Protocol

Security as a machine-payable primitive.

The protocol turns pre-signature analysis into a per-request market: local agents buy intelligence, providers are paid immediately, and other agents can buy verdicts before signing.

Download whitepaperView token model

Architecture

A local core calls priced remote intelligence without becoming custodial.

Local

No custody, no aggregate export

Policy, monitored addresses, the budget accumulator, and encrypted history stay on the user's machine. Remote services receive only the minimal artifact needed for one answer.

Metered

Every external call is priced

Simulation, audit, threat lookup, and inference providers expose paid HTTP endpoints. The agent settles one request at a time through x402.

Symmetric

Verdicts become a service

The same interface used to buy intelligence can sell a verdict to another autonomous agent before that agent signs.

x402

The payment loop is small enough to run before a signature.

  1. 1

    Agent issues an unpaid request for one discrete unit of intelligence.

  2. 2

    Endpoint returns 402 Payment Required with price, accepted asset, and destination.

  3. 3

    Agent checks balance and budget gate: spend only if s + p <= B.

  4. 4

    Agent signs the payment authorization and re-issues the request.

  5. 5

    Endpoint returns the result and the local accumulator updates spend.

Properties

The protocol is designed around narrow, machine-priced answers.

Bounded spend

The local gate checks budget and balance before every paid request, making s <= B an invariant.

No persistent account

The endpoint is paid for one answer. The next request repeats the loop without stored credentials.

Provider competition

Simulation, audit, and threat providers compete on verdict quality because callers can move freely.

Agent-native demand

Any autonomous signer can purchase a verdict before execution using the same HTTP payment primitive.

Threat model

The security claim is deliberately narrow.

1

Reduces transaction-time deception: drainers, unlimited approvals, poisoned addresses, and misleading calldata.

2

Does not promise perfect detection. Novel exploits can pass when no consulted source catches them.

3

Does not custody funds or seize signatures. Policy gates release while the user remains in control.

4

Assumes the user's device is not compromised; local-first protects data from third-party aggregation.