Private provenance-layer workspace · Postman × Hive · not indexed, not linked publicly · thehiveryiq.com
Independent provenance layer · complement, not competitor

Postman lets agents operate the API.
Hive makes every operation provable.

Postman already owns the hard part: the MCP Server gives AI agents trusted access to the full Postman platform — collections, specs, environments, workspaces, mock servers, and monitors exposed as 100+ tools an MCP-compatible agent can call over HTTPS or local stdio. Hive doesn’t re-run any of that. Hive takes each agentic API operation Postman already lets an agent perform and turns it into an independently signed, portable receipt under a post-quantum signature — so an operation becomes provable to an auditor, a platform owner, or a downstream consumer, long after the agent moved on.

Postman lets an agent do the API work — generate a spec, build a collection, spin a mock, write tests, stand up a monitor. Hive proves which agent and tool did it, against which workspace, with which approval and rollback path — independently, and exportable.
100+
platform tools exposed to agents via MCP
Postman · source 1
HTTPS + stdio
remote & local MCP transports
Postman · source 1
spec → monitor
full lifecycle, headless, ~10 min of prompting
Postman blog · source 2
Agent Mode
generate MCP servers for internal & public APIs
Postman · source 1

Figures and capabilities above are Postman’s own published descriptions, cited from the Postman product page and engineering blog (postman.com/product/mcp-server, blog.postman.com) — described by Postman, not asserted by Hive. They show the scale at which agents already operate the API lifecycle inside Postman; Hive’s role is to make that operation provable.

Every MCP tool call. One receipt rail.

An MCP-compatible agent calls Postman tools — workspace, spec, collection, environment, mock, tests, monitor. Each operation crosses the same independent Hive rail on its way to a signed, portable receipt. Illustrative visual of the rail; not live production traffic.

Move through the flow →
CallerAgent & MCP tool calls PlatformPostman MCP Server Independent proofHive rail → signed receipt

Why an independent receipt beats a self-written log

Postman supplies the platform and the agent’s access to it; Hive supplies the independent proof of what the agent did. Keeping the two roles separate is exactly what makes the proof worth anything to a security team, a platform owner, or a downstream API consumer.

An agentic API operation, and how it becomes evidenceindependent by design
Postman supplies the platform

The MCP Server lets an agent operate collections, specs, environments, mocks, and monitors as tools. That operation is Postman’s to enable — Hive never invokes the tool or changes the API artifact itself.

A self-written log is still a claim

An activity log the platform writes about its own agent traffic is credible but self-referential. An independent receipt — signed by a party with no stake in the operation — is what an auditor or consumer can treat as evidence rather than assertion.

Hive supplies the independent proof

Hive signs the attested operation — agent + tool identity, workspace/collection/env target, approval gate, and artifact hash — under ML-DSA-65 (NIST FIPS 204). It attests operations, never a verdict on whether the API change was correct.

Separation is the product: “trust our agent traffic” becomes “verify our agent traffic.” Hive attests that the operation occurred, by which agent and tool, against which workspace, under which approval — not whether the resulting API design was “good,” which stays the team’s call.

The same operation, provable two ways

Postman’s platform logs and workspace state are rich and useful — but they live inside Postman and describe Postman’s own agent traffic. This isn’t about whether Postman has logs or security — it does. It’s about handing a downstream consumer, auditor, or partner independent provenance they can verify without access to your Postman.

Platform log · internal

LivesInside Postman
Trust modelSelf-described traffic
Who / what / toolInferred from activity
PortabilityRequires platform access
Offline re-checkNot independently verifiable

Independent receipt bundle

LivesPortable, exportable object
Trust modelSigned by an independent party
Who / what / toolAgent + tool identity, signed fields
PortabilityVerifiable by any party
Offline re-checkRe-verifiable offline, ML-DSA-65
The receipt rail is additive: it doesn’t replace Postman’s logs or controls, it makes the provenance of each agent operation independently checkable — by a consumer, an auditor, or a partner — without taking the platform’s word for it.

Where Hive plugs into each Postman surface

Pick a surface. Each shows what Postman already lets agents do (with its own published capabilities), the one place a durable-proof gap tends to open, and the Hive receipt that closes it. Nothing here changes Postman’s platform — the receipt wraps around the operation the MCP Server already exposes.

Agent-driven collection changesMCP tool · Postman-described
Postman already does

The MCP Server exposes collections as tools an agent can read and modify — creating, updating, and organizing requests across a workspace as part of the API lifecycle (source 1).

Where the proof gap appears

The collection’s new state is visible, but there is no independently signed record per change of which agent and tool made it, against which workspace, and under which approval — the trail a security review or consumer asks for.

How Hive plugs in

A signed collection-operation receipt binds agent + tool identity, the collection/workspace target, and the before/after artifact hash under ML-DSA-65 — verifiable offline, no access to Postman required.

The headless API lifecycle, receipted at every hop

Postman describes agents driving the full lifecycle — OpenAPI spec → collection → environment → mock → tests → monitor — without opening the app (source 2). Run the sequence to see where an independent Hive receipt seals each operation. Illustrative run — receipts wrap operations Postman already performs; the visual is not live production traffic.

1OpenAPI specsigned ✓
2Collectionsigned ✓
3Environmentsigned ✓
4Mock serversigned ✓
5Testssigned ✓
6Monitorsigned ✓

Each hop emits an independent ML-DSA-65 receipt binding agent + tool identity, the source artifact hash, and the created artifact — operations, never a verdict.

What the receipts look like

Illustrative preview · example data · Act II native explorer

A sample of signed operation receipts an agent’s headless lifecycle would produce. The values below are illustrative example data, not live Hive receipts — a native, browsable receipt explorer inside Postman is an Act II candidate (see below), not a live surface today.

OperationAgent · MCP toolTargetArtifact hashSignatureStatus
createWorkspaceagent · workspacesws:payments-api9f2a1c…b4e0ML-DSA-65signed
createApiagent · apiapi:orders v1c41b7d…22afML-DSA-65signed
createEnvironmentagent · environmentsenv:staging7de0a9…1f3cML-DSA-65signed
createMockagent · mocksmock:ordersa835e2…90d7ML-DSA-65signed
updateCollectionTestsagent · collectionscol:orders-tests22f7bc…5e11ML-DSA-65signed
createMonitoragent · monitorsmon:orders-healthe10c48…7a6bML-DSA-65signed

To see a real signed receipt today, run the free live demo at /model-receipts/ or verify one at /verify/. Each receipt attests the operation — never a verdict on whether the API change was correct.

Hive primitives — and which one fits which Postman workflow

Every Hive receipt is signed with ML-DSA-65 (NIST FIPS 204 post-quantum signature) and is dual-signed alongside Ed25519. Tap a Postman workflow to see which primitives apply; the matching cards light up green.

applies ✓
AFiR™
Attested Fragmented Inference Routing
Every agent inference and tool sub-step cryptographically attested with ML-DSA-65 — the per-operation runtime receipt behind mock and collection changes.
/afir/protection/ →
applies ✓
Model receipts
Signed proof per model call · live today
A signed receipt for every model call across first-party adapters — agent identity, input/output hashes, verifiable in-browser. Live now.
/model-receipts/ →
applies ✓
Evidence bundle
Content-sealed export
Spec, collection, and monitor provenance sealed into one exportable, re-verifiable package for a consumer or auditor — API supply chain as an object.
/verify/ →
applies ✓
SmartAgent™
Route receipts
Each agent / tool / approval decision across an API workflow captured as a signed route receipt on the route graph.
/smartagent-route-graph/ →
applies ✓
x402 rail
Pay-per-action settlement · live today
USDC on Base 8453. A payment_required quote/proof flow emits a signed receipt for paid API actions and usage — no card, no account.
/x402-checkout/ →
applies ✓
Activation keys
Metered fleet usage · request-backed today
A tk_live activation packet meters fleet usage and unlocks operator surfaces. Request-backed today; API self-serve issuance is fast-follow.
/activate/ →

Agent-operation receipt calculator

Enter your own assumptions to estimate the operational proof footprint — how many signed provenance events a receipted MCP deployment would produce and export. This is a planning estimate, not a quote: no revenue, pricing, or economics, just receipt volume.

Your assumptions in · proof metrics outlive · updates as you type
/mo
%
/mo
/mo
/op
%
Mutating-operation receipts / mo0
Generation-provenance receipts / mo0
Mock / test / monitor receipts / mo0
Total signed provenance events / mo0
Daily receipt rate0
Export / audit bundle volume / mo0
Suggested pilot size (2-week slice)0
Operational proof metrics only. No revenue, pricing, subscription, or deal-size figures are computed or implied. Input defaults are illustrative placeholders, not Postman figures.

API workflow proof builder

Click the operations a pilot would sign across a headless API workflow. Each component adds its fields to the exportable provenance bundle preview — the same shape a consumer or auditor would re-verify offline.

Compose a provenance bundle0 evidence fields
signed verification output · per operation · operations, not a verdict

        
Attests operations only — never a verdict on whether the API design or change was correct. Field values shown are illustrative.

The receipt journey — from agent operation to auditor export

Click any step to see exactly what evidence Hive signs there. The operation and the platform are Postman’s; the signature, portability, and export are Hive’s.

Try the live rail — one curl

This hits Hive’s public, no-auth x402 quote endpoint and returns a live settlement envelope with an ML-DSA-65 (FIPS 204) signed quote receipt. No key, no secret, nothing to install. To see signed receipts for real model calls, run the free live demo at /model-receipts/.

POST · https://receipts.thehiveryiq.com/v1/x402/quote
curl -sS -X POST https://receipts.thehiveryiq.com/v1/x402/quote \
  -H 'Content-Type: application/json' \
  -d '{"agent_did":"did:example:postman-agent","profile":"nano"}'

The response includes the rail (USDC on Base 8453), a signed quote receipt, and its ML-DSA-65 / FIPS 204 post-quantum posture. To emit a paid receipt end-to-end, walk the live flow at /x402-checkout/; to start a pilot, request an activation key at /activate/. No secrets are ever placed on this page.

Every API-triggered payment can emit a portable receipt

Anything a developer triggers — an API call, an x402 gate, a wallet call, an MCP action, or a stablecoin transfer — can emit a portable, independently verifiable Hive receipt, and drop straight into a collection or a test run. Stablecoins move value. Hive proves the intent, actor, policy, receipt, settlement state, and recoverability window around that movement.

Three proof states around every movementprovable today
Before money moves

Intent receipt: actor, amount, asset, recipient, policy context, authorization state — signed before the request fires.

While money is moving

Submitted, relay-observed, chain-pending, escrowed, quarantined, or an issuer/custodian hold requested — each state receipted.

After settlement

Chain-verified, receiver-attested, counter-transfer initiated, evidence-only, or a recovery bundle exported for a dispute or examiner.

Emit a receipt for a payment intent or event through the public Receipt Relay — no key, self-attested tier, ready for a Postman collection:

POST · https://receipts.thehiveryiq.com/v1/receipt-relay/event
curl -sS -X POST https://receipts.thehiveryiq.com/v1/receipt-relay/event \
  -H 'Content-Type: application/json' \
  -d '{"action":"stablecoin_transfer","external_system":"usdc",
      "actor":{"did":"did:example:postman-agent"},
      "payload":{"asset":"USDC","amount":"25.00","from":"0xSender","to":"0xRecipient","network":"base"}}'

The relay grades evidence honestly: self_attested signs your described intent as-is; relay_observed is only issued when Hive itself made the outbound call (/v1/receipt-relay/http); chain_verified only when a tx is read back from a public RPC (/v1/receipt-relay/chain). A Circle/USDC-compatible schema is live today — this service never calls Circle APIs; a direct Circle integration is a next-stage partnership. Verify any receipt at /verify/; search and export in Hive Ledger.

Receipt Relay signs, Hive Ledger searches and exports, Payment Healing classifies rail-specific recovery. Hive does not claim every payment can be reversed. Hive proves what happened early enough to act where the rail allows, and proves what happened afterward when it does not.

A collection run becomes a receipt graph — and a proof vector that routes it

A receipt is a machine-readable proof-state object. A collection, a test run, or an agent workflow emits a graph of receipts — each request, gate, and payment as its own signed node. Hive Ledger derives an R3Pv: a Receipt Relay, Recovery, and Routing Proof Vector over that graph, encoding verification, policy, economic, recoverability, routing, performance, risk, and permitted-next-action state — so the workflow itself can decide what to do next.

What the vector tells the run to doread at runtime
Continue or block

Verification and policy fields say whether the next step is cleared to run or should halt — an x402 or API payment gate that failed to receipt is a stop, not a silent retry.

Reroute or require approval

Routing and risk fields can send a step to a fallback provider, a different MCP tool, or a human-approval hold — the decision, and its reason, are receipted.

Recover or export evidence

The recoverability field carries the rail-specific window; when a run needs proof, the vector exports as a signed bundle straight from Hive Ledger.

Recovery is a field on the vector, scoped honestly: pre-broadcast stop/revoke, escrow or quarantine, issuer/custodian freeze if integrated, counter-transfer recovery, or evidence-only after final settlement. Hive proves what happened early enough to act where the rail allows, and proves what happened afterward when it does not.

The proof vector is now a live callable primitive — group signed receipts with POST /v1/r3pv/groups, then GET /v1/r3pv/vector?group_id=… returns a single Ed25519-signed vector that itself round-trips POST /v1/receipt/verify. This is a real signed response from production:

R3Pv signed proof vector · schema r3pv-v1.0.0 · GET /v1/r3pv/vector
{
  "signed_vector": {
    "vector_id": "r3pv.vector_1783314171_1943fee9f9ba",
    "payload_sha256": "d7f0a1c8…",
    "sig_b64u": "MOd0rX… (Ed25519)",
    "key_id": "did:hive:hivemorph",
    "algorithm": "Ed25519",
    "vector": {
      "schema": "r3pv-v1.0.0",
      "verification_depth": "self_attested",   // strongest tier in the group
      "weakest_proof_boundary": "self_attested", // group is only as strong as its weakest link
      "healing_state": "not_applicable",
      "economic_exposure": { "inferable": false }, // relay receipts store intent_hash, not cleartext
      "policy_state": "not_evaluated",
      "routing_recommendation": "require_approval",
      "permitted_next_actions": ["hold", "require_approval", "export_evidence"]
    }
  },
  "verification": { "ok": true, "verify_endpoint": "/v1/receipt/verify" }
}
● Smoke tested latest run 2026-07-06 · production · receipts.thehiveryiq.com

Result: GET /v1/r3pv/health → HTTP 200 (engine r3pv, schema r3pv-v1.0.0, signer did:hive:hivemorph, 11 healing states); POST /v1/receipt-relay/event → 200 signed receipt; POST /v1/r3pv/groups → 200; GET /v1/r3pv/vector → 200 signed vector (verification.ok=true, Ed25519); POST /v1/receipt/verify on the vector → 200 verified=true, signature-verified. Observed client round-trip 0.10–0.50s including network, TLS, and edge — not a signing benchmark. Measure receipt latency separately from settlement / rail latency.

Benchmark it — group a receipt, generate the signed vector, verify it
curl -s -o /dev/null -w '%{time_total}s %{http_code}\n' \
  https://receipts.thehiveryiq.com/v1/r3pv/health

# sign a receipt, keep the receipt object
curl -sS -X POST https://receipts.thehiveryiq.com/v1/receipt-relay/event \
  -H 'Content-Type: application/json' \
  -d '{"action":"api_call","external_system":"postman",
      "actor":{"did":"did:example:postman-agent"},
      "payload":{"method":"POST","url":"https://api.example.com/pay","x402":true}}' \
  | python3 -c 'import sys,json; json.dump(json.load(sys.stdin)["receipt"],open("r.json","w"))'

# group it → group_id, then generate + sign the proof vector
GID=$(curl -sS -X POST https://receipts.thehiveryiq.com/v1/r3pv/groups \
  -H 'Content-Type: application/json' \
  -d "{\"label\":\"postman\",\"receipts\":[$(cat r.json)]}" \
  | python3 -c 'import sys,json; print(json.load(sys.stdin)["group_id"])')
curl -s -w '\nvector %{time_total}s %{http_code}\n' \
  "https://receipts.thehiveryiq.com/v1/r3pv/vector?group_id=$GID"
Developer artifact import · run · every request is a live Hive endpoint

Download the Hive R3Pv Postman collection — six runnable requests against the live primitive: (1) GET /v1/r3pv/health, (2) sign a stablecoin-transfer receipt (no funds move), (3) sign an agentic api_call receipt, (4) team receipts into a group via POST /v1/r3pv/groups, (5) generate the Ed25519-signed proof vector via GET /v1/r3pv/vector, (6) verify the vector itself at POST /v1/receipt/verify. Requests chain automatically — request 2 stashes the receipt, request 4 captures the group_id, request 5 captures the signed vector, request 6 proves it verifies.

Download collection (.json) R3Pv benchmark & latency

Start receipting — three ways in

Every action below hits a real, running Hive surface. Start with one paid receipt, test a model receipt for free, or request an activation key to scope a pilot.

Where the same proof layer could take Postman next

Act I receipts the agentic API operations Postman already lets agents run — making today’s MCP traffic independently provable. Act II points the same independent proof layer at what Postman is building toward: agents that operate the entire API lifecycle headlessly (source 2). These are strategic options to weigh, not a claim that everything is live today.

Every line below rests on the same principle: an independent attestor. A platform can’t meaningfully attest its own agent traffic to a downstream consumer — which is exactly why an outside proof layer adds value, and what makes these lines harder to replicate. Each should be reviewed with Postman’s security and product functions before any external launch.

Candidate line 01

A verifiable API supply chain

Evidence bundle · content-sealed export
The categoryEvery agent-generated spec, collection, mock, and monitor carries a signed provenance chain a downstream consumer can re-verify offline — turning “an agent built this” into “here is who built it, from what, and who approved it.”
Where Postman fitsPostman already generates these artifacts headlessly; here each becomes a portable, tamper-evident object rather than an internal record.

Hive attests the operation and its provenance — never that the API design was right. That honest boundary is what keeps it credible to a consumer.

Candidate line 02

Signed collection, test & monitor provenance

Model receipts · generation-provenance
The categoryEach collection, test suite, and monitor an agent produces ships with a signed receipt binding the source spec, the generating agent, and the output — provenance built into the artifact, not bolted on later.
Where Postman fitsThe lifecycle already runs spec→collection→mock→tests→monitor; the provenance receipt is what would be new at each hop.

The provenance is the product; the receipt is the artifact that survives a supply-chain review.

Candidate line 03

A receipt explorer inside Postman

SmartAgent route graph · verify surface
The categoryAgent API operations surface as a browsable, verifiable receipt graph — which agent did what, when, and under which approval — re-checkable on demand, not reconstructed before an audit.
Where Postman fitsThe agent traffic already exists; a native receipt explorer would make its provenance visible and independently verifiable in one place.

A verifiable operation graph is a candidate surface; the receipt graph is the audit trail.

Candidate line 04

Paid API actions with usage proof

x402 settlement · agent-task receipts
The categoryWhen an agent invokes a paid or metered API action, it pays and proves on-rail via x402 (USDC / Base 8453, live today), with each agent task receipted — usage that is provable, not just billed. Provider-independent agent-task receipts are ready; broad agent-platform coverage (e.g. Manus) is awaiting a first-party API surface — a roadmap item, not a live integration.
Where Postman fitsTool calls already count toward plan limits; the settlement + proof rail is already live, and external-agent-platform coverage expands as those platforms expose callable APIs.

x402 settlement and signed receipts are live; specific third-party agent-platform integrations are labelled as fast-follow, never asserted as shipped.

Act I proves what Postman’s agents run today. Act II points the same independent proof layer at where Postman is heading — each a strategic option to weigh, harder to replicate because independence can’t be self-supplied, and none of them a claim that the line is live today.

Postman operates. Hive proves. Together the API lifecycle isn’t only automated — it’s independently provable.

Explore the live surfaces

Every link below is a real, running page — not a mock.

Sources

Public references for the Postman statements cited above. Where capabilities appear on those pages, treat them as source-described by Postman, not asserted here.

  1. Postman MCP Server — Postman product page. Describes the MCP Server giving AI agents trusted access to the full Postman platform, connecting MCP-compatible agents to 100+ tools across collections, specs, environments, and workspaces over HTTPS and local stdio; tool calls counting toward API plan limits; and generating MCP servers for internal APIs via Agent Mode (beta) and public APIs via the MCP Generator. postman.com/product/mcp-server/
  2. Headless Postman: automating the API lifecycle with the MCP Server — Postman engineering blog. Describes agents driving the full lifecycle — OpenAPI spec → collection → mock server → tests → monitor — without opening the app, in roughly ten minutes of prompting, exposing workspaces, collections, environments, mock servers, and monitors as tools. blog.postman.com/headless-postman-automating-the-api-lifecycle-with-the-mcp-server/
  3. Hive live rails referenced on this page: x402 checkout /x402-checkout/, signed model receipts /model-receipts/, runtime protection /afir/protection/, independent verification /verify/, and activation /activate/.