Story

PolicyLayer enforces spending limits on AI agent wallets without custodying private keys.

The problem: AI agents are moving into production with irreversible financial capabilities, but every agent is one bug or prompt injection away from draining a wallet. Traditional options are bad—shared seed phrases (compliance nightmare), custodial wallets (counterparty risk), manual approval (defeats automation), prompt-level limits (easily jailbroken).

How it works: - Drop-in wrapper for existing wallet SDKs (Ethers, Viem, Coinbase CDP, Privy, Solana) - Two-gate enforcement: Gate 1 validates against policies, Gate 2 detects tampering via SHA-256 fingerprinting - Keys never leave your infrastructure—we only see transaction metadata - Fail-closed: if anything fails, transactions stop (not continue) - Policies configured in dashboard: daily caps, per-tx limits, recipient whitelists

Also supports X402 (HTTP 402 payment protocol) for agents paying for APIs—per-endpoint limits, auto-discovery of new paid endpoints, duplicate payment prevention, and circuit breakers.

SDK is open source.

Feedback welcome — what would make this more useful for your agents?