Trust for AI agent
payments.
x402 lets agents pay. Lemma proves who, under what authority, and on what data — via ZK, and out of scope, it never runs.
import wrapFetchWithProof from '@trust402/protocol' // compose proof gating before the x402 payment const fetch402 = wrapFetchWithProof(fetch, artifact, gate, lemma) // keys and data stay put — only proofs flow await fetch402('https://api.example/data')
// compose proof gating before the x402 payment
Reference
implementation
Live on Base Sepolia. $0.01 GET succeeds / $500 POST fails closed.
View on GitHub →Drop into your
MCP / Agent
Use directly from Anthropic MCP or OpenAI Agent SDK.
Join the waitlist →● ETHGlobal Open Agents 2026 Finalist · Aligned with Coinbase Developer Platform 2026-06 release · x402 / MCP standards · Source on GitHub
Scope
Out of scope,
it never runs.
Your agent runs only within the authority you delegate. Out of scope, it stops before the call is sent. No hand-rolled guardrails.
Stopped before it's sent.
Calls that fail proof verification stop before they're sent (fail-closed).
$500 POST → blocked Authority is declared, not coded.
Declare role, limits and scope as a proof — no authorization branches in your code.
scope: payments:autonomous Every stop leaves a trail.
Every allow and every stop lands in an independently verifiable audit trail.
audit trail · verifiable ● fail-closed by default · every stop lands in the audit trail · measured on the reference implementation
Just paying
isn't enough.
x402 settles the payment. Trust402 attaches provable authority, identity, and scope to that payment — recording who paid on behalf of whom, within what bounds, and against what data in a tamper-evident form.
Who, within what bounds, on what data —
cannot be reconstructed afterward.
Who, under what authority
proven cryptographically.
Four operational areas
Trust402 unlocks.
Where agent-delegated payments meet real workflows, Trust402's authority proof + audit trail earns its keep.
AI expense approval
Limits and scope as ZK proof — settle and approve without a human in the loop.
Metered API billing
Plan-holder proof at the wire — bill without provisioning credentials.
Cross-agent settlement
Prove the payment authority across an agent-to-agent chain.
Compliance flow
Attach KYC / AML attributes via selective disclosure — settle under regulation.
The reference implementation is live on GitHub.
One middleware,
over your existing x402 flow.
The standard stays intact. Trust402 sits as a ZK verification layer.
Trust402 is
Lemma's trust infrastructure.
x402 trust infrastructure. Grants agents ZK identity, role, and budget so they can pay autonomously — built on Lemma's shared "don't hold the data" design.
Extending the "don't hold"
design to x402.
Trust402 takes Lemma's trust infrastructure and extends it into agent autonomous payment. Agents are handed neither keys nor data; only proofs flow. The receiving side independently verifies legitimacy.
Read more on the Trust Infrastructure →Prove credentials via Poseidon commitments.
prover.prove(credential) Prove role assignment via Circom circuits.
Groth16 / BN254 Enforce budget caps via 128-bit LessEqThan.
fail-closed guarantee USDC settled via EIP-3009.
extensible to other stablecoins Tamper-evident settlement via the Lemma oracle.
Base Sepolia · mainnet ready Four tiers,
Explorer to Pro.
Explorer
Sandbox · testnet only
Coming soon
Builder
Production access · for individual developers
Coming soon
Studio
Team plan · priority support
Coming soon
Pro
High volume · SLA guaranteed
Coming soon
Common questions.
How is this different from OAuth?
OAuth covers user access authorization. Trust402 complements it by ZK-proving the agent's delegated authority, identity, and scope. OAuth token + Trust402 proof together close authority governance for the agent era.
How does it integrate with MCP?
Works with Anthropic MCP server / client, OpenAI Agent SDK, or your own agent harness. The MCP server charges via x402; Trust402 verifies the calling agent's delegated authority.
Can I retrofit Trust402 onto an existing x402 setup?
Yes. Compose wrapFetchWithProof in front of wrapFetchWithPayment — payments without a valid proof are rejected before they're sent. The x402 standard is untouched; requests that clear the proof gate are processed as usual.
Does this apply to actions beyond payments?
Yes. Proofs are verified per call, so the same applies to non-payment API calls and MCP tool calls. Out-of-scope calls stop before they're sent. Start with payments, extend to everything your agent does.
Do you support enterprise-specific requirements?
Authority design, audit requirements, integration with existing systems — start with a discovery call. Book one via the contact form.
When does this ship?
2026-06, aligned with the Coinbase Developer Platform GA. The reference implementation is already on GitHub (testnet).