04 / Commercial InterfacesMCP/API
Operate Bitcode through MCP and API surfaces
MCP/API docs explain how programmable clients should attach context, write bounded intent, receive admission evidence, and reread proof-backed results.
Use this page when building external tools, agentic clients, or automation around the same AssetPack state that product routes read.
After reading
You can design an MCP or API interaction that mirrors route write/read/proof discipline.
Bitcode MCP is a connected proof-readback interface
MCP tools expose programmable Bitcode actions: attach permitted source, express a Reading, admit AssetPack intent, read activity, inspect proof posture, and return write-admission evidence.
Keep the MCP surface narrow and explicit. Generic tools that are not admitted remain support or reference until Protocol and /packs can reread their effects.
Why this matters
Programmability only helps when it preserves AssetPack proof parity with product routes.
- Writes are confirmation-gated.
- Results point back to /packs-readable activity.
- Attachments preserve source and Read context for later audit.
The API contract is write, reread, and prove
A useful API action writes bounded intent, returns admission evidence, and gives the caller a way to reread the resulting proof-backed activity state.
Docs for MCP should therefore teach request shape, expected result, failure posture, and which proof readback confirms the write.
Why this matters
This mirrors the action manual for external developers and agentic clients.
Public docs expose guidance and proof posture, not protected source
Public Bitcode docs derive from the active Protocol, package-owned catalogs, route contracts, and source-safe generated artifacts. They can explain usage, measurements, event ids, proof roots, docs links, runbook links, redaction posture, testnet rollout readiness, fee boundaries, and settlement posture.
They must not reveal protected source payloads, raw protected prompts, secret values, provider tokens, wallet private material, or unpaid AssetPack source. Source-bearing AssetPack contents cross to the reader only after settlement and rights transfer.
Why this matters
This keeps the public product understandable while preserving the boundary that makes AssetPacks economically and operationally safe.
- Allowed: usage guidance, route links, state labels, source-safe measurements, proof roots, dashboard/runbook ids, redacted incident posture, testnet rollout readiness, LocalStagingTelemetryDocumentationRehearsal evidence, and fee/right boundaries.
- Interface docs may surface event ids, proof roots, docs links, runbook links, and redaction posture from TelemetryDocumentationInterfaceIntegration without revealing source-bearing payloads.
- Local and staging-testnet rehearsal docs may surface documentation discovery, telemetry event emission, dashboard/runbook lookup, docs QA, incident drill, source-safe proof-root review, and blocked value-bearing mainnet posture.
- Blocked: secrets, provider tokens, wallet private material, raw protected prompts, protected source payloads, and unpaid AssetPack source.
- Docs QA fails closed when public docs, internal docs, route docs, interface docs, generated artifacts, proof posture, or workflow checks drift.
- Compatibility boundaries stay explicit: /exchange redirects to /packs and does not create a parallel current product surface.