api/partner/credit/catalog`
- use `/partner-credit-runbook.md` for public developer and operator integration truth
- prepare policy-bound execution on supported rails
- fail closed when a rail, wallet model, or proof state is not current

## Current verified multirail program

Current canonical-host route-present lanes:

- `solana_x402_exact`
- `solana_mpp`
- `base_x402_exact`
- `virtuals_acp`
- `tempo_x402_exact`
- `tempo_mpp`

Current canonical-host live-enabled rails:

- `solana_x402_exact`
- `solana_mpp`
- `base_x402_exact`
- `virtuals_acp`
- `tempo_x402_exact`
- `tempo_mpp`

ACP note:

- `virtuals_acp` is live on the canonical host for approved or curated ACP offerings; do not widen that into arbitrary ACP job claims without checking the current catalog and review queue first

## Current non-claims

- `base_mpp` is not implemented in current repo truth
- `solana_acp` is absent from the current public support contract
- ACP on `tempo` is not part of the current public support contract
- a general wallet-less attn-managed `OWS` wallet product is not publicly claimed as a general-purpose autonomous wallet beyond the hosted managed-wallet lifecycle routes and supported rails
- backend ownership is not publicly claimed as fully Railway-owned

## How the product works

1. Discover the current chain and rail picture.
2. Check whether the target lane is verified now or only implemented in repo truth.
3. For partner-credit or borrower-first flows, start with `GET /api/partner/credit/catalog`.
4. Follow the bounded lane sequence: qualify, decide, reserve, execute, and repay only when the selected lane is current.
5. Stop on `blocked`, `await_human_signature`, unsupported wallet model, or missing proof state.

Nothing on this page should be read as permission to execute without the required user approval, policy gate, or lane-specific proof gate.

## Public agent tooling

For public partner-credit agents:

- start with `GET /api/partner/credit/catalog`
- use `createPumpAgentBorrowerTools(...).summarizeCatalog()` when one bounded summary is enough
- preserve `can_agent_discover_lane_now`, `can_agent_start_onboarding_now`, `can_agent_complete_primary_lane_now`, `can_agent_complete_real_credit_now`, `can_agent_complete_public_market_now`, `primary_lane_readiness_state`, `primary_lane_blockers`, `public_market_readiness_state`, `public_market_blockers`, `live_claim_scope`, `real_credit_blockers`, `closure_summary_path`, `closure_hosted_state`, derived `hosted_state_posture`, `mcp_transport_state`, `agent_operability_state`, `recommended_package`, `recommended_wrapper`, `skill_surface_path`, `runbook_surface_path`, `proof_contract_summary`, `proof_contract_summary_source`, `closure_proofs`, `closure_pack_artifacts`, `first_private_lane_semantics`, `pilot_path_truth`, `private_parity_receipt`, `dashboard_speed`, derived `speed_posture`, and derived `speed_blockers`
- use `createPumpAgentBorrowerTools(...).recommendCatalogAction()` when one bounded `recommendation` plus `recommendation_reasons` is enough
- use `/partner-credit-runbook.md` when the agent needs the fuller public integration contract behind those fields

## Built on top of

- `x402` exact rails for `solana`, `base`, and `tempo`
- `mpp` rails for `solana` and `tempo`
- treasury-side `OWS` integration plus the hosted managed-wallet lifecycle route family
- attn partner-credit catalog and runbook surfaces

These lanes are live-proven on attn's hosted surfaces today:

1. `solana_x402_exact`
   - canonical-host exact paid-content rail
2. `solana_mpp`
   - approved Solana services
   - still live-proven, but fresh repeat proofs are currently limited by shared facility budget instead of runtime drift
3. `base_x402_exact`
   - canonical-host exact paid-content rail on Base
   - check the live capabilities route for current `live_enabled` status before each spend
4. `virtuals_acp`
   - approved ACP jobs and curated offerings on Base
   - use the live catalog and review queue instead of stale ACP packets
5. `tempo_x402_exact`
   - canonical-host exact paid-content rail on Tempo
   - check the live capabilities route for current `live_enabled` status before each spend
6. `tempo_mpp`
   - approved Tempo services

## XLayer host override

For fresh XLayer flows, do not assume the canonical multirail host is the right runtime.

Use the Railway XLayer host for the current XLayer verification and fresh-session flow:

1. host: `https://xlayer-credit-api-production.up.railway.app`
2. hosted-verified surfaces on Railway:
   - `POST /api/matrica/connect/start`
   - `GET /api/matrica/connect/session/:sessionId`
   - `POST /api/tempo/agent-credit/live/wallet-disclosure`
   - `POST /api/tempo/agent-credit/live/decision`
3. strongest current hosted swap proof anchor: `xlayer_okx_swap_exact_in`
4. a fresh swap replay now requires a newly authorized Matrica session before reserve and execute can be re-run honestly
5. same-session wallet behavior:
   - do Matrica first
   - keep the same session
   - if the synced human already has a usable EVM wallet, use it
   - otherwise reuse a disclosed agent wallet if present
   - otherwise let the Railway XLayer host auto-provision and persist a managed `OKX Agentic Wallet` on that same session
6. the managed `OKX Agentic Wallet` is the execution wallet the hosted XLayer flow can then use for `decision -> reserve -> execute`
7. managed wallet provisioning is an execution-wallet path only; it does not replace Matrica human proof
8. do not present `xlayer_okx_x402_exact_http` as live; the remaining exact XLayer x402 frontier is still blocked by chain-196 OKX / OnchainOS signer incompatibility
9. if you are configuring Hermes manually, point the XLayer base URL at this Railway host explicitly until the public mirror and runtime converge

## Control and safety model

- policy-bound execution
- fail closed on unsupported or blocked lanes
- no raw key exposure through this public surface
- no hidden claim of general wallet-less custody

1. `tempo_x402_exact`
   - currently live-enabled on the canonical host
   - still check `GET /api/tempo/agent-credit/live/capabilities` before a current claim or spend
2. `base_x402_exact`
   - currently live-enabled on the canonical host
   - still check `GET /api/tempo/agent-credit/live/capabilities` before a current claim or spend
3. `xlayer_okx_swap_exact_in`
   - strongest hosted swap proof still points here
   - a fresh replay now waits on a newly authorized Matrica session
4. `xlayer_okx_x402_exact_http`
   - same fresh Matrica requirement applies for any clean replay
   - the remaining exact-x402 frontier is still external signer incompatibility on chain 196 OKX / OnchainOS

In practical terms:

- supported rails can be discovered publicly
- not every implemented rail is current
- private operator and treasury workflows stay off the public route
- stronger hosted claims require current proof for that exact lane

## Agent wallet model

Today:

- walleted and bounded hosted execution paths are real only where this page marks them as verified
- treasury-side `OWS` integration exists behind the scenes
- some flows still require explicit human signature or authenticated wallet context

Intended model:

- attn-managed wallet serving should be capability-based, not secret-based
- a general wallet-less agent path should exist only once public proof and lifecycle serving are real

This page does not claim that general wallet-less autonomous wallet control is live beyond the hosted managed-wallet lifecycle routes and supported rails.

## What is production-host verified

These surfaces were checked directly on the canonical or public production hosts:

1. canonical `release-stamp`
2. canonical live capabilities and live catalog
3. canonical live wallet-disclosure, live decision, live payment-issues, and operator payment-issues route families as structured route contracts rather than framework `404` pages
4. canonical public operator ledger
5. Matrica connect start plus session polling on the canonical host
6. Railway XLayer Matrica start, session polling, wallet disclosure, and decision
7. Pump-public estimator and the public borrower shells on `app.attn.markets`
8. the public Pump borrower pages no longer emit `/credit-line-workspace` borrower CTAs

## What must stay last

Do not move to XLayer DeFi before the core rails are live-closed:

1. `okx_defi_invest`
2. `okx_defi_withdraw`
3. `okx_defi_collect`

The correct order is:

1. live MPP and ACP rails
2. live exact x402 rails
3. XLayer swap and XLayer x402
4. only then XLayer DeFi

## Order for a new agent

Use the lanes in this order:

1. `tempo_mpp`
2. `solana_mpp`
3. `virtuals_acp`
4. `solana_x402_exact`
5. `tempo_x402_exact`
   - confirm `live_enabled=true` on the current capabilities route before spending
6. `base_x402_exact`
   - confirm `live_enabled=true` on the current capabilities route before spending
7. XLayer only when you need an EVM wallet-native action and are ready to do fresh Matrica auth
   - use `https://xlayer-credit-api-production.up.railway.app` for Matrica, session polling, wallet disclosure, and decision
   - treat `xlayer_okx_swap_exact_in` as the strongest prior hosted swap proof, but currently operator-gated pending fresh Matrica authorization
   - do not use `xlayer_okx_x402_exact_http` for live claims while signer compatibility remains blocked
8. XLayer DeFi only after the core XLayer rails above are live-proven

For the separate Pump borrower lane, use this order:

1. start at `https://www.attn.markets/credit-simulation?cluster=mainnet-beta`
2. use `https://credit.attn.markets/pump-credit-checker` to size a single mint
3. if one borrower wallet controls multiple launches, use `https://credit.attn.markets/wallet-qualification`
4. move into `https://credit.attn.markets/onboarding`
5. use `https://credit.attn.markets/credit-line` as the public borrower-status entry path
6. only use `/credit-line-workspace` on repo-owned or local proof surfaces
7. use `https://credit.attn.markets/offboarding` only after fee routing and debt state say closeout is allowed

For the trends.fun Solana submission story, use this order:

1. show the canonical release identity and live capabilities
2. anchor on `solana_x402_exact`
3. show supporting live `tempo_mpp`, `solana_mpp`, and `virtuals_acp`
4. show Matrica start plus session status as the identity/session layer
5. show the Pump estimator and public borrower shells as the borrower pilot wedge
6. state the borrower blocker explicitly:
   - hosted Swig activation still returns `STATE_STORE_UNAVAILABLE`

## Required prerequisites

For the borrower-facing rails:

1. start a Matrica session first
2. send the returned `authorize_url` to the human owner
3. poll the returned `session_status_url`
4. wait for `agent_state = ready_for_credit_decision`

The current Matrica start route is:

- `POST https://credit.attn.markets/api/matrica/connect/start`

The current session poll route is:

- `GET https://credit.attn.markets/api/matrica/connect/session/:sessionId?session_token=...`

Wallet guidance:

1. if the agent already has wallets, disclose them after the session starts
2. do not block the Matrica step on wallet collection
3. for XLayer, do Matrica first and do not ask for a wallet upfront
4. for XLayer, if the synced session has no usable EVM wallet, reuse a disclosed agent wallet or let the Railway host auto-provision a managed `OKX Agentic Wallet` on that same session
5. for XLayer, when a wallet is needed it must still be an EVM `0x...` wallet, not a Solana address
6. wallet resolution does not bypass human proof

Operator auth:

1. public routes do not require the operator token
2. operator routes, freeze, and operator repay-on-behalf do require the operator token

Pump borrower prerequisites:

1. the app-host borrower lane is still a restricted pilot, not a public pool-backed draw
2. Pump qualification currently depends on Pump-public creator-reward truth, not on the agent-credit rail catalog
3. borrower status on the public host currently routes through `credit-line` and then into the public simulation path
4. do not claim the Pump lane is fully live while the activation route is still returning `STATE_STORE_UNAVAILABLE`

## Fastest safe flow

Use this sequence unless you are explicitly debugging a later step:

1. check live rail status first:
   - `GET https://credit.attn.markets/api/tempo/agent-credit/live/capabilities`
2. start Matrica:
   - `POST https://credit.attn.markets/api/matrica/connect/start`
3. if wallets are already known, disclose them:
   - `POST https://credit.attn.markets/api/tempo/agent-credit/live/wallet-disclosure`
4. read the live catalog:
   - `GET https://credit.attn.markets/api/tempo/agent-credit/live/catalog`
5. request the decision:
   - `POST https://credit.attn.markets/api/tempo/agent-credit/live/decision`
6. reserve the spend:
   - `POST https://credit.attn.markets/api/tempo/agent-credit/live/reserve`
7. execute the payment:
   - `POST https://credit.attn.markets/api/tempo/agent-credit/live/execute`
8. if debt remains, repay:
   - `GET https://credit.attn.markets/api/tempo/agent-credit/live/repay/instructions?facility_id=...`
   - `POST https://credit.attn.markets/api/tempo/agent-credit/live/repay`

For the current XLayer hosted swap flow, use this variant instead:

1. start Matrica on the Railway XLayer host:
   - `POST https://xlayer-credit-api-production.up.railway.app/api/matrica/connect/start`
2. poll the Railway-hosted session:
   - `GET https://xlayer-credit-api-production.up.railway.app/api/matrica/connect/session/:sessionId?session_token=...`
3. if wallets are already known, disclose them on that same Railway session:
   - `POST https://xlayer-credit-api-production.up.railway.app/api/tempo/agent-credit/live/wallet-disclosure`
4. if no usable EVM wallet is present after sync, let the same session continue through the managed-wallet branch on Railway instead of restarting Matrica
   - that branch can auto-provision a managed `OKX Agentic Wallet` on the same session
5. request the XLayer decision:
   - `POST https://xlayer-credit-api-production.up.railway.app/api/tempo/agent-credit/live/decision`
6. reserve the spend:
   - `POST https://xlayer-credit-api-production.up.railway.app/api/tempo/agent-credit/live/reserve`
7. execute the payment:
   - `POST https://xlayer-credit-api-production.up.railway.app/api/tempo/agent-credit/live/execute`

For the separate Pump borrower lane:

1. confirm the public entry path first:
   - `GET https://app.attn.markets/pump-credit-checker`
   - `GET https://app.attn.markets/wallet-qualification`
2. quote one mint:
   - `POST https://app.attn.markets/api/pump-credit-checker/estimate`
3. if a real borrower wallet is known, test grouped qualification:
   - `POST https://app.attn.markets/api/pump-credit-checker/wallet-qualification`
4. continue to onboarding only after the route contract is healthy:
   - `POST https://app.attn.markets/api/onboarding/stage-status`
   - `POST https://app.attn.markets/api/onboarding/swig/activate`
5. use manual repay or offboarding only after a real funded facility exists:
   - `GET https://app.attn.markets/api/pump-credit-checker/manual-repay-context?facility_pubkey=...`
   - `POST https://app.attn.markets/api/onboarding/swig/offboard-fee-ownership`

## Lane-specific rules

### Tempo MPP and Solana MPP

Use these for approved service spends.

Rules:

1. choose only an approved merchant from the live catalog
2. they are repayable lanes
3. operator repay-on-behalf is supported on the exercised flows
4. later provider failure can still create a payment issue or trigger automatic recovery

### Virtuals ACP

Use this for approved ACP jobs.

Rules:

1. approved offerings can run immediately
2. unapproved offerings must go through `review-requests`
3. the financed `EIP-8183` lane is live on approved offerings
4. the lane is repayable
5. some ACP repayment shortcuts are policy-specific, so do not assume `proof_reset` is always valid

### Solana x402 exact

Use this only for the current live exact paid-content merchant.

Rules:

1. this is live now
2. it follows the same `decision -> reserve -> execute -> repay` pattern
3. invalid execute or invalid reservation is returned as a blocked receipt, not a fake success

### Tempo x402 exact and Base x402 exact

Do not route to these on the canonical host until the live capabilities route shows them enabled.

### XLayer sponsor gift and XLayer jobs

This lane needs extra care.

Rules:

1. the sponsor gift is not a loan
2. the sponsor gift does not create repayable borrower debt
3. the current live exact merchants are split across hosts:
   - use the Railway host for Matrica, session polling, wallet disclosure, and decision
   - treat `xlayer_okx_swap_exact_in` as the strongest prior Railway-hosted swap proof anchor
   - do not treat `xlayer_okx_x402_exact_http` as live while signer compatibility remains blocked
4. same-session managed-wallet auto-provision is hosted-proven on the Railway XLayer host, not on the canonical multirail host
   - the hosted flow can give the agent a managed `OKX Agentic Wallet` on that same Matrica session when no usable EVM wallet already exists
5. do Matrica first and do not ask for a wallet upfront
6. if the synced session has no usable EVM wallet, reuse a disclosed agent wallet or let the Railway XLayer host provision a managed `OKX Agentic Wallet` on that same session
7. if a prior XLayer facility is frozen, repay or use the operator unfreeze route before retrying new spend
8. fresh swap replays are currently operator-gated by Matrica authorization, and exact XLayer x402 remains externally blocked

### Pump borrower single-token lane

Use this only as a separate borrower pilot lane on `app.attn.markets`.

Rules:

1. it is not one of the seven `credit.attn.markets` rails
2. the strongest current live proof is the estimator happy path, not a full funded borrower lifecycle
3. the app host serves `pump-credit-checker`, `wallet-qualification`, `onboarding`, and `offboarding`
4. the public app host does not serve `/credit-line-workspace`
5. if you are on the production app host, borrower-status links must point at `https://app.attn.markets/credit-line`, not `/credit-line-workspace`
6. the current activation blocker is the hosted Swig session store returning `STATE_STORE_UNAVAILABLE`
7. a grouped wallet-qualification happy path still needs a real borrower wallet that actually discovers launches on the live host
8. for the Solana submission story, treat this lane as supporting proof, not the primary live anchor

## Repayment behavior

Repayment is part of the current live system.

Rules:

1. self-serve repay requires:
   - `facility_id`
   - `amount_usd`
   - `source_type`
   - `source_ref`
2. use the repay instructions route first so the runtime can tell you:
   - the current amount due
   - the suggested `source_type`
3. missing `source_ref` is rejected
4. reusing the same `source_ref` is rejected
5. operator repay-on-behalf works on the repayable rails that were already exercised in hosted proofs
6. sponsor gifts do not create repayable debt

For the Pump borrower lane:

1. manual repay context is available, but only when a real facility pubkey exists
2. the offboarding route is part of the borrower lifecycle, not a generic operator cleanup shortcut
3. operator repay-on-behalf is not yet re-proven in this run for the Pump borrower lane
4. do not present Pump borrower repay-on-behalf as generally live until that exact lane is re-exercised

Current live unhappy-path meanings:

1. missing `source_ref`
   - `SELF_SERVE_REPAYMENT_PROOF_REQUIRED`
2. duplicate `source_ref`
   - `SELF_SERVE_REPAYMENT_SOURCE_REF_REUSED`
3. wrong shortcut for a given ACP facility
   - use the source type returned by repay instructions instead of guessing

## Payment issues, recovery, and watchdog behavior

This part of the system exists today even though not every path is fully re-proven live.

What it does:

1. claimant payment-issues routes let the borrower side inspect issue state
2. operator payment-issues routes let operators open, inspect, refund-resolve, and list issues
3. payment-outcome watchdog logic can:
   - refund later terminal failures
   - restore sponsor budget where applicable
   - freeze the facility if refund cannot complete safely

How to use it:

1. if a provider charged without completion, check operator payment issues before guessing
2. if a later failure appears after execute, treat it as a recovery flow, not as proof that the lane never worked
3. do not casually call watchdog mutation routes on the live host just to “see what happens”

## Operator and dashboard surfaces

Public read surfaces:

1. `GET https://credit.attn.markets/api/tempo/agent-credit/live/capabilities`
2. `GET https://credit.attn.markets/api/tempo/agent-credit/operator/ledger`
3. public ops pages under `https://credit.attn.markets/agent-credit/ops/`

Private operator read surfaces:

1. `GET https://credit.attn.markets/api/tempo/agent-credit/operator/ledger?limit=...`
2. `GET https://credit.attn.markets/api/tempo/agent-credit/operator/payment-issues?limit=...`

Use the public ledger first for lane mix and the private ledger or payment-issues route for triage.

## Safe live failure meanings

These responses are expected contract behavior, not proof that the runtime is broken:

1. invalid Matrica session on decision
   - `400 BAD_REQUEST`
   - `matrica_session_missing`
2. invalid merchant on reserve
   - blocked `200` receipt
   - `merchant_not_found`
3. invalid reservation on execute
   - blocked `200` receipt
   - `reservation_not_found`
4. unauthenticated operator or freeze routes
   - `401 UNAUTHORIZED`

## What not to promise

Do not promise any of these today:

1. cash withdrawal
2. arbitrary wallet transfers
3. arbitrary jobs outside the approved list
4. Base or Tempo x402 spend without checking the current capabilities receipt first
5. XLayer DeFi `invest`, `withdraw`, or `collect`
6. automatic hosted OKX wallet creation for a newcomer on the canonical multirail host

## Machine truth

Current canonical-host reason codes that matter:

1. `human_proof_unverified`

Current external XLayer blocker that matters:

1. chain-196 OKX / OnchainOS signer incompatibility on `xlayer_okx_x402_exact_http`

Current live proof state:

1. `live_proven`

Current public entrypoint:

1. `https://attn.markets/skill.md`