Overview
Agent Kai is the canonical developer reference for consent-first reads from the Personal Knowledge Model. The important pattern is stable: discover scopes from the live PKM runtime, request one scope at a time, wait for approval inside Kai, then read only the slice the user approved.
This page translates the runtime fact sheet into developer language. It is intentionally documentation-only: enough schema and flow detail to explain endpoint behavior, without exposing secrets, row data, or operational internals that do not belong on a public site.
Treat /developers/agent-kai as the primary public reference route. Use the supporting Kai guides for setup, scope grammar, and runtime details after this contract is clear. The older A2A and MuleSoft APIs live in the separate /developers/agentic-apis track.
Runtime architecture
Kai sits between the user-facing approval experience and the PKM runtime. The public API surface is small on purpose: the app, REST base, and MCP endpoint all describe the same consent-first system from different integration angles.
| Surface | Current target | Why it matters |
|---|---|---|
| Kai app | http://localhost:3000 | User-facing consent review surface and the safe place to complete approval. |
| REST base | http://127.0.0.1:8000/api/v1 | Discovery, consent creation, and consent status polling for backend integrations. |
| Remote MCP | http://127.0.0.1:8000/mcp | Tool-native runtime for hosts that support HTTP MCP directly. |
| npm bridge | @hushh/mcp@beta | Fallback launcher for hosts that still need a local stdio MCP process. |
Core PKM data plane
These tables explain discovery, manifests, scope exposure, and encrypted segment storage. They are the canonical data plane behind Kai scope discovery.
| Table | Developer meaning |
|---|---|
pkm_index | Fast discovery of available domains, freshness, summary projection, and capability flags. |
pkm_blobs | Encrypted PKM payload storage keyed by user, domain, segment, and revision metadata. |
pkm_manifests | Manifest-level versioning and packaging for the slices Kai can expose. |
pkm_manifest_paths | Path-level mapping between manifests and the attributes a scope can reveal. |
pkm_scope_registry | Canonical scope handles, labels, segment ids, and exposure state for discovery. |
pkm_events | Runtime event history for PKM changes, useful when explaining freshness and sequencing. |
pkm_migration_state | Migration checkpointing for the PKM runtime during cutovers and backfills. |
Shared app records that matter to developers
Developers do not interact with these tables directly, but they explain why approval, export wrapping, and runtime identity behave the way they do.
| Tables | Why they matter |
|---|---|
consent_audit, consent_exports, consent_scope_templates | Record consent requests, export state, and reusable approval templates. |
developer_applications, developer_apps, developer_tokens | Define app identity, runtime enrollment, and the token state your integration depends on. |
vault_key_wrappers, vault_keys | Track wrapping state, onboarding readiness, and whether exports can be returned safely. |
runtime_persona_state | Stores the active runtime posture that explains persona-specific behavior and readiness. |
kai_plaid_items, kai_plaid_link_sessions, kai_plaid_refresh_runs | Optional Kai financial context and refresh lifecycle records that shape available financial scopes. |
domain_registry, actor_profiles, marketplace_public_profiles | Shared registry and actor metadata that explain how scopes and app identity are presented. |
Legacy transition tables
Legacy encrypted-user tables remain only as bounded migration context. They are not the target for new writes, new integrations, or new approval logic.
| Legacy surface | Status |
|---|---|
| legacy encrypted blob table | Bounded cutover only. Do not target for new writes. |
| legacy metadata index table | Compatibility surface retained during migration only. |
Consent and IAM model
Kai uses separate layers for developer identity, user approval, and export readiness. A developer token proves who is asking. Consent records prove what the user approved. Vault-related records determine whether the approved payload can be wrapped back to the requesting connector safely.
Discover
Call discover_user_domains or GET /api/v1/user-scopes/{user_id} to inspect the exact scopes available for this user right now.
Request
Send one discovered scope at a time to POST /api/v1/request-consent?token=... with your developer token and connector public-key bundle so Hushh can wrap the export key for client-side decryption.
Approve
The user reviews the request inside Kai, where your app display name and policy/support links are shown.
Read
After approval, use get_scoped_data and pass the original requested scope as expected_scope so the returned payload stays pinned to the slice you asked for.
- Developer app state.
developer_applications,developer_apps, anddeveloper_tokensdescribe app identity and token posture. - Consent state.
consent_audit,consent_exports, and template records explain whether a scope was granted, reused, or expired. - Vault readiness.
vault_key_wrappersandvault_keysexplain whether export wrapping and onboarding state are ready. - Runtime posture.
runtime_persona_stateexplains persona and readiness context when Kai behavior depends on the active runtime state.
Endpoint flow and order of operations
The Kai path should be treated as ordered operations, not a collection of unrelated endpoints. Start with discovery, move into a narrow consent request, poll for approval, then decide whether the rest of your integration should stay in REST or move into MCP.
{
"mcpServers": {
"hushh-consent-remote": {
"url": "http://127.0.0.1:8000/mcp?token=<developer-token>"
}
}
}GET /api/v1/user-scopes/{user_id}
- Purpose. Discover the exact PKM-backed scopes Kai can expose for a user right now.
- Auth. Developer token required.
- Consent state. No user data is returned yet. This is the discovery step that happens before consent.
- Request shape. Provide the user id in the path and the developer token in the query string or trusted server context.
- Success. Returns discovered scope strings, available domains, and the runtime shape that the user can approve.
- Failure modes. 401 for invalid developer tokens, 404 for unknown users, and 500 when the runtime cannot resolve the scope registry.
curl -s \
"http://127.0.0.1:8000/api/v1/user-scopes/user_123?token=<developer-token>"POST /api/v1/request-consent
- Purpose. Create or reuse a consent request for one previously discovered scope.
- Auth. Developer token plus connector key metadata required.
- Consent state. Creates the approval request the user will review inside Kai. Always request one narrow scope at a time.
- Request shape. Send user_id, one discovered scope, approval timing, reason, and the connector public-key bundle used for export wrapping.
- Success. Returns an approval request object, token metadata, or an existing broader grant when Kai can reuse prior approval safely.
- Failure modes. 400 for malformed bodies, 401 for token issues, and grant-specific errors when a scope cannot be requested as written.
curl -s -X POST \
-H "Content-Type: application/json" \
-d '{
"user_id": "user_123",
"scope": "attr.financial.*",
"expiry_hours": 24,
"approval_timeout_minutes": 60,
"reason": "Show portfolio-aware insights inside the user's external app",
"connector_public_key": "<base64-encoded-x25519-public-key>",
"connector_key_id": "connector-key-1",
"connector_wrapping_alg": "X25519-AES256-GCM"
}' \
"http://127.0.0.1:8000/api/v1/request-consent?token=<developer-token>"GET /api/v1/consent-status
- Purpose. Poll the latest approval state for a request id or a previously requested scope.
- Auth. Developer token required.
- Consent state. Used only after the request is created. The user still approves or denies in Kai.
- Request shape. Provide user_id and either scope or request id so the runtime can resolve the latest approval record.
- Success. Returns the latest approval state, grant coverage, and expiration metadata.
- Failure modes. 401 for invalid tokens and 404 when the request id or scope cannot be resolved against current consent records.
curl -s \
"http://127.0.0.1:8000/api/v1/consent-status?user_id=user_123&scope=attr.financial.*&token=<developer-token>"Database and runtime factors that matter
Developers do not need raw table access, but they do need to understand why scope discovery, approval, export wrapping, and onboarding readiness behave differently across users and environments.
| Table | Important fields | Why developers care |
|---|---|---|
pkm_index | available_domains, domain_freshness, summary_projection, capability_flags, total_attributes | Explains what a user can approve right now and how fresh the PKM surface is. |
pkm_scope_registry | scope_handle, scope_label, segment_ids, sensitivity_tier, exposure_enabled | Drives scope discovery, approval labeling, and whether a scope can be exposed at all. |
pkm_blobs | domain, segment_id, ciphertext, content_revision, manifest_revision, size_bytes | Shows how approved reads map to encrypted segments and why revision tracking matters. |
vault_keys | primary_wrapper_id, vault_status, first_login_at, last_login_at, pre_onboarding_completed | Tells you whether vault wrapping and onboarding state are ready for export and approval. |
Browser-safe vs backend-only boundaries
Browser-safe testing ends where developer tokens, connector wrapping metadata, or direct financial aggregation begin. Keep the developer-facing proxy for guided testing, but keep consent creation and financial reads on your backend.
| Surface | Recommended execution | Boundary |
|---|---|---|
GET /api/v1/user-scopes/{user_id} | Backend or server-side only | Discovery depends on a developer token and should stay off the public browser path. |
POST /api/v1/request-consent | Backend only | Requires connector key metadata so Hushh can wrap export keys back to your client safely. |
GET /api/v1/consent-status | Backend or trusted dashboard | Polling is token-bound and part of the approval lifecycle, not a public browser flow. |
| Agentic APIs browser proxy | Separate documentation track | Older A2A and MuleSoft flows now live under /developers/agentic-apis and should not be documented as part of Kai. |
| Plaid-backed financial refresh flows | Backend only | Financial aggregation and refresh remain server-to-server even when Kai later exposes the results. |
Examples and common failure points
The most common integration issues come from skipping discovery, over-requesting scopes, or treating migration-era surfaces as if they were canonical. Use the runtime sequence below as the baseline for reviews and troubleshooting.
- Discover first. Do not hardcode universal scopes when the runtime exposes them per user.
- Request one scope at a time so approval language and audit state stay understandable.
- Do not treat legacy transition tables as destinations for new data flows or exports.
- Keep connector wrapping fields present on
request-consentor your export handoff will fail later even if the approval is granted. - Keep A2A and MuleSoft guidance in the separate Agentic APIs track.