Policy-Governed Agent Payments - PGAP

PGAP solves how to safely allow AI agents to spend real money without trusting the AI. As autonomous agents begin purchasing APIs, data, and services, critical risks emerge: overspending, hallucinated recipients, bypassed safeguards. Existing systems rely on off-chain trust or agent self-restraint, which doesn't scale safely. PGAP's answer: AI proposes payments, smart contracts enforce rules on-chain. ARCHITECTURE Three layers with clear trust boundaries: 1. Gemini AI Agent (untrusted proposer) - reads policy, proposes PaymentIntents 2. Backend Executor (untrusted relayer) - submits transactions without modification 3. TreasuryWithPolicy Contract (trusted enforcer) - validates all invariants on-chain POLICY ENFORCEMENT Multi-layer protection: - Per-transaction spending limits - Daily spending caps with automatic resets - Cooldown periods between payments - Recipient allowlists - Replay protection via nonces - Emergency pause mechanism Even if AI hallucinates, backend is compromised, or requests are spammed, funds remain safe. Worst-case loss is bounded by policy configuration. DEMO Five scenarios prove defense-in-depth: 1. Valid payment execution 2. AI refusal of over-limit requests 3. On-chain cooldown enforcement 4. Unauthorized recipient blocking 5. Nonce replay attack prevention This demonstrates AI reasoning plus immutable on-chain enforcement. PRODUCTION READY The $1 demo limit is intentionally conservative for testnet visibility. Production deployments configure limits based on risk tolerance—$100 for small businesses, $10,000+ for enterprises. Only configuration values change; enforcement logic remains identical. Built on Arc with native USDC settlement. Verified transactions on Arc Sepolia testnet prove end-to-end functionality. PGAP is a configurable policy engine enabling safe autonomous agent spending in production environments.