47-epoch cryptographic session re-key API. 47 is both a safe prime (47 = 2×23+1) and a Gaussian prime (47 ≡ 3 mod 4) — proven in Lean 4 with zero sorry, zero axioms. No sub-period resonance. Maximum non-splittability in ℤ[i].
MCP CVE-2025-6514 compromised 437,000 developer environments through long-lived session tokens. The attack vector is simple: steal the credential once, use it forever. RatchetGate closes this window by automatically re-keying every 47 epochs — any stolen credential expires within one ratchet cycle. The 47-epoch window is not arbitrary: 47 is a safe prime, meaning the ratchet cycle has no sub-period structure that attackers can exploit to predict or synchronize with re-key events.
Three operations build the complete session lifecycle. Each epoch advance narrows the window for credential misuse.
Call POST /v1/ratchet/register to create a session. Receive a session_id, epoch 0, and the re-key schedule. Your G ₁₈ admission gate is checked at registration.
Call POST /v1/ratchet/advance at each interaction. The epoch counter increments. At epoch 47, a rekey_event: true fires and the session automatically re-keys with a new proof anchor.
Fleet-level session monitoring. Pass an array of session_ids and receive re-key status for each in one call — no per-session credential exposure. Designed for orchestrators managing hundreds of concurrent agent sessions. GET /v1/ratchet/status/{id} returns epoch, re-key count, and next re-key epoch for any single session.
Each pip represents one epoch. The ratchet re-keys at epoch 47. No sub-period exists — attacks cannot synchronize with re-key events.
Simulates the RatchetGate session lifecycle. In production, each advance is a real API call.
The 47-epoch cycle is not a configuration value. It is a formally proven mathematical invariant. Three theorems in RGLoop.lean establish its security properties.
x402 micropayments on Base L2 — no account, no commitment, no monthly fee. Use an API credit pack if you prefer a key over per-call signing.
X-API-Key header instead of x402The aethel-nexus-sdk wraps all RatchetGate endpoints. Register a session, advance epochs on each interaction, and let RatchetGate handle the re-key schedule automatically.
// Step 0: get x402 payment token (agent does this autonomously) const probe = await fetch('/v1/ratchet/register', { method: 'POST' }); // HTTP 402 → { amount:"0.002", currency:"USDC", network:"base", payTo:"0x..." } const token = await wallet.signX402Payment(await probe.json()); // Step 1: Register a new session const reg = await fetch('/v1/ratchet/register', { method: 'POST', headers: { 'Content-Type': 'application/json', 'X-402-Payment': token }, body: JSON.stringify({ session_id: 'my-agent-session' }) }); // { session_id: "my-agent-session", epoch: 0, rg_loop: 47, // next_rekey_at_epoch: 47, lean4_theorem: "rg_loop_is_safe_prime" } // Step 2: Advance epoch on each agent interaction const adv = await fetch('/v1/ratchet/advance', { method: 'POST', headers: { 'X-402-Payment': token }, body: JSON.stringify({ session_id: 'my-agent-session' }) }); // epoch 46→47: { epoch: 47, rekey_event: true, rekey_count: 1 } // Credentials auto-rotated. Stolen token is now expired.
500 RatchetGate sessions for $4. No account, no crypto wallet needed. API key by email in seconds.
Get 500 Calls — $4 →Register, advance, probe, status. The complete session lifecycle in a minimal surface area.
Create a session with epoch = 0. Optionally pass an agent_id for G₁₈ admission gate.
POST /v1/ratchet/register
Increment epoch by 1. Returns rekey_event: true when epoch hits 47 and session re-keys.
POST /v1/ratchet/advance
Read current epoch, re-key count, G₁₈ admission, and next re-key epoch for any session.
GET /v1/ratchet/status/{id}
Batch health-check multiple sessions in one call. Returns status for each session_id in the array.
POST /v1/ratchet/probe