Sardis

What it is

Sardis is a financial authority layer that sits between an AI agent and anything that moves money: crypto wallets, issued cards, stablecoins, or x402 endpoints. It decides whether a payment is allowed before it executes, and records why.

The problem it solves

Agents can already reason about a purchase, but the moment they need to pay, someone hands them a raw credential and hopes for the best. One misread quantity or one prompt injection can move real money with nothing in the way. Spend caps alone do not fix this: cap the wallet and you throw away the autonomy you wanted in the first place.

How it works

Every payment runs through a signed mandate, a statement of exactly what the agent may do (merchants, categories, per transaction and cumulative limits, time windows, approval thresholds). A deterministic policy engine checks each rule on the execution path, with no fast lane that skips enforcement, and denies on any breach. Human approval is a state in the machine, not a popup bolted on the side. Each decision is written to a hash chained audit log that can be anchored on chain, and Sardis never holds keys or runs the wallet itself.

Where it fits

It is the authority layer beneath agent payment rails like x402, MPP, and AP2, not a competitor to them. You bring your own provider (Stripe, Circle, a wallet); Sardis governs what the agent is allowed to do with it and leaves proof a third party can verify.

Status

Working. There is a Python SDK and a TypeScript SDK, a FastAPI reference API across thirteen route domains, an MCP server exposing sixty plus tools to Claude and Cursor, and Solidity contracts for identity, policy, and audit anchoring deployed on Base and Tempo.