OpenPermit
The authorization layer for machine payments

Give AI agents permits,
not wallets.

Your agents buy data, compute, and APIs on their own, inside mandates you approve, audit, and can revoke at any time. Every payment checked before money moves. Every receipt on the record.

Launch AppRead the spec
Launch methodsx402 · MPP
agent: research-bot-04 · live
12:04:11GET market-data.feed/q3 · $0.04ALLOW
12:04:13x402 settle · base-usdc · receipt #8841PAID
12:05:02POST gpu.run/inference · $1.20ALLOW
12:05:08mpp authorize · monad-usdc · receipt #8842PAID
12:05:40GET shadow-api.xyz/dump · $9.00DENY
seller not in mandate allowlist
12:06:15budget window · $39.96 / $50.00OK
mandate 0x7c4e…91afhardware-attested · revocable
Policy before payment

Every machine payment passes through the gate

Agents request. Mandates decide. Launch payment methods execute. Receipts prove. One policy layer for x402 and MPP.

agentresearch-04agentops-pilotagentbuyer-swarmPERMITpolicy · budget · auditmethodx402 / basemethodx402 / monadmethodmpp / monad
allowdenyescalaterevoke · fail closed
01

One layer, three surfaces

buyers, sellers, and the agents in between
buyer/

Buyer Control Plane

  • Issue mandates: budgets, sellers, payment methods, expiry
  • Approve with passkey, hardware wallet, or enterprise MFA
  • Track spend by agent, seller, payment method, and window
  • Revoke instantly and agents fail closed
  • Export receipts and audit events for finance
mandate 0x7c4e…91af · ACTIVE · revocable
seller/

Seller Platform

  • Drop-in x402 + MPP middleware for paid endpoints
  • Price by route, model, usage, or customer tier
  • Require minimum assurance levels per resource
  • Receipts, refunds, and dispute primitives
  • Paid-request analytics: revenue, conversion, repeat buyers
402 Payment Required → 200 OK
sdk/

Agent SDK

  • wrapFetch adds 402 handling to any request
  • MCP tools for agent runtimes
  • Dry-run price discovery before money moves
  • Policy-aware retries with readable failure reasons
  • Receipts attached to agent traces
wrapFetch(fetch, { mandate })
02

Assurance is a spectrum. Price it in.

every mandate approval gets a trust tier
  1. L1softwareApprovedAPI key, service account, or software-only signer, for local test flows.
  2. L2passkeyApprovedWebAuthn passkey ceremony tied to the OpenPermit relying party.
  3. L3walletApprovedWallet signature without verified hardware context.
  4. L4hardwareWalletApprovedKnown hardware-wallet flow, such as Ledger or Trezor signing.
  5. L5hardwareAttestedVerifiable device identity, firmware capability, or equivalent remote attestation.
  6. L6enterpriseApprovedEnterprise SSO/MFA with organization roles and audit context.

// sellers can require a minimum assurance level per resource; requests below the bar are denied before money moves

03

Why now

the window for an open authorization layer
// the machine economy needs paperwork

PERMITS,NOT WALLETS

01

Agents are already buying

Data, compute, model calls, and APIs, all bought machine to machine with no human checkout in the loop.

02

Payment methods exist, control doesn’t

x402 and MPP make resources payable over HTTP, but they don’t answer who authorized the spend, what limits apply, or how revocation works.

03

Audit is the product

Finance and security teams need receipts, policy decisions, and kill switches, not another wallet.

04

From spec to network

the rollout plan, phases 0–5
  1. phase/0

    Specification & threat model

    Canonical mandate, intent, proof, and receipt formats; fail-closed revocation semantics.

  2. phase/1now

    x402/MPP offchain MVP

    wrapFetch, passkey and wallet approval, policy enforcement, receipts, local sellers.

  3. phase/2

    Hardware wallets & seller platform

    Ledger, Trezor, and WalletConnect approvals; seller pricing, assurance minimums, analytics.

  4. phase/3

    Onchain enforcement

    Smart-account and session-key policy modules: ERC-4337, EIP-7702, ERC-1271.

  5. phase/4

    Enterprise controls

    Roles, dual approval, SSO/MFA, SIEM export, and emergency kill switches.

  6. phase/5

    Seller network

    Verified directory, public receipt verification, and marketplace publishing.

The machine economy needs paperwork. We’re writing it.

Request the deckLaunch App
path-neutral · wallet-neutral · fail-closed