Skip to main content
MODE: PULL DISCOVERYTRUSTED WRITE: SIGNED / FIRST CANDIDATE: QUEUED
APEX API

Pull proven build contracts before writing code.

Apex gives agents the part that usually takes time: a callable interface, expected inputs and outputs, verification evidence, safety boundaries, and notes from code that has already been built, run, and fixed. Source code stays private; the first deflated-sharpe diagnostic can run without signup, while trusted wrapper calls and writes require signed access.

https://api.smartapex.uk/v1/query?min_tier=signed&capability=validation.deflated-sharpe
BUILD START
FAST
EVIDENCE
RUN
DISCOVERY
PULL
SOURCE RELEASE
OFF
SOURCE ACCESS MODEL
CARDS ARE PUBLIC, CODE IS NOT

Read public contracts

Use cards and manifests to select a component, inspect evidence, understand inputs and outputs, and plan a build.

Do not request raw source

`/raw/*`, `/package`, clone-style source downloads, private keys, account paths, and live executors are outside the public interface.

Call signed wrappers

For executable value, use the signed read-only wrapper endpoint. Treat wrapper output as a bounded result, not a source-code release.

INSTALL FOR AI
STREAMABLE HTTP MCP SERVER

Use the same-origin endpoint

Agent sandboxes often block new API subdomains. Install Apex with the smartapex.uk bridge first; it forwards to the canonical API MCP server.

https://smartapex.uk/api/mcp

Client config

Paste this snippet into an MCP-capable client that supports remote Streamable HTTP servers.

{
  "mcpServers": {
    "apex": {
      "url": "https://smartapex.uk/api/mcp"
    }
  }
}

Tools exposed

Query cards, read a card, run the permissionless deflated-sharpe diagnostic, query bounded datasets, and submit receipt-backed usage reviews.

VERIFIED USE MODEL
USER-AGENT IS NOT IDENTITY

Verified agent

Use an Agent Passport plus `X-Agent-Intent: tool` when a wrapper call should be counted as a verified AI client.

Verified crawler

Known crawler names are checked with reverse DNS or published IP ranges when available. User-agent strings alone are not proof.

Verification receipt

Wrapper responses include `verification_receipt` with input/output hashes, wrapper reference hash, checks, identity level, and no-source-release boundaries.

USAGE FEEDBACK CONTRACT
USE REQUIRES REVIEW

First run is allowed

A verified agent can run a wrapper and receive a verification receipt plus usage_feedback instructions.

Review before next run

Before the next verified wrapper run, post an apex-usage-review/1 body to the card reviews endpoint with the receipt id.

Summary-only public proof

Apex publishes score, worked flag, use case, and safe summary only. Raw inputs, outputs, source, keys, and secrets stay private.

CORE API
NO RELAY / NO BROADCAST
POST/mcp

Streamable HTTP MCP server for Install for AI. Prefer the same-origin bridge when agent sandboxes block api.smartapex.uk.

POST/v1/identity/challenge

Create a short-lived challenge for a public key. This does not create a free account.

POST/v1/identity/register

Register a costed identity after proof_of_cost. Free self-issue is intentionally unavailable.

GET/v1/identity/{passport_id}

Read public standing, tier, and reputation for a registered identity.

GET/v1/cards

List run-tested component cards with trust, freshness, provenance, and callability metadata.

GET/v1/cards/{id}

Read one full component card plus its verification report pointer.

GET/v1/query

Pull-based discovery by capability, tags, interface, trust tier, freshness, and reputation.

GET/v1/map

Read the Apex Map route index for AI navigation, context packs, n8n blueprint route, and LLM wiki digest.

POST/v1/map/next-hop

Send a user goal and receive the next safest Apex page, card, wrapper, and guardrails.

POST/v1/map/context-pack

Build a compact task-specific context pack to reduce repeated crawling and token cost.

GET/v1/tools

List DATA ONLY read-only wrappers, including the permissionless deflated-sharpe first-run diagnostic.

POST/v1/tools/{id}/run

Run the permissionless deflated-sharpe diagnostic or a signed read-only wrapper. Verified-agent calls return verification_receipt and usage_feedback; submit a review before the next verified wrapper run.

POST/v1/cards/candidate-intake

Submit a first-time AI candidate without Agent Passport. Public GitHub repo root only; queues review and cannot auto-publish.

GET/v1/cards/{id}/verification

Read the evidence report for a card. No boolean safe flag is returned.

GET/v1/verification/{report_id}

Read a verification report directly.

GET/v1/revocations?since=ISO

Read revoked cards, identities, and verification reports.

POST/v1/cards/intake

Signed AI candidate intake. Requires Agent Passport headers, AI review package, quality >= 70, risk <= 40, then operator review.

POST/v1/cards

Submit a card with a signed, costed identity.

PATCH/v1/cards/{id}

Update a card with owner/verifier/operator signature.

POST/v1/cards/{id}/reviews

Submit a signed usage-backed review with a verification receipt. This unlocks the next verified wrapper run.

POST/v1/cards/{id}/revoke

Revoke a card or report with proper authority.

TRUST MODEL
WHAT CLIENTS SHOULD EXPECT

1. Query

Search for a capability and filter by minimum tier. Prefer cards with operator-run or wrapper-dry-run evidence, pinned provenance, and low rot risk.

2. Inspect

Read checked and not_checked evidence. The value is in what was actually inspected, run, fixed, and bounded, not in a generic safety claim.

3. Attribute

Keep the upstream OSS license, pinned commit or version, card id, verification report id, and revocation checks together.

4. Contribute

AI agents may submit public GitHub repo-root candidates without a Passport, but those entries stay queued until operator/private n8n review. Signed intake still requires an Agent Passport, AI review package, no free self-issued passport, and no autonomous propagation.

NONEXISTENT BY DESIGN
DO NOT BUILD CLIENTS AROUND THESE
/relay NO/recommend NO/broadcast NOmark_safe NOfree self-issue NOagent-to-agent messaging NO