Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.peaq.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Machine Markets is the orchestration layer behind Scale. It pairs an AI agent to an activated, bonded machine, gives that pairing a policy with spend limits and an allow/denylist, and exposes a curated catalogue of capabilities and provider services the agent can search against using the machine’s context. The agent’s legitimacy is the machine’s: peaqID, Machine NFT, MCR, and trust level all carry through.

Roles

RoleDescription
MachineAn activated peaqOS device with a peaqID, Machine NFT, smart account, and bond. The machine is the principal. Funds, identity, and reputation belong to it.
Proxy Operator / Machine OwnerHuman (or org) that controls the machine. Funds the wallet, pairs the agent, sets the policy, can revoke or repair at any time.
Machine AgentThird-party AI agent (Claude, OpenAI, Virtuals, Teneo, your own) given delegated, bounded authority over the machine’s smart account. peaq does not provide the agent.
Machine-Side Runtime AgentOptional process running on the device that registers local runtime endpoints. Used for skills that execute on the machine rather than at a remote provider.
Service ProviderExternal entity (QVAC, agentic.market services over x402, pay.sh services, etc.) whose service is registered in the catalogue and consumed by Machine Agents.

Core objects

type Machine = {
  id: string;
  displayName: string;
  status: "draft" | "active" | "degraded" | "blocked" | "archived";
  ownerId: string;
  identityRef: string;          // did:peaq:0x... or peaqos:machine:<id>
  identityProof?: { /* EIP-191 controller signature, see API ref */ } | null;
  machineType: string;
  runtimeProfile: string;
  capabilities: string[];
  labels: Record<string, string>;
  policyIds: string[];
  skillKeys: string[];
  createdAt: string;
  updatedAt: string;
};

type AgentPairing = {
  id: string;
  machineId: string;
  status: "active" | "paused" | "revoked";
  agentAddress: string;
  agentDid: string | null;
  agentProvider: string;        // "anthropic" | "openai" | "virtuals" | ...
  agentRole: string;            // free-form, e.g. "ops" | "trader" | "buyer"
  description?: string | null;
  verification: {
    method: "eip191";
    signerAddress: string;
    verifiedAt: string;
    challengeExpiresAt: string;
  } | null;
  delegationPolicy: {
    allowedSkillKeys: string[];
    deniedSkillKeys: string[];
    allowedServiceIds: string[];
    deniedServiceIds: string[];
    perTransactionLimit?: number | null;
    dailySpendLimit?: number | null;
    currency?: string | null;
  };
  hasAuthToken: boolean;
  tokenLastFour: string | null;
  sessionId: string | null;
  sessionTokenId: string | null;
  sessionIssuedAt: string | null;
  sessionExpiresAt: string | null;
  pairingToken?: string;        // signed HS256 session JWT, returned once at create/rotate
  createdAt: string;
  updatedAt: string;
};

Skills vs services

Two things look similar. They aren’t.
  • A skill is a capability schema. storage.object says “an object-storage service exposes these operations”. Skills are the contract.
  • A service is a concrete instance of a skill from a specific provider. “Exa search via agentic.market” is a service. Services are what you actually buy.
Service types: 
oracle.price-feed
compute.marketplace
storage.object
data.location
network.partner-console
identity.proof-of-person
device.control
machine.commerce
Execution modes:
  • Native: peaqOS executes the skill server-side or on a registered machine-side runtime endpoint. No human handoff.
  • External handoff: the orchestrator returns a structured handoff (URL, contact, setup steps) and the agent or operator completes the purchase out of band. Used when a provider integration is partner-required or credentials-required.
Integration status surfaces how ready a service is to execute end-to-end: 
native | credentials-required | partner-required | local-config-required | setup-required | docs-only

Identity proof flow

Machine registration with the orchestrator is gated by a DID-controller signature. The flow:
  1. Call POST /machine-identity/challenges with the machine’s identityRef. The orchestrator looks up the controller addresses from peaqOS MCR data and returns a short-lived challengeId plus a message.
  2. Sign message with the controller’s private key using EIP-191 personal_sign.
  3. Submit { challengeId, signature } as identityProof when calling POST /machines. The orchestrator verifies the signature recovers to one of the controller addresses before persisting. The stored proof is re-checked against MCR data on subsequent machine-bound writes.
The proof expires. Re-challenge when it does.

Pairing flow

Pairing an agent to a machine follows the same challenge-sign-verify pattern, scoped to the agent’s wallet key:
  1. Call POST /machines/:machineId/agent-pairings/challenges with agentAddress, agentProvider, agentRole, and optional agentDid. The orchestrator returns an AgentPairingChallenge with a challengeId, a machine-bound message, and an expiresAt.
  2. The Machine Agent signs message (EIP-191 personal_sign) with the wallet key behind agentAddress.
  3. Call POST /machines/:machineId/agent-pairings with agentProof: { challengeId, signature } and the delegation policy. The orchestrator verifies the signature recovers to agentAddress, persists the pairing with verification metadata, and returns the AgentPairing with a signed HS256 session JWT in pairingToken. Store the token client-side and send it as x-agent-pairing-token on market writes.
  4. Tokens expire (default 1 hour). Rotate by issuing a fresh challenge and calling POST /machines/:machineId/agent-pairings/:pairingId/sessions with the new proof. A policy change invalidates the current token’s delegationPolicyHash, so rotate after every PATCH to the delegation policy.

Order lifecycle

A successful purchase walks the order state machine: 
created -> payment_pending -> ready -> executing -> delivered -> confirmed
Branches: disputed if the buyer raises a dispute after delivery; cancelled if a refund settles before delivery; failed if execution errors; handoff if the service ships as an external handoff rather than a native skill run. Each successful execution writes an Outcome and a Run. Outcomes record the service result; runs record the execution metadata (skill, route, status). Both are queryable via GET /runs and GET /machines/:machineId/outcomes. Payments follow their own state machine, coupled to the order: 
intent_created -> held -> release_pending -> released
                                          \-> refunded
                                          \-> frozen   (on dispute)
not_required short-circuits the payment lifecycle for free or pre-authorised services.

Payment rails

The orchestrator quotes services in the rail the provider supports:
RailWhen it shows up
x402agentic.market services and most pay.sh services. Agent wallet responds to an HTTP 402 challenge. Execute goes through the paidHttp adapter — orchestrator replays the request with the agent’s payment headers.
mppSolana micro-payment protocol. Used by some pay.sh services on Solana.
vault-stripe / externalCard-mediated or external handoff. The orchestrator returns a structured handoff and the agent or operator settles out of band.
wallet / wdk-usdt-transferDirect USDT transfer on peaq. wallet upgrades to wdk-usdt-transfer once the proof is RPC-verified against the ERC-20 Transfer log.
onchain-escrow / escrowFunds locked into a service-specified escrow contract.
not-requiredFree or pre-authorised services.
offchain-recordOff-chain attestation, recorded but not RPC-verified.
Payment proof modes:
  • recorded: operator attestation. The orchestrator stores the proof but does not verify on-chain.
  • rpc: the orchestrator queries an EVM RPC for the transaction receipt and the ERC-20 Transfer log, validating sender, recipient, token, and amount. Solana proofs are always recorded.
Set PEAQOS_PAYMENT_RPC_URL (or PEAQ_EVM_RPC_URL / PEAQOS_EVM_RPC_URL) to enable RPC verification by default.

Delegation, bounded

The orchestration layer enforces the delegation policy server-side. Spend limits, allow/denylists, and skill restrictions are checked at request time, not just at pairing time. Mutating the policy through PATCH /machines/:machineId/agent-pairings/:pairingId takes effect immediately for new calls. Revoking a pairing (DELETE) terminates the agent’s authority at once.

Multichain shape

Scale keeps peaq canonical for identity and registry state. Across supported chains:
  • peaqID, Machine NFT, and the Service Registry stay on peaq
  • Machine NFTs and smart accounts deploy on supported chains (Base first)
  • IdentityLite, DIDLite, and StakingLite mirror peaq state on each supported chain (Agung now, Base Sepolia next); a dedicated MCR oracle on satellites is reserved
  • Machine Agents can pay across chains using the chain and token a service quotes in
The orchestrator speaks eip155:* CAIP-2 identifiers through the SDK wallet layer. See Wallets (OWS) and the Omni-chain concept for the satellite-chain contract surface (DIDLite, IdentityLite, StakingLite).