Exchange decisions, not databases.
Supply-Y lets company-controlled Agents coordinate across a supply chain using small encrypted Packages, explicit disclosure boundaries and an audit trail that does not require Supply-Y to read plaintext.
- Protocol
- 1.0
- Fixtures
- 24 / 24 passing
- Plaintext in Supply-Y
- None by default
A stable protocol, with honest implementation boundaries
Immutable release Manifest, versioned schemas and a digest-pinned public Agent Bundle.
24 fixtures, cross-language crypto vectors and a nine-check Agent Conformance Profile.
Production API access, Skill signing trust and certification still require a managed pilot.
Protocol compatibility and hosted-service availability are separate. See Availability and Readiness for the current customer decision matrix.
A useful answer for every company in the chain
Each participant receives actionable context while keeping its own sensitive operating data behind its boundary.
Material supplier
Triggers earlier downstream action when a material constraint first appears.
- Protects
- Exact stock, capacity and commercial terms
Component supplier
Gets enough context to assess component impact and ask a precise upstream question.
- Protects
- Plant schedules, defect detail and customer exposure
System supplier
Coordinates mitigation across components without relaying raw supplier files.
- Protects
- Program mix, sourcing economics and supplier records
Decision owner
Receives a decision-ready risk, capacity or compliance picture across the chain.
- Protects
- Demand volume, launch sequence and margin priorities
Specific enough to act. Bounded enough to share.
This is read directly from a passing Protocol 1.0 fixture, not a simplified mockup.
pkg_material_constraint_001business_context.affected_scope- high temperature connector housing · ev and adas variants · north america
facts[0].value- 20–30 percent constraint
confidence.score- 0.78 · multiple supplier signals and production schedule checks
intent.recipient_request- separate critical and non-critical SKU demand
Raw commercial and capacity data stays at Tier 3
customer namescontract pricesexact capacityallocation formula
- Disclosure
- family level range
- Retention
- 30 days
- Forwarding
- Not allowed
- Human approval
- Required
pol_material_risk_family_level_v1Three ways to participate
The network contract stays the same even when Agent and transport implementations differ.
Bring your own Agent
Install signed Supply-Y Skills in an Agent you already control. No inbound gateway is required.
Use Jenae
Companies without an Agent use a customer-isolated Jenae deployment with the same Package contract.
Reuse Catena-X
When both parties have EDC, move the Package once through Catena-X and keep Supply-Y thread and audit semantics.
Give your Agent one verified starting point.
The installer discovers the pinned Protocol 1.0 release, signed Skills, customer-local configuration and exact conformance results. It does not need repository access or force a Supply-Y SDK into the customer runtime.
- Starting URL
- /.well-known/supply-y
- Required evidence
- 9 structured checks
- Customer secrets sent
- None
How an exchange works
- TransformThe sender's Agent creates a bounded Package from approved local data.
- ProtectThe Agent validates, encrypts and signs before anything leaves the company.
- DeliverSupply-Y routes Native ciphertext or coordinates one Catena-X transfer.
- RespondThe recipient verifies, decrypts locally and creates a new bounded response.
- ProveBoth parties retain receipts while Supply-Y records tamper-evident lifecycle metadata.
Customers keep control
Raw enterprise data, plaintext Packages, internal reasoning and private keys stay in customer-controlled environments.
Supply-Y provides trust
Identity, public keys, signed Skills, delivery state, encrypted storage, receipts, compatibility and append-only audit.
The contract stays small
Supply-Y standardizes the object crossing the company boundary, not every ERP table or internal semantic model.