Skip to main content

What it is

Spend Guardrail is the single check a platform makes before letting an AI agent move money. In one call it verifies the agent’s Agent Passport, enforces the payer’s Payment Mandate per-period cap, applies your platform policy — and returns a post-quantum-signed ALLOW or DENY decision with the reasons. It is the authorization stack wired into a single enforcement gate: who the agent is (Passport)
  • what the payer authorized (Mandate) + your rules (policy), evaluated together, fail-closed.
Crucially, it moves no funds. It produces a decision; your execution layer does the on-chain pull only when the decision is ALLOW. That keeps it a pure authorization-and-audit component — no custody, no settlement, low regulatory surface.

One decision, defence in depth

Passport validity + scopes + the passport’s spend limit + your policy (allowlists, per-transaction caps) + the mandate’s enforced per-period cap — all in one fail-closed evaluation.

Every decision is evidence

ALLOW and DENY produce a Falcon-1024-signed, offline-verifiable receipt recording who decided, what, and why — a tamper-evident audit trail of every agent-spend authorization.

Moves no funds

The Guardrail decides; your platform executes on ALLOW. No custody, no settlement — easy to adopt and easy to put through risk review.

The authorization stack

Agent Passport + Payment Mandate, combined into the control plane an agentic-payments platform actually integrates at the moment of spend.

What you get

  • The missing control point. Passport says who; Mandate says what’s authorized. The Guardrail is the single check that combines them — with your policy — at the moment an agent tries to pay.
  • Correct by construction. Checks run in a deterministic, fail-closed order, and the mandate’s per-period cap is only consumed once everything else has passed — so a policy-denied attempt never eats the payer’s allowance.
  • A signed decision trail. Every ALLOW and every DENY is a signed receipt, verifiable offline from the public key. Hand a regulator or auditor a complete record of agent-spend decisions — not just the payments that went through.
  • Policy you control. Allowlists, per-transaction caps, required scopes, and agent denylists are configured by you and evaluated alongside the credential and the mandate.
  • Optionally Substrate 2-bound. Fold each decision receipt into the broader Substrate 2 evidence chain.

How it works

StepWhat happens
VerifyCheck the Agent Passport — signature, expiry, revocation, scopes, spend limit.
Apply policyAllowlists, per-transaction caps, required scope, denied agents.
Enforce mandateRun the Payment Mandate’s per-period authorize-charge.
DecideReturn a signed ALLOW/DENY decision receipt (with reasons and remaining headroom).
The platform executes the payment only if the decision is ALLOW.

Cryptography

  • Post-quantum signing. Every ALLOW/DENY decision is a Falcon-1024-signed (NIST Level 5), offline-verifiable receipt. The guardrail moves no funds and composes Agent Passport + Payment Mandate — each itself post-quantum signed.

Why commercial

The decision engine was never published as open source — there is no free tier to fall back on. It is offered as a commercial product because the value is in a maintained, correct, payments-grade control point:
  • Embed without attribution overhead. A commercial OEM licence lets you ship it inside your own product with no open-source notice obligations.
  • Enterprise terms. Support, warranty, and a defined relationship — for a payments-critical decision dependency.
  • Maintained crypto suite. Post-quantum primitives and the decision logic are ongoing work, bundled into the licence.

Who it’s for

  • Agentic-commerce and autonomous-procurement platforms that need one safe “can this agent pay this, now?” gate before execution.
  • Agent frameworks and orchestrators adding payments that need spend control and an audit trail without building the cryptography and ordering themselves.
  • Wallets and PSPs enabling agent spend that need enforced caps and a signed decision record.
  • Anyone who needs a single, auditable decision point for agent spend that ties identity, authorization, and caps together.

Get Spend Guardrail

Spend Guardrail is an additional, separately-licensed package — an add-on that binds to Substrate 2, not part of Substrate 2 itself. It is the capstone of the authorization stack (Agent Passport + Payment Mandate) and is typically licensed together with them. It is available self-serve as a Starter licence (see below) and as a commercial OEM SDK and is included in the AlgoVoi Enterprise and On-premise plans. It is not distributed on public package registries.

Buy Starter — $6,000

Starter licence — perpetual, self-hosted, paid in USDC on mainnet. The store issues your licence key + install command on settlement; install from the private index and set ALGOVOI_LICENSE_KEY to run. Enterprise / OEM (warranty, indemnity, SLA, multi-deployment, Substrate 2 binding): email us.