The PayClaw Trust Constitution
We believe the future of commerce is agentic.
Users want agents that can shop for them — browse, compare, and complete purchases without friction, without handing over a card number, and without losing control of what happens next.
Merchants want the same thing: authorized, verifiable agents acting on behalf of real customers, buying real things, through the same rails that power commerce today.
This future is not theoretical. It is arriving now. The infrastructure to support it — the trust layer that makes it safe for users, merchants, and institutions alike — is what PayClaw was built to be.
To earn that role, we commit to the following without exception:
- Human-in-the-loop authorization at every step. Every agent action PayClaw enables carries a declared intent and explicit human approval — at browse, at cart, and at checkout — aligned to merchant standards as they evolve across Walmart, Shopify, Instacart, and other platforms that follow.
- No bypass. No workarounds. Ever. PayClaw does not promote, enable, or tolerate bot bypass, credential stuffing, or any workaround to merchant access controls. We exist to provide trust, intent, and verification to permitted actions only.
- Fintech-grade user security. Every user on PayClaw is protected by the same security standards applied to regulated financial products. No exceptions.
- Your data is yours. We do not use user data for marketing purposes. We do not sell data in any form, to anyone, for any reason.
- Your consent defines our data. PayClaw only tracks events tied to scopes you explicitly opted into. When you enable Badge, we track identity declarations and their outcomes — nothing more. When you enable additional scopes (search, cart, checkout), we track those events and their outcomes — nothing more. No ambient tracking. No background collection. No orphan events. The identity declaration is the consent boundary — without it, nothing is recorded.
We built PayClaw because we saw what was emerging and found it insufficient. Opaque crypto wallets that no merchant accepts. Personal card numbers handed directly to agents with no institutional protection. Forward-looking visions of agent-to-agent commerce that skip past the consumer-merchant relationship that exists today.
The answer is not to route around that relationship — it is to enhance it. To add a trust layer that makes high-velocity, distributed agent authorization legible, safe, and verifiable for every party in the transaction. That is what we are building. That is what we commit to.
Badge by PayClaw — Agent Identity
Merchants are drawing a line with AI agents. Walmart, Shopify, Instacart, and others are all setting policies now — agents must identify themselves and declare intent. Anonymous agent actions get accounts flagged or permanently banned. No warning. No appeal.
Badge declares your agent's identity and intent before every action. The account is protected. The action is traceable.
What Badge Declares
Every Badge-identified agent session carries:
- Agent type: Automated AI system acting on behalf of a human
- Principal verification: MFA-authenticated human authorized this session
- Per-action authorization: Every action carries explicit human approval
- Verification token: Cryptographic proof of principal identity (
pc_v1_...) - Contact path:
security@payclaw.iofor merchant verification
How Verification Works
- Agent calls
payclaw_getAgentIdentitybefore any shopping action - PayClaw issues an HMAC-SHA256 verification token tied to the authenticated principal
- Agent presents the disclosure and token to merchants during the session
- Merchants can verify the token and contact
security@payclaw.ioto confirm principal identity (with user consent)
No card is issued. No money moves. Badge is the identity layer — it works independently of payment.
Consent-Scoped Observability
Badge tracks what happens to your agent — but only within the boundaries you set.
- Every event is tied to a declaration. No identity declaration, no tracking. The
pc_v1_token is the consent boundary. - Two event streams, separated by design. PayClaw events (identity issued, trip completed) and agent events (challenges encountered in the wild) are tracked independently. PayClaw is an identity engine, not a bot bypass tool.
- Your scopes define the data. In V1, Badge tracks
[BROWSE]declarations and outcomes. When additional scopes are introduced (search, cart, checkout), each scope introduces its own event tracking — only when you opt in. - Attribution risk is disclosed. Any observation beyond your explicit consent scope is flagged as attribution risk on this page.
Design Principles
Badge is designed with merchant agent policies in mind — including those of Amazon, Shopify, Walmart, Instacart, and others. We do not claim compliance with any specific merchant's policy. We build for the pattern: declared identity, declared intent, verified principal, traceable action.
Spend by PayClaw — Agent Payment
When an agent needs to pay, Spend issues a virtual Visa card scoped to a single, human-approved task. Badge identity is included automatically — the agent that pays has already declared who it is.
Zero Trust by Design
PayClaw doesn't ask anyone to trust the AI agent. It makes trust unnecessary by ensuring an agent architecturally cannot spend money without real-time human authorization, and architecturally cannot accumulate financial credentials between tasks.
This isn't a policy. It's the product.
The Five Pillars
1. Zero Standing Access
An agent connected to PayClaw has no persistent financial state. It cannot query wallet balance, view card numbers, or access transaction history. Until the user approves a specific task, the agent knows nothing about the user's financial position.
2. Single-Intent Authorization
Every dollar that flows through PayClaw requires a discrete, human-approved intent:
- Merchant: Where the purchase will be made
- Amount: Estimated spend (validated against actual at settlement)
- Description: What is being purchased
- Expiry: 15-minute window — intent cannot be used after expiry
No batch approvals. No "spend up to $X this week." No merchant whitelisting that allows autonomous spending.
One task. One human approval. One card.
3. Ephemeral Card Credentials
A fresh virtual card is issued for each approved intent, used for the purchase, and destroyed. The agent never accumulates card credentials between tasks. Each task is financially isolated.
4. Atomic Authorization Flow
The complete lifecycle of an agent purchase is a single, unbroken chain:
Identity → Intent → Human Approval → Card Issuance → Purchase → Settlement → AuditEvery step is time-bounded, user-scoped, audit-logged, and reconciled. The agent cannot self-approve — only the human, authenticated with MFA, can authorize a purchase.
5. Immutable Audit Trail
Every event is logged: identity declaration, intent creation, human approval, card issuance, transaction settlement, and intent reconciliation. Audit logs are scoped per user via Row-Level Security.
Comparison to Alternatives
| Capability | Give Agent Your Card | Wallet + Auto-Spend | PayClaw (Badge + Spend) |
|---|---|---|---|
| Agent identity declared to merchants | No | No | Every session |
| Agent standing access to financial data | Full (card number) | Balance visible | None |
| Human authorization per transaction | None | None | Every transaction |
| Card credential lifespan | Permanent | Permanent | Single use |
| Maximum fraud exposure | Unlimited | Wallet balance | One approved amount |
| Audit trail granularity | None | Balance-level | Full lifecycle |
For Merchants
What to Expect from a PayClaw-Identified Agent
An agent presenting a PayClaw Badge has:
- Declared itself as an automated system (not a human)
- A verified, MFA-authenticated human principal behind the session
- Per-action authorization — every browse and purchase action was explicitly approved
- A verification token you can validate
How to Verify
If an agent presents a PayClaw verification token (pc_v1_...):
- The token confirms a verified principal authorized this session
- Contact
security@payclaw.iowith the token to verify principal identity (requires user consent) - Visit payclaw.io/trust for documentation
PayClaw agents do not bypass access controls. If your site requires login, CAPTCHA, or human verification — that is between the user and your platform. PayClaw enters after access is established. We complete the allowed steps. Nothing more.
For Developers
PayClaw provides three MCP tools:
| Tool | What It Does |
|---|---|
payclaw_getAgentIdentity | Declare agent identity → get verification token (Badge) |
payclaw_getCard | Declare purchase intent → get virtual Visa card (Spend) |
payclaw_reportPurchase | Report transaction outcome → auto-audit against intent |
Get Started
Badge + Spend (full stack):
clawhub install payclaw-ioBadge only (identity, no payment):
clawhub install payclaw-badgeSign up at payclaw.io to get your API key.
For Card Issuers
Your BIN is protected by multiple architectural layers:
- Identity-first: Every agent session is declared and verified before any card is issued
- Bounded exposure: $500 maximum wallet balance. Single-use cards. 15-minute expiry. One merchant per card.
- Human authorization: Every card issuance has a corresponding, MFA-verified human approval event.
- No agent accumulation: Agents cannot build up a portfolio of active cards or stored credentials.
- Full audit trail: Every identity declaration, intent, approval, issuance, and settlement is logged and reconcilable.
- Intent reconciliation: Automatic comparison of declared intent vs. actual spend — mismatches are flagged and logged.
The question isn't "do you trust the AI agent?" The answer is: the agent doesn't need to be trusted. The architecture enforces correct behavior.
Security Infrastructure
Authentication & Authorization
- Dual auth: API key (agent path) + session cookie (dashboard/approval path)
- API keys: cryptographically hashed with timing-safe comparison, per-user limits enforced
- MFA: TOTP AAL2 mandatory for all dashboard access — cannot be bypassed in production
- CSRF: Origin validation on all state-changing session requests, fails closed
Data Protection
- Card numbers never stored — transient API response only
- Verification tokens: cryptographically signed, time-bounded expiry, compliance context stored securely
- Supabase Row-Level Security on all user-facing tables
- Admin operations use service role key, isolated from user sessions
- All API communication requires HTTPS (enforced at MCP client level)
Infrastructure Security
- Vercel auto-deployment from protected branches only
- Content Security Policy: no unsafe-eval, strict script sources
- HSTS with 2-year max-age, includeSubDomains, preload
- Rate limiting: tiered via managed store, financial endpoints fail closed if rate-limit service is unavailable
Continuous Security
- AI code review on every pull request (CodeRabbit)
- Secret scanning on every commit (gitleaks)
- Daily automated dependency auditing
- Append-only security changelog and audit trail
PayClaw LLC · payclaw.io · security@payclaw.io