Govern every AI agent payment, across every rail.
AI agents are starting to move real money — refunds, payouts, Stripe DAA charges, x402 micropayments, stablecoin transfers. Axiru is the cross-rail governance layer that sits in front of all of it: one decision endpoint, one signed authorization, one tamper-evident audit trail.
One engine, every agent-payment rail.
The legacy Stripe surface runs enforcing on v1 today. The cross-rail v2 surface — including Stripe DAA, x402, stablecoins and ACH — ships incrementally over Phase 1. The Pre-Authorization API endpoint, x402 policy middleware, JWKS publication route, and verifier package are live; the v2 Decision Engine binding and production signer land on the M8–M11 milestones.
Direct-Account-Authorized agent payments. Axiru evaluates every agent_payment, agent_payout, and agent_authorization before it leaves your stack and returns a signed authorization the rail verifies on receipt.
HTTP 402 payment-required flows for agent-to-agent and human-to-agent commerce. The Decision Engine evaluates the x402_authorization request and issues an authorization token signed by the Axiru JWKS.
Refunds, payouts, transfers, disputes, application-fee refunds. The existing Stripe governance you already have keeps running unchanged on the v1 policy path while the cross-rail engine runs in shadow alongside it.
Stablecoin transfers initiated by treasury-management agents. One template enforces hard country blocklists and rolling-window per-agent caps without forking your policy authoring.
Any rail you wire through the AGT extension surfaces in the same decision endpoint. Phase 2 lands first-class adapters; today they run via the action-gateway shim.
The contract for agent money movement.
Four primitives compose into the contract every governed rail honors. Build new rails on top, audit old rails against it, never blur the boundary.
One decision endpoint
Every agent-initiated transfer is evaluated by a single Decision Engine call before money moves. Policies match on rail, rail action, amount, initiator kind, agent scope, counterparty, rolling windows, and time of day — ten rule kinds in the v2 DSL.
Signed pre-authorizations
When the engine allows a transfer it returns a JWT signed by the Axiru JWKS. The rail (Stripe DAA, x402) verifies the signature on the inbound call. No signature, no money movement. Fail-closed by construction.
Tamper-evident audit ledger
Every decision lands in the audit ledger with the OVT fingerprint, rail, rail action, policy versions evaluated, agreement vs the v1 shadow result, and the signed authorization JTI. SHA-256 chained. Auditors re-derive end-to-end.
Shadow before enforcing
Wire the engine in shadow mode first. Every decision is recorded but no rail check is gated. Compare v1 vs v2 agreement, fix policy drift, and flip enforcement on per-rail when your team is ready.
From agent request to signed authorization in one round-trip.
The same flow ships across rails. Stripe DAA and x402 use the same authorization endpoint; the rail-specific bits live in the OVT and the verifying middleware. Your policies don't care which rail the request came in on — unless you want them to.
Agent requests an authorization
Your agent (or the rail's MCP host) POSTs to /api/v1/authorizations with the proposed OutboundValueTransfer — amount, rail, rail action, initiator, counterparty, agent metadata.
Decision Engine evaluates
Policies run in priority order. The v1 evaluator returns the canonical decision (allow / deny / require_approval). The v2 cross-rail evaluator runs in shadow and records agreement metrics. Both paths share the same Prisma policy rows.
Signed authorization or escalation
On allow, the route mints a JWT with the OVT fingerprint, expiry, and JTI; signs it with the rotating Axiru key; and returns it to the agent. On require_approval, the request lands in the live approval queue with a rail-aware action label and a Slack-routable button.
Rail verifies + executes
Stripe DAA / x402 verify the JWT against the published JWKS at axiru-jwks.json before executing. Failed verification is a hard reject from the rail. The decision, authorization, and final settlement are all linked in the audit ledger.
Watch a governed x402 flow end-to-end.
The live demo shows an external agent walking through the x402 payment-required handshake, requesting an authorization from Axiru, getting a signed JWT back, and the demo merchant verifying the signature against the published JWKS before settling. Same flow ships for Stripe DAA.
- External agent: a third-party MCP-hosted agent hits the demo merchant endpoint and receives an HTTP 402 with the Axiru policy hint.
- Authorization request: the agent POSTs to /api/v1/authorizations with the proposed OVT — amount, rail (x402), agent scopes, counterparty.
- Signed JWT response: on allow, the agent receives a JWT (5-minute expiry, JTI bound to the OVT fingerprint) signed by the rotating Axiru key.
- Merchant verifies + settles: the demo merchant fetches axiru-jwks.json, verifies the JWT, and settles. Every hop lands in the audit ledger.
Same policy editor, new rail-agnostic rule kinds.
The v2 DSL adds ten rail-agnostic rule kinds — rail, rail_action, amount, initiator_kind, initiator_id, agent_scope, counterparty, rolling_window, time_of_day, custom_expression. Your existing v1 policies keep evaluating exactly as today; the v2 editor lights up in Phase 2.
- Rail filter: apply a policy only to Stripe DAA or x402 traffic — leave the legacy Stripe refund path untouched.
- Rolling-window aggregates: match when any single agent has spent more than $5,000 in the rolling 24h window.
- Counterparty country lists: hard-block DAA payouts whose destination country is in the sanctioned-country list.
- Agent scope guards: require
payments:write; refuse ifdangerous:cross-tenantis present. - DAA stablecoin starter templates: three opinionated templates ship today — browse the library →
Wire one endpoint. Govern every agentic payment.
Start in shadow mode — Axiru observes without enforcing. Flip enforcement on per-rail when your team is ready.
Start in shadow mode first. Move to live enforcement later.