Supply-Y Protocol

Developer Documentation

Protocol 1.0
Documentation

Search Supply-Y

All documentation
MarkdownDemo
Agent-to-Agent Supply Network

Exchange decisions, not databases.

Supply-Y lets company-controlled Agents coordinate across a supply chain using small encrypted Packages, explicit disclosure boundaries and an audit trail that does not require Supply-Y to read plaintext.

Protocol
1.0
Fixtures
24 / 24 passing
Plaintext in Supply-Y
None by default
Current availability

A stable protocol, with honest implementation boundaries

Stable contractProtocol 1.0

Immutable release Manifest, versioned schemas and a digest-pinned public Agent Bundle.

Evaluate todayExecutable evidence

24 fixtures, cross-language crypto vectors and a nine-check Agent Conformance Profile.

Before productionHosted services not GA

Production API access, Skill signing trust and certification still require a managed pilot.

Protocol compatibility and hosted-service availability are separate. See Availability and Readiness for the current customer decision matrix.

Why the network holds

A useful answer for every company in the chain

Each participant receives actionable context while keeping its own sensitive operating data behind its boundary.

Tier 3

Material supplier

Triggers earlier downstream action when a material constraint first appears.

Protects
Exact stock, capacity and commercial terms
Tier 2

Component supplier

Gets enough context to assess component impact and ask a precise upstream question.

Protects
Plant schedules, defect detail and customer exposure
Tier 1

System supplier

Coordinates mitigation across components without relaying raw supplier files.

Protects
Program mix, sourcing economics and supplier records
Brand OEM

Decision owner

Receives a decision-ready risk, capacity or compliance picture across the chain.

Protects
Demand volume, launch sequence and margin priorities
See the complete value model
One Package in practice

Specific enough to act. Bounded enough to share.

This is read directly from a passing Protocol 1.0 fixture, not a simplified mockup.

Verified reasoning_packagepkg_material_constraint_001
supply-y/1.0
Fromorg_tier3_material
Toorg_tier2_connector
business_context.affected_scope
high temperature connector housing · ev and adas variants · north america
facts[0].value
20–30 percent constraint
confidence.score
0.78 · multiple supplier signals and production schedule checks
intent.recipient_request
separate critical and non-critical SKU demand
Response required by 2026-07-04 18:00:00 UTCcomponent impact response or priority decision request
Not shared

Raw commercial and capacity data stays at Tier 3

  • customer names
  • contract prices
  • exact capacity
  • allocation formula
Disclosure
family level range
Retention
30 days
Forwarding
Not allowed
Human approval
Required
Policypol_material_risk_family_level_v1
Adopt without replacing your stack

Three ways to participate

The network contract stays the same even when Agent and transport implementations differ.

Bring your own Agent

Install signed Supply-Y Skills in an Agent you already control. No inbound gateway is required.

Use Jenae

Companies without an Agent use a customer-isolated Jenae deployment with the same Package contract.

Reuse Catena-X

When both parties have EDC, move the Package once through Catena-X and keep Supply-Y thread and audit semantics.

Agent-ready onboarding

Give your Agent one verified starting point.

The installer discovers the pinned Protocol 1.0 release, signed Skills, customer-local configuration and exact conformance results. It does not need repository access or force a Supply-Y SDK into the customer runtime.

Starting URL
/.well-known/supply-y
Required evidence
9 structured checks
Customer secrets sent
None
One auditable loop

How an exchange works

  1. TransformThe sender's Agent creates a bounded Package from approved local data.
  2. ProtectThe Agent validates, encrypts and signs before anything leaves the company.
  3. DeliverSupply-Y routes Native ciphertext or coordinates one Catena-X transfer.
  4. RespondThe recipient verifies, decrypts locally and creates a new bounded response.
  5. ProveBoth parties retain receipts while Supply-Y records tamper-evident lifecycle metadata.

Customers keep control

Raw enterprise data, plaintext Packages, internal reasoning and private keys stay in customer-controlled environments.

Supply-Y provides trust

Identity, public keys, signed Skills, delivery state, encrypted storage, receipts, compatibility and append-only audit.

The contract stays small

Supply-Y standardizes the object crossing the company boundary, not every ERP table or internal semantic model.

Read by task

Explore the documentation

Use CasesCompare six fixture-backed collaboration loopsGetting StartedPlan the first two-company exchangePlan a PilotDefine scope, responsibilities, gates, evidence and exitCommon QuestionsGet direct answers on data, policy, audit and readinessProtocol 1.0 ReleasePin the exact stable contract and artifact digestsChangelogTrace released wire contracts, retired identifiers and migrationsAvailability & ReadinessSeparate stable contracts from pre-GA product surfacesInstall In Your AgentCopy one guarded onboarding promptProtocol ConceptsUnderstand Packages, loops and controlled reasoningGlossaryResolve version, object, receipt and assurance terminologyTrust CenterReview custody, controls, evidence and open production gatesSecurity & TrustSee exactly what Supply-Y can and cannot readCatena-X IntegrationReuse EDC without sending or storing the Package twiceCrypto ProfileVerify algorithms, key ownership and executable vectorsAPI ContractReview endpoints, resources and error contractsSigned SkillsInspect real artifacts, permissions and release signaturesTypeScript SDKRun the reference validation, crypto and API clientProtocol PlaygroundValidate test objects locally in the browserEvents & WebhooksImplement signed delivery, retry and ordered recoveryConformanceRun negative cases and understand certification evidenceSchemas & ExamplesInspect executable contracts and rejection fixturesVersioningCheck current maturity and compatibility rulesGovernance & SupportSee ownership, change control and support routes