Governance layer for Stripe agent payments — APS commerce delegation
Stripe handles money movement. Governance handles who authorized it, within what limits, and produces the audit trail. Neither replaces the other.
The gap
The Agent Toolkit uses Restricted API Keys (RAKs) to control which Stripe APIs an agent can call. RAKs are static, dashboard-configured, and don't answer:
- Who authorized this specific agent to make this specific purchase?
- What's the per-task spending ceiling, not just the API key's scope?
- Which merchants is this agent allowed to transact with?
- Does a human need to approve above a threshold?
- Can we trace this payment back to the human who delegated authority?
What we built
Agent Passport System (Apache 2.0, 2,306 tests) ships a commerce delegation layer that answers all five. We built a governance adapter that wraps the Stripe Agent Toolkit:
Agent wants to pay
│
▼
APS 4-Gate Preflight
1. Passport valid? ← Ed25519 agent identity
2. Scope authorized? ← Delegation includes commerce
3. Budget remaining? ← Per-delegation spend tracking
4. Merchant allowed? ← Allowlist check
│
All pass → Stripe processes payment
Any fail → Blocked, signed receipt emitted
│
▼
Signed ActionReceipt
(links payment → delegation chain → human principal)
Works with:
- Stripe Agent Toolkit (LangChain, CrewAI, Vercel AI SDK)
- Stripe MPP (Machine Payments Protocol)
- Stripe x402 (USDC micropayments on Base)
- Stripe SPTs (Shared Payment Tokens)
Demo
npm install agent-passport-system
npx tsx examples/stripe-governance/demo.ts
Output shows four scenarios: auto-approved payment, human-approval-required, unauthorized merchant (blocked), and budget exhaustion (blocked).
Integration surface
The adapter wraps toolkit.getTools() with governance checks:
import { governStripeTools } from 'agent-passport-system/examples/stripe-governance'
const governedTools = governStripeTools(toolkit.getTools(), {
passport: agentPassport,
delegation: commerceDelegation,
onHumanApprovalRequired: async (req) => notifySlack(req),
onReceipt: (receipt) => auditLog(receipt),
})For MPP payments:
const result = await governMPPPayment(config, {
amount: 4999, currency: 'usd',
merchant: 'api.openai.com',
resource: 'API credits',
paymentMethod: 'spt',
})
// result.authorized, result.receipt, result.remainingBudgetWhat this enables for Stripe
| Concern |
Stripe |
APS |
| Money movement |
✓ |
|
| Payment processing |
✓ |
|
| Fraud detection (Radar) |
✓ |
|
| Agent identity verification |
|
✓ |
| Per-delegation spend authorization |
|
✓ |
| Merchant allowlisting |
|
✓ |
| Human escalation gates |
|
✓ |
| Cryptographic audit trail |
|
✓ |
Enterprise buyers deploying agents with Stripe need both layers. Happy to discuss deeper integration or contribute directly.
Adapter source: https://github.com/aeoess/agent-passport-system/tree/main/examples/stripe-governance
SDK: npm install agent-passport-system (v1.34.0)
Paper: https://doi.org/10.5281/zenodo.19260073
Governance layer for Stripe agent payments — APS commerce delegation
Stripe handles money movement. Governance handles who authorized it, within what limits, and produces the audit trail. Neither replaces the other.
The gap
The Agent Toolkit uses Restricted API Keys (RAKs) to control which Stripe APIs an agent can call. RAKs are static, dashboard-configured, and don't answer:
What we built
Agent Passport System (Apache 2.0, 2,306 tests) ships a commerce delegation layer that answers all five. We built a governance adapter that wraps the Stripe Agent Toolkit:
Works with:
Demo
Output shows four scenarios: auto-approved payment, human-approval-required, unauthorized merchant (blocked), and budget exhaustion (blocked).
Integration surface
The adapter wraps
toolkit.getTools()with governance checks:For MPP payments:
What this enables for Stripe
Enterprise buyers deploying agents with Stripe need both layers. Happy to discuss deeper integration or contribute directly.
Adapter source: https://github.com/aeoess/agent-passport-system/tree/main/examples/stripe-governance
SDK:
npm install agent-passport-system(v1.34.0)Paper: https://doi.org/10.5281/zenodo.19260073