> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getovra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP-Tool-Referenz

> Jede Action und Parameter für die 19 ovra_* Tools.

Alle 19 Tools nutzen einen `action`-Parameter zur Auswahl der Operation. Required-Parameter pro Action via JSON-Schema `if/then` enforced.

## Agent-Tools (9)

### `ovra_pay`

Single Entry-Point für den vollen Payment-Flow. Handled Intent + Policy + Credential.

| Action       | Required                                   | Beschreibung                                |
| ------------ | ------------------------------------------ | ------------------------------------------- |
| `checkout`   | `agentId`, `purpose`, `amount`, `merchant` | Voller Payment-Flow in einem Call           |
| `status`     | `intentId`                                 | Payment-Status prüfen                       |
| `handle_402` | `agentId`, `url`, `merchant`, `amount`     | HTTP-402-Challenges handeln                 |
| `discover`   | `agentId`                                  | Verfügbare Spend-Limits und Policy anzeigen |

### `ovra_intent`

Payment-Intents deklarieren und verwalten.

| Action    | Required                                          | Beschreibung                          |
| --------- | ------------------------------------------------- | ------------------------------------- |
| `declare` | `agentId`, `purpose`                              | Intent erstellen — Policy-Check läuft |
| `get`     | `intentId`                                        | Detail abrufen                        |
| `cancel`  | `intentId`                                        | Unfilled Intent canceln               |
| `verify`  | `intentId`, `actualAmountEuros`, `actualMerchant` | Post-Settlement-Verifikation          |

### `ovra_credential`

Scoped Payment-Credentials issuen. Agent sieht nie die zugrundeliegende Karte.

| Action   | Required                      | Beschreibung                          |
| -------- | ----------------------------- | ------------------------------------- |
| `obtain` | `intentId`                    | Grant + Issue + Redeem in einem Call  |
| `grant`  | `intentId`                    | Nur Grant                             |
| `issue`  | `grantId`                     | Issue aus Grant                       |
| `redeem` | `credentialId`                | DPAN, Cryptogram, Dynamic-CVC abrufen |
| `revoke` | `credentialId` oder `grantId` | Revoke                                |
| `status` | `credentialId`                | Status prüfen                         |

Redeem returnt:

```json theme={}
{
  "type": "network_token",
  "dpan": "4XXX XXXX XXXX XXXX",
  "cryptogram": "AJkBBk...==",
  "dynamicCvc": "482",
  "eci": "05",
  "expiryMonth": 12,
  "expiryYear": 2028,
  "network": "visa"
}
```

<Warning>
  Der DPAN ist ein Visa-Network-Token, nicht die FPAN. Das interne `fillToken` ist AES-256-GCM verschlüsselt und in MCP-Responses maskiert.
</Warning>

### `ovra_card`

Virtuelle Karten verwalten. Credentials werden via `ovra_credential` ausgegeben.

| Action     | Required                      | Beschreibung                            |
| ---------- | ----------------------------- | --------------------------------------- |
| `issue`    | `agentId`, `usage`, `purpose` | Neue Karte ausgeben                     |
| `list`     | `agentId`                     | Karten eines Agents listen              |
| `freeze`   | `agentId`                     | Freeze (reversibel)                     |
| `unfreeze` | `agentId`                     | Resumieren                              |
| `close`    | `agentId`, `confirm: true`    | Permanent Close                         |
| `rotate`   | `agentId`                     | Neue Credentials issuen, alte schließen |

### `ovra_policy`

Read-only by design. Policies modifizieren via Dashboard oder API-Key.

| Action | Required  | Beschreibung                |
| ------ | --------- | --------------------------- |
| `get`  | `agentId` | Aktuelle Agent-Policy lesen |

### `ovra_transaction`

| Action | Required                | Beschreibung              |
| ------ | ----------------------- | ------------------------- |
| `get`  | `transactionId`         | Detail abrufen            |
| `memo` | `transactionId`, `memo` | Annotieren (audit-logged) |

### `ovra_receipt`

Nur PDF, base64-codiert, max 5 MB.

| Action   | Required                 | Beschreibung         |
| -------- | ------------------------ | -------------------- |
| `upload` | `intentId`, `fileBase64` | PDF-Receipt anhängen |
| `get`    | `intentId`               | Receipt abrufen      |

### `ovra_dispute`

| Action | Required                  | Beschreibung        |
| ------ | ------------------------- | ------------------- |
| `get`  | `disputeId`               | Detail abrufen      |
| `file` | `transactionId`, `reason` | Neuen Dispute filen |

### `ovra_outcome`

Payment-Outcomes für Policy-Learning melden.

| Action   | Required                         | Beschreibung   |
| -------- | -------------------------------- | -------------- |
| `report` | `agentId`, `type`, `description` | Outcome melden |

## Money-Movement (6)

### `ovra_account`

| Action   | Required    | Beschreibung                          |
| -------- | ----------- | ------------------------------------- |
| `get`    | `accountId` | Wallet-Detail                         |
| `create` | `name`      | Wallet erstellen                      |
| `fund`   | `amount`    | Funds hinzufügen (Sandbox: simuliert) |

### `ovra_payment`

| Action   | Required                                            | Beschreibung          |
| -------- | --------------------------------------------------- | --------------------- |
| `get`    | `paymentId`                                         | Transfer abrufen      |
| `create` | `sourceAccountId`, `destinationType`, `amountEuros` | Transfer erstellen    |
| `split`  | `sourceAccountId`, `legs`                           | Atomarer 1-zu-N-Split |

### `ovra_vendor`

| Action   | Required       | Beschreibung           |
| -------- | -------------- | ---------------------- |
| `get`    | `vendorId`     | Beneficiary abrufen    |
| `create` | `name`, `iban` | Beneficiary hinzufügen |
| `delete` | `vendorId`     | Entfernen              |

### `ovra_workflow`

| Action | Required     | Beschreibung     |
| ------ | ------------ | ---------------- |
| `get`  | `workflowId` | Workflow abrufen |
| `end`  | `workflowId` | Workflow beenden |

### `ovra_authorization`

Delegations — scoped Tokens an Dritte ausgeben.

| Action   | Required                         | Beschreibung           |
| -------- | -------------------------------- | ---------------------- |
| `get`    | `authorizationId`                | Detail abrufen         |
| `create` | `permissions`, `expiresInHours`  | Grant erstellen        |
| `redeem` | `authorizationId`, `acceptToken` | Einlösen zu `at_dlg_*` |
| `revoke` | `authorizationId`                | Revoke                 |

### `ovra_claim`

Einzug — Payment-Requests, Links, Invoices. Tool wird in Future-MCP-Release zu `ovra_collect` umbenannt; die Actions sind stabil.

| Action           | Required                                            | Beschreibung              |
| ---------------- | --------------------------------------------------- | ------------------------- |
| `request_create` | `destinationAccountId`, `amountEuros`               | Payment-Request erstellen |
| `request_list`   | –                                                   | Requests listen           |
| `request_get`    | `requestId`                                         | Detail abrufen            |
| `request_settle` | `requestId`, `sourceAccountId`                      | Internal-Settle           |
| `request_cancel` | `requestId`                                         | Cancel                    |
| `link_create`    | `destinationAccountId`, `amountEuros`               | Payment-Link erstellen    |
| `link_get`       | `linkId`                                            | Link abrufen              |
| `link_void`      | `linkId`                                            | Link voiden               |
| `invoice_create` | `destinationAccountId`, `customerName`, `lineItems` | Invoice erstellen         |
| `invoice_get`    | `invoiceId`                                         | Invoice abrufen           |
| `invoice_void`   | `invoiceId`                                         | Invoice voiden            |

## Admin (4)

### `ovra_agent`

| Action         | Required                      | Beschreibung                                     |
| -------------- | ----------------------------- | ------------------------------------------------ |
| `provision`    | `name`, `policyId`            | Agent erstellen                                  |
| `get`          | `agentId`                     | Detail abrufen                                   |
| `update`       | `agentId`                     | Update (Status-Changes brauchen `confirm: true`) |
| `issue_card`   | `agentId`, `usage`, `purpose` | Karte ausgeben                                   |
| `token_list`   | `agentId`                     | `at_*` Tokens listen                             |
| `token_create` | `agentId`                     | Scoped Token erstellen                           |
| `token_revoke` | `agentId`, `tokenId`          | Token revoken                                    |

### `ovra_customer`

| Action         | Required        | Beschreibung                                      |
| -------------- | --------------- | ------------------------------------------------- |
| `get`          | –               | Account-Profil                                    |
| `update`       | –               | Email, Name, Plan updaten                         |
| `gdpr_export`  | –               | Alle persönlichen Daten exportieren               |
| `gdpr_consent` | –               | Consent-Flags get/update                          |
| `gdpr_delete`  | `confirm: true` | Anonymisieren (Transaktionen retained per GwG §8) |

### `ovra_merchant`

Read-only Merchant-Intelligence.

| Action    | Required | Beschreibung                     |
| --------- | -------- | -------------------------------- |
| `resolve` | `query`  | Merchant-Name → MCC + Risk       |
| `explain` | `code`   | MCC → Kategorie + Beschreibung   |
| `suggest` | `query`  | Kaufzweck → empfohlene Allowlist |

### `ovra_config`

Read-only. Keys und Webhooks via Dashboard oder API verwalten.

| Action         | Required | Beschreibung                         |
| -------------- | -------- | ------------------------------------ |
| `key_list`     | –        | API-Keys listen (Secrets redaktiert) |
| `webhook_list` | –        | Webhook-Subscriptions listen         |

## Annotations

Jedes Tool trägt Metadaten die MCP-aware Clients nutzen können:

| Hint              | Bedeutung                         |
| ----------------- | --------------------------------- |
| `readOnlyHint`    | Tool mutiert keinen State         |
| `destructiveHint` | Tool löscht oder terminiert etwas |
| `idempotentHint`  | Zweimaliger Aufruf ist safe       |

## Weiter

<CardGroup cols={2}>
  <Card title="MCP-Übersicht" icon="info" href="/de/mcp/overview">
    Architektur und Sicherheit.
  </Card>

  <Card title="MCP-Setup" icon="terminal" href="/de/mcp/setup">
    Installation pro Client.
  </Card>

  <Card title="API-Referenz" icon="code" href="/de/api-reference">
    Vollständige REST-Surface — jeder Endpoint, jedes Feld.
  </Card>
</CardGroup>
