AI Payment Guard sits between your agents and any payment rail. Every transaction is evaluated against your rules, held for human review when risk is high, and recorded in an inviolable audit trail. Three lines of integration, zero room for runaway spend.
Prompt injection, runaway loops, mis-calibrated tools, hallucinated invoices. The same autonomy that makes agents useful makes them financially dangerous. Built-in guardrails inside the agent are too fragile; bank-side limits are too coarse. You need a control layer between them.
Your agents never touch the rail directly. They submit intents to AI Payment Guard, which evaluates rules, requests human approval when needed, and only then unlocks execution.
Your agent posts a payment intent over HTTPS with a Bearer key and an Idempotency-Key. The API responds in under 100 ms.
A pure policy engine walks your rules in priority order: REJECT wins, then human review, then auto-approve. Default is fail-safe.
The decision is returned synchronously. Approvals and rejections are signed, logged in an append-only chain, and notified via webhook.
The official Node.js SDK ships with auto-generated idempotency keys, exponential retries on transient errors and a typed webhook verifier. Your agent code stays clean — the control logic lives where it should: server-side.
View the SDK reference →import { PaymentGuard } from "@payment-guard/node";
const guard = new PaymentGuard({ apiKey: process.env.PG_KEY! });
// Before every payment, ask permission.
const intent = await guard.paymentIntents.submit({
amount_minor: 24_900,
currency: "EUR",
beneficiary: { name: "AWS", account_identifier: "DE12500105170648489890" },
category: "infrastructure",
memo: "Monthly invoice",
});
if (intent.decision === "APPROVED") {
await guard.paymentIntents.execute(intent.id); // ✅
} else if (intent.decision === "REJECTED") {
log("blocked by policy", intent.decisionReason); // 🚫
} else {
// Wait for the webhook — a human will decide. // ⏸
}Every primitive a CFO, a Head of Risk and an integration engineer would ask for — built in, not bolted on.
Six rule types out of the box: amount thresholds, daily caps, beneficiary whitelists, category blocks, time windows and per-agent scopes. Combine them with priorities.
Every event is appended with a sha-256 hash linked to the previous one. Append-only enforced by a database trigger — even a rogue admin cannot tamper.
Pending payments land in a queue with risk scores and beneficiary history. Approvers decide with one click; rejections require a reason.
A 0–100 score per intent, computed from beneficiary history, agent patterns, time of day, missing memo and sensitive categories. Explainable factors, not a black box.
HMAC-SHA256 signed deliveries with retries. Official Node.js SDK with typed errors, auto-idempotency and a constant-time signature verifier.
Strict organization isolation in every query. Role-based access — Owner, Admin, Approver, Viewer — plus separation of duties between humans and agents.
Rail-agnostic by design. Whatever sits behind your executor — Stripe Treasury, open banking, an MPC wallet, a virtual card — the control logic doesn't change.
Cap how much your agents top up on AWS, OpenAI, or any per-call API. The use case AI-native teams care about most.
Vendor invoices, payroll, supplier payments via SEPA, ACH or wire. Apply per-beneficiary rules and human review above thresholds.
Plug into Fireblocks or any MPC custody. Policy thresholds become signing thresholds. Stablecoin payouts, rebalancing, smart-contract calls.
Seller disbursements, refunds, affiliate commissions, insurance claims. Apply velocity caps and anomaly checks at scale.
Inventory restocking, ad-buying agents, automated negotiation. Approve below seuil, escalate above — with full traceability.
Refund and goodwill agents that can compensate up to a limit, escalate beyond. Bound the blast radius of what your AI can give away.
Every audit event lives in a table where UPDATE and DELETE are blocked by a PostgreSQL trigger. Even with raw SQL access, no one can rewrite history.
Each event references the sha-256 of the previous one. Verify the entire chain on demand — a single broken link surfaces immediately.
Every payment intent submission requires an Idempotency-Key. Replays are de-duplicated server-side; double payments are structurally impossible.
Agents can submit and execute. Humans approve and audit. The two identities are distinct: an agent can never approve its own intent.
Try the full-stack demo locally in 60 seconds, or book a call to discuss your deployment.