An agent API call becomes a verifiable economic event.

Three demo tracks. The first one needs nothing from you. The third is what every signed pilot runs. Each track produces the same four artefacts: verified call, signed receipt, audit entry, offline-verifiable proof bundle.

Track A — No-credential proof / audit demo shipped

We run the gateway locally on your call. Identity → policy → 402 → 200 → signed receipt → audit chain → proof bundle. No external dependencies. No credentials from you. The wow moment lands without anyone touching production.

Track B — Operator-credentialled pilot operator-gated

Real public_x402 facilitator. Real GCS bucket. Real Alertmanager tenant. Real signed-webhook receiver. Each lane is operator-gated — pending real credentials we do not hold. The output is the first real externalOperatorVerified row in the alpha-RC status pack.

Track C — Design-partner pilot bounded

Your sandbox endpoint behind the gateway. Your acceptance criteria. Your operator-credential checklist. The pilot produces a signed dataroom bundle, a customer-acceptance report, and the first real signed receipt issued for a real paid call.

Sample CLI output

$ pnpm pilot:demo:rehearse
{
  "schemaVersion": "agenttrust.demo_rehearsal.v1",
  "externalDependenciesUsed": false,
  "steps": [
    { "name": "401_unauth", "status": "passed" },
    { "name": "402_challenge", "status": "passed" },
    { "name": "200_paid_request", "status": "passed" },
    { "name": "receipt_verify", "status": "passed" },
    { "name": "audit_presence", "status": "passed" },
    { "name": "posture_read", "status": "passed" },
    { "name": "readiness_reference", "status": "passed" }
  ],
  "verdict": "passed"
}