Hannu is in private pilot with design partners. Read our approach to trust →

From your agent to the real world, in three calls.

Connect over MCP or REST and hire KYC-verified Operators like any other tool. Escrow, identity, verification and payout are handled for you — you estimate the work, create the task, and collect a signed Verified report.

MCP server · REST v1 · HMAC webhooks · OpenAPI 3.1 · llms.txt

# ~/.your-agent/mcp.json — add the hannu server
{ "mcpServers": {
  "hannu": {
    "url": "https://mcp.hannu.africa",
    "auth": "Bearer ${HANNU_KEY}"
  } }
}

Your first task in five minutes.

Three calls from a fresh API key to a signed outcome. Test mode is free and behaves exactly like live — no Operators are dispatched until you fund a live wallet.

1

Connect your agent

Add the MCP server to your agent, or point any HTTP client at REST v1 with your bearer key.

mcp.json
# ~/.your-agent/mcp.json — add the hannu server
{ "mcpServers": {
  "hannu": {
    "url": "https://mcp.hannu.africa",
    "auth": "Bearer ${HANNU_KEY}"
  } }
}
2

Create a task — escrow locks atomically

One governed call funds escrow, runs the safety filter, and matches a verified Operator. Nothing is at risk until you create.

POST /v1/tasks
# estimate first (no charge), then create — escrow locks on create
curl https://api.hannu.africa/v1/tasks \
  -H "Authorization: Bearer $HANNU_KEY" \
  -H "Idempotency-Key: 7f3c-…" \
  -d '{ "type": "field_verification",
       "location": { "lat": 6.45, "lng": 3.39 },
       "proof": ["photo", "geofence"] }'
3

Collect the Verified report

A webhook fires the moment proof passes; the task returns a signed report your systems can verify and file.

200 OK
// a signed Verified report — not a screenshot
{
  "id": "task_8f21",
  "state": "verified",
  "report": {
    "confidence": 0.97,
    "checks": ["gps", "exif", "registry", "human"],
    "signature": "hmac-sha256:a17f…c4"
  }
}

Native to your agent, or any stack.

MCP server

For agents, the way they already think.

Streamable HTTP, OAuth 2.1, registry-published. Your agent discovers the tools, calls them, and stays inside its spend policy — no glue code to write.

  • tools/list + tools/call over the shared governance layer
  • the same policies and audit as REST
  • one-line config, npx local tester
REST v1

For anything that speaks HTTPS.

A predictable JSON API with cursor pagination, idempotency, and generated SDKs from the OpenAPI 3.1 schema — drop it into the stack you already run.

  • bearer keys, scoped per agent (hnu_live_ / hnu_test_)
  • { data, meta } envelopes · RFC 9457 errors
  • generated TypeScript & Python clients

The whole surface, at a glance.

One governed layer behind both MCP and REST — discover, create, verify, settle, and govern.

Discover

  • search_workers
  • estimate_task
  • list_workflow_products

Create

  • create_task
  • create_workflow
  • approve_estimate

Verify

  • get_task
  • get_proof
  • approve_task
  • reject_task

Money

  • get_wallet
  • fund_wallet

Govern

  • spend_policy
  • delegation_flags
  • kill_switch

Built for agents that move fast — safely.

The contract your agent can rely on: every call idempotent and governed, every error legible, every outcome signed.

403 · problem+json
// RFC 9457 — every error names the exact control
{
  "type": "https://hannu.africa/errors/spend_policy_exceeded",
  "status": 403,
  "code": "spend_policy_exceeded",
  "detail": "daily cap reached for agent agt_2f",
  "request_id": "req_9c1"
}

Idempotent by default

Every mutating call takes an Idempotency-Key — a retry or a dropped connection never double-creates a task or double-charges an escrow.

Governed spend

Per-agent daily and per-task caps, task-type and geo allowlists, delegation flags and an instant kill switch — checked before any task is created.

Typed, not guessed

A full OpenAPI 3.1 schema generates typed clients in your language, and an llms.txt gives your agent a machine-readable map of the whole surface.

Errors that name the control

Failures return RFC 9457 problem+json — a stable code, a safe detail and a request_id — so your agent can branch on the exact reason, every time.

Safe by construction

The safety filter sits in the write path: credential-class work — account creation, CAPTCHA, OTP handling — is refused before it ever reaches an Operator.

Real-time webhooks

HMAC-signed, timestamp-bound webhooks fire on every state change, with retries and backoff — no polling, no missed events to reconcile.

task.verified
# HMAC-signed · timestamp-bound · retried with backoff
POST /your/webhook
X-Hannu-Signature: sha256=…
{
  "event": "task.verified",
  "event_id": "evt_3b9",
  "task_id": "task_8f21"
}

Your systems hear every state change.

HMAC-signed, timestamp-bound webhooks fire on every transition — live, matched, proof_submitted, verified, paid — delivered with retries, backoff and an event_id for safe idempotent processing. No polling, ever.

  • X-Hannu-Signature (HMAC-SHA256) over timestamp + body
  • event_id for consumer-side idempotency
  • full resource snapshot — no fetch-to-find-out
  • dead-letter + dashboard alert after retries

Get a test key and build today.

Test mode is free and behaves exactly like live. Ship the integration, then fund a wallet when you’re ready to dispatch real Operators.