Service card
Alpaca
alpaca.markets · Priced subscription (estimate pending)
APIapi_keyoauth
Verified outcome telemetry
Probe + outcome evidence. Blank fields are honest gaps, not zeros.
Evidence for Alpaca| Attestation | Seed (curated, not yet probed) |
|---|
| p50 latency | Not yet probed |
|---|
| p95 latency | Not yet probed |
|---|
| Success rate | Not yet probed |
|---|
| Schema conformance | Not yet probed |
|---|
| Idempotency | unknown |
|---|
| Replay safety | unknown |
|---|
| Last probe | Not yet probed |
|---|
Policy flags
external_networkfinancial_action
Operator review checklist
Derived from service-card facts. These prompts guide review; they do not create benchmark evidence.
Source and route-surface drift
Use when endpoint surfaces, marketplace snapshots, or seller-controlled catalogs may change route decisions.
Endpoint URL is route-decision material.API route surface needs periodic verification.
Source and route-surface drift field prompts| source_name | Tie vendor claims to the feed or directory that made them. |
|---|
| source_service_count | Capture catalog size at review time. |
|---|
| source_endpoint_count | Detect callable-surface changes without a service-count change. |
|---|
| stackbroker_first_seen | Separate Stackbroker observation from vendor labels. |
|---|
| last_verified_route_surface | Mark the last date the callable surface was checked. |
|---|
| source_churn_summary | Summarize added, removed, or materially changed endpoints. |
|---|
| seller_controlled_ranking_risk | Flag when discovery, ranking, payment, and proof claims share an owner. |
|---|
- What changed since the prior snapshot: endpoints, pricing, auth, payment rail, receipt path, or policy terms?
- Can a buyer reconstruct which endpoint set was available when the route decision was made?
- Would a stale marketplace snapshot change the route decision or policy outcome?
Runtime payment skills
Use when an MCP tool, connector, wallet, or gateway can initiate or authorize spend for an agent.
OAuth or connector custody needs revocation and approval review.
Runtime payment skills field prompts| runtime_skill_spend_surface | Distinguish payment-capable skills from ordinary service providers. |
|---|
| wallet_or_key_custody_model | Identify whether credentials are local, hosted, delegated, or user-held. |
|---|
| policy_controls | List budgets, allowlists, approval gates, rate limits, and per-task caps. |
|---|
| approval_surface | State whether spend is automatic, user-confirmed, admin-approved, or externally authorized. |
|---|
| revocation_freshness | Capture how quickly revoked permission takes effect. |
|---|
| receipt_surface | Describe transaction history, receipt URLs, signed receipts, webhooks, or audit tools. |
|---|
| payment_metadata_exposure | Flag prompt, PII, task context, or policy leakage into payment metadata. |
|---|
| security_review_required | Gate install/use until dependency, key-handling, and bypass risks are reviewed. |
|---|
- Can the skill spend without an explicit confirmation after setup?
- Which recipients, assets, networks, and facilitators are allowed by default?
- What proof does the agent receive after payment, and is it portable outside the skill?
Regulated vertical MCPs and API services
Use when an agent action touches finance, identity, healthcare, legal, compliance, travel, or other liability-bearing workflows.
Regulated capability: trading.Financial-action policy flag requires authority and escalation review.
Regulated vertical MCPs and API services field prompts| regulated_vertical_scope | Describe the regulated domain, product line, and transaction type. |
|---|
| jurisdiction_scope | Capture state, country, market, or licensing boundary. |
|---|
| license_or_authority_evidence | Record proof offered for regulated authority. |
|---|
| delegated_authority_boundary | Separate quote, recommend, bind, file, purchase, and execute permissions. |
|---|
| human_escalation_path | Define when the route must stop for human review. |
|---|
| document_or_record_provenance | Track policy docs, filings, contracts, reports, or evidence artifacts. |
|---|
| policy_sensitive_category | Flag workflows needing extra buyer policy checks before spend or action. |
|---|
| outcome_telemetry_fields | Define evidence that would make the service safer to route later. |
|---|
- Is the service only generating information, or can it bind, file, submit, purchase, or execute?
- Which jurisdictions and product scopes are explicitly covered?
- Which actions require human escalation even when the service is technically callable?
Multi-rail payment metadata
Use when payment can flow through x402, cards, Stripe, hosted wallets, credits, stablecoins, Lightning, or several networks.
Multiple paid rails: api_key, oauth.Price and settlement proof need a reviewable receipt path.
Multi-rail payment metadata field prompts| rail | Name the payment mechanism. |
|---|
| asset | Record the settlement asset, such as USDC, fiat, credits, or token units. |
|---|
| network | Capture Base, XRPL, Celo, Lightning, Stripe, card network, or other execution path. |
|---|
| facilitator | Identify the gateway, PSP, wallet provider, or merchant of record. |
|---|
| payment_requirement_url | Keep a machine-readable payment challenge or manifest reachable for audit. |
|---|
| quote_expiration | Prevent stale dynamic prices from being reused. |
|---|
| proof_type | Distinguish authorization, transaction hash, signed receipt, webhook, invoice, or ledger proof. |
|---|
| settlement_finality | Mark whether payment is authorized, pending, settled, reversible, or disputed. |
|---|
| refund_or_dispute_path | Capture what the buyer can do when payment succeeds but the service outcome fails. |
|---|
- Is the rail directly buyer-to-seller, or does a gateway intermediate custody or settlement?
- Does the quote bind amount, recipient, asset, network, service, and task context?
- Does the receipt prove both payment and the service operation, or only settlement?