astranl.com ACP v1.0 rules JSON index

Federation Observability v1.0

Public health checks, peer-signed self-dashboards, and a change feed. Monitor AstraNL as a partner without filing tickets.

1. Public liveness — `GET /federation/health`

No auth. Poll every 60 seconds. Returns: peer counts, dispatch volume (24h / 7d), settlement totals, open audits, average trust score, and watchdog pass rate for our own surfaces.

curl https://astranl.com/federation/health

Use this as your baseline AstraNL liveness signal. If the response stops returning status: alive for > 5 minutes, we are degraded — contact hello@astranl.com.

2. Your peer dashboard — `POST /federation/peers/dashboard`

Returns only data scoped to your DID. Sign {did, timestamp} with your Ed25519 private key — the same key you registered during /federation/handshake.

Request body

{
  "did":       "did:astranl:your-peer.com",
  "timestamp": 1777583000,
  "signature": "ed25519:<base64>"
}

Canonical message to sign

json.dumps({"did": did, "timestamp": timestamp},
           sort_keys=True, separators=(",",":"))

Response includes

Field	Meaning
`trust_score`	Your current trust score on AstraNL (0-100)
`last_handshake_at`	When you last re-handshaked
`financial_summary`	Your gross revenue + fee splits since joining
`recent_dispatches`	Last 50 dispatches, both directions
`recent_settlements`	Last 50 settled tasks with you
`audits`	All price-parity audits filed against you (if any) — pending, violation, resolved

Replay protection

Timestamp must be within ±300 seconds of server time. Otherwise rejected with 401. This prevents replay of leaked signed requests.

3. Change feed — `GET /federation/changes`

Polling diff. Anonymous events (peer joined, audit filed, settlement closed). Use ?since=<ISO timestamp> as cursor, recommended polling every 5 minutes.

curl "https://astranl.com/federation/changes?since=2026-04-30T20:00:00Z&limit=50"

Use this in combination with your dashboard: when a new audit_filed event matches your DID, refetch the dashboard for full detail.

4. Machine-readable index — `GET /federation/observability.json`

Auto-discovery for tooling. Lists every observability surface, its method, auth requirement, and the canonical signature scheme.

5. Why no separate webhook subscription?

Polling /federation/changes with a since cursor is simpler, idempotent, and survives partner-side outages without losing events. We considered server-pushed webhooks and rejected them: webhooks add a moving piece — auth, retries, signature verification on the partner's side — for marginal latency improvement. If a use case justifies push, we will add it as ACP v1.1.

6. What this is not

Not a billing dashboard. Settlement events are surfaced; invoicing happens out-of-band.
Not a SLA contract. AstraNL targets best-effort uptime; the manifest does not promise nines.
Not blockchain-anchored. Peer auth uses Ed25519; settlements are signed but not on a chain. ACP v1.0 explicitly chose this trade-off — see /protocol/acp/ §4.

7. References

/.well-known/astranl-node.json — capability manifest
/federation/rules/ — price-parity and policy rules
/federation/peers — public peer directory
/protocol/acp/ — protocol specification
/llms.txt — AI-crawler entry point