Agent Controls · Early access

Your AI agents have spend authority. Who signed off?

Axiru Agent Controls is the policy and evidence layer for agent-initiated payments across x402, MPP, ACP, AP2, and OUSD. The newest agent rails are designed with no human decision point by construction: between "agent wants to spend" and "money moves" there is, by default, nothing. Axiru is the layer that goes there. Signed approvals before value moves, receipts after. No new wallet, no funds custody.

The problem

The newest rails removed the human on purpose.

MPP and x402 are explicitly designed so that no human sits between a resource request and payment execution. That is the point of them, and it is also the vacuum: every deployment ships with zero org-level governance unless someone adds it. Nobody in the org can answer which agent spent what, under whose authority, against which policy, with what evidence. Axiru is the policy layer these rails assume someone else provides.

Headline feature

Cryptographically verifiable spend authority.

Every approved agent payment gets a signed, short-lived, single-use authorization token, offline-verifiable by the rail or merchant. Not a log line that says a policy ran: a cryptographic artifact that proves this specific payment carried this specific authority. No valid token, no money movement.

  1. Agent requests authorization

    Your agent, middleware, or the rail itself asks Axiru for a decision before the payment executes: amount, rail, tool or merchant, agent identity, the delegation it acts under.

  2. Policy decides

    The decision engine evaluates your policies deterministically: allow, deny, or route to a human. Delegation scope from the x402 governance extension is enforced as a policy input.

  3. Signed authority or nothing

    On allow, Axiru mints a short-lived, single-use signed token bound to the exact transfer. The rail or merchant verifies it offline. No valid token, no money movement. Fail-closed.

  4. Evidence, sealed

    The decision, the policy versions evaluated, the delegation, and the outcome seal into the hash-chained evidence ledger. When someone asks who approved that, there is an answer.

Status: honest

What is live today.

Agent Controls is in early access. The foundation below is running now; we would rather show you the real line between shipped and shipping than wave a feature grid at you.

x402 pre-authorization API

Live. Every x402 payment-required flow can request a decision before value moves. The engine returns allow, deny, or require_approval, and on allow mints a signed authorization token. Fail-closed by construction: no token, no payment.

Cryptographically verifiable spend authority

Live on the x402 pre-authorization and stablecoin executor paths. Every approved agent payment carries a short-lived, single-use Ed25519/JWS token the rail or merchant verifies offline against the published keys. Enforcement is structural, not cooperative.

Delegation enforcement

Live. Axiru consumes the x402 governance extension and enforces delegated authority as a policy input: the transaction must fit inside what the principal actually signed off on, or it does not go through.

Stablecoin transfer decisions

Early access. USDC-on-Solana transfer intents run through the same pre-execution decision endpoint, with rail-scoped policies and velocity limits. Org-by-org rollout.

Hash-chained evidence ledger

Live. Every decision seals into a SHA-256 hash-chained ledger with the policy versions evaluated, the initiator, and the outcome. Auditors re-derive the chain end to end.

Open source guardrails SDK

@axiru/agent-spend-guardrails: TypeScript middleware that wraps x402 and fetch-based tool calls with local budget enforcement, with a hosted Axiru upgrade path. Open source, in this stack today.

Coming in the current phase

What the waitlist gets you first.

These are in active build in the current phase. Waitlist orgs get them as they land, org by org, and get a direct line into what ships next.

Per-agent budgets

Per-agent, per-tool, per-merchant budgets with burn-down views: per call, daily, monthly.

Agent registry

Register agent identities, bind them to the humans or orgs they act for, assign policies.

MPP adapter

Charge intents map onto the existing x402 path; session intents get session-level governance: max session spend, voucher velocity, auto-close thresholds.

Agent Spend Receipts

A signed, per-transaction evidence artifact: agent identity, principal, mandate, intent hash, policy version, decision rationale.

Agent Spend Exposure Scanner

Connect an account or paste x402 logs and see your ungoverned agent spend and worst-case daily exposure.

Where Axiru sits

Complementary to the rails. Structural where it counts.

Axiru does not issue payments, hold funds, or compete with any rail. It is the governance layer of the composable agent stack: neutral across models, orchestrators, and rails.

Versus wallet-based platforms

Some platforms can only govern agent spend if your money moves into their wallet first. Axiru governs spend on the rails you already use: controllable spend on any rail, no new wallet required. We never take custody of funds, ever.

Versus protocol-level extensions

Governance extensions at the protocol level (like the x402 governance extension) are primitives, and good ones. Axiru is the org-level control plane above them: policies, approvals, budgets, evidence, across rails. Complementary by design: we consume those extensions, we do not compete with them.

Versus network-side agent trust

Card networks are building agent identity and trust scores on the network side. That answers who the agent is. Axiru is buyer-side authority and budget: whether this agent may make this payment, under whose delegation, against which policy.

Versus building in-house

Teams under-build the part regulators over-ask for: versioned policies and an audit-grade evidence trail. Axiru ships both as the product, not as the backlog item that never makes the sprint.

Early access

Decisions before dollars move, for AI agents.

Join the waitlist and we will follow up as onboarding slots open in the current phase. If you want to see the underlying engine on live rails today, the cross-rail governance surface and the open source guardrails SDK are the fastest paths in.

Join the early-access waitlist

We enable Agent Controls org by org during the current phase. Tell us what your agents spend on and which rails you use, and we will follow up when your slot opens.

Prefer email? Write to hello@axiru.com with the subject "Agent Controls early access". You can also book a demo of the governance engine that Agent Controls builds on.

We use cookies for analytics and marketing measurement. You can reject non-essential cookies at any time.

Privacy policy
Agent Controls | Axiru: agent spend governance for x402, MPP, ACP, AP2, and OUSD | Axiru