Moving money should beauditable by default.

Agents never touch your API keys. Every payment is authorized by a cryptographically signed mandate token — scoped to an agent, an amount, a purpose, and a time window. Compromise a mandate, lose a mandate. Revoke it in one call.

• Cryptographic signing with per-org secrets
• TTL, max-amount, purpose, counterparty constraints
• Revocable instantly · audited on revoke
• Rotated on schedule · replayable for audit

Every transaction runs through a per-agent policy: daily / weekly / monthly spend limits, deny-lists of countries and categories, allowed counterparties, blocked time windows. Your CFO writes the rules once. Every agent follows them forever.

• Per-agent budgets with 80% threshold alerts
• Deny-lists · allow-lists · category gates
• Time windows · geographic restrictions
• Dry-run mode for simulation before go-live

Every check, route decision, mandate use, execution result, and rollback is written to an append-only hash chain. Tamper-evident by construction. Export to SIEM (Datadog, Splunk) or to your auditor as signed JSON in one command.

• SHA-256 hash chain · chained per-org
• Tamper-evident signatures on every entry
• Export to Datadog, Splunk, S3 · JSON or CSV
• Auditor-ready receipts with full replay

Every rail call carries an idempotency key. Retries never double-charge. Partial failures trigger a defined rollback plan — money stays where it should. The transaction state machine is explicit and auditable.

• Idempotency keys on every rail call
• Exponential backoff with circuit breakers
• Rollback plan per transaction type
• State machine · no orphan transactions

Agents interpret natural-language intent, which opens a class of attacks the classic webhook world never had. CodeSpar ships a defense layer with pattern rules, structural analysis, and composite risk scoring before any mandate is signed.

• 14 pattern rules · instruction override, jailbreak, exfiltration, delimiter abuse
• Structural analysis · role markers, suspicious Unicode, formatting abuse
• Composite risk score · 0.7 block threshold
• Custom patterns per organization

When something looks wrong, speed matters. One API call revokes every mandate for an agent, an org, or the entire platform. Audit replay reconstructs state exactly. Your on-call engineer does not need to understand the ledger to stop the bleeding.

• Kill switch · revoke-all in one call
• Scoped revokes · per-agent, per-mandate, per-rail
• Audit replay from any hash-chain point
• Breach disclosure playbook · legal + technical

Every agent debits from a per-agent fund pool, never from the org's main account. Funds segregation is a database-enforced invariant — not app code, not a policy. Auditors read the schema, not the runtime. Multi-rail funding (instant transfer, card, wire, stablecoin) lands on the same ledger; reconciliation against provider receipts runs automatically every 60 seconds.

• Negative balance impossible · DB CHECK enforces it
• Mandate-gated debits · CHECK requires mandate_id
• Cross-tenant blocked · org_id + project_id on every read
• Reconciliation flags humans · engine never auto-resolves