Got high-stake Agentic AI actions?

Deterministic control
for the agentic economy.

IntentChain is the centralized, exclusive execution path for any AI agent action with economic impact and high-risk operation.

We are the guardrail between agent intent and real-world impact. When AI agents touch money or sensitive systems, the request is centrally validated, policy-checked, bound to a single-use permit, and only then executed exclusively through our gateway.

Put the money-moving call on a controlled execution path, not behind an agent runtime wrapper.

No permit No execution

Single-use Replay rejected

Hash-bound Changed request blocked

Agent-safe No downstream keys

Run the demo Read in detail →

Fits into existing stacks LangGraph Microsoft Agent Framework MCP Custom Stacks

POST /v1/payment — Governed Payment Request

// Agent requests a $5,000 payment through IntentChain
POST /v1/payment
Authorization: Bearer sk_live_…
X-Agent-ID: wire-transfer-agent
{
  "from": "acct_8832",
  "to": "acct_4421",
  "amount": 5000,
  "currency": "USD"
}
      // → Authenticated. Policy-evaluated. Permit bound. Executed via gateway.
      { "status": "completed", "charge_id": "ch_9f3a" }

Agent Runtime

Any framework · Any model

IntentChain

Validation · Policy · Permit

Mirror your target API Deny by default Signed single-use permit

Execution Gateway

Credential mediation · Call Forwarding · Fail-closed

Forward-time credential retrieval Structured receipts

Money API

Bank · PSP · Ledger target

Payment endpoint Protected mutation

✓ Permit issued ✓ Forwarded exactly ✓ Receipt logged

Deployment flavors

IntentChain is designed for two deployment flavors: managed SaaS for fast rollout, and Enterprise self-hosted for teams that want the gateway under full customer control behind private VNets while keeping the same permit and policy model.

SaaS

IntentChain operates the control plane and gateway as a managed execution service.

Best for teams that want the governed execution rail without managing deployment, routing, or gateway operations themselves.

Enterprise self-hosted

IntentChain keeps the control plane, while the execution gateway runs inside the customer's private network boundary.

For regulated or high-custody deployments, the customer runs the gateway behind private VNets and keeps routing, network enforcement, and credential custody under their own control.

Framework middleware

Useful for instrumented tool calls, but only where the runtime hook exists. Direct SDK or HTTP paths can still escape the policy layer.

Generic proxy

Centralizes traffic, but without signed request binding it still cannot prove the forwarded mutation is the one policy approved.

IntentChain execution rail

The protected mutation path is controlled end to end: schema validation, signed permit, credential mediation, exact forwarding, and receipt logging all happen on the executable path.

Authorize

Authenticate the agent, validate the request against a supported native or mirrored action, and evaluate deterministic policy for policy-required operations.

Bind

Issue a signed single-use permit that locks the approved request shape and parameters. Retry or mutate the request and the gateway rejects it.

Execute

Retrieve downstream credentials at forward-time, forward the exact approved request, and store a structured execution receipt for audit.

agent.py — Payment Action Integration

import httpx
async def transfer_funds(from_acct, to_acct, amount, currency="USD"):
    # Agent has NO downstream credentials — only an IntentChain API key
    async with httpx.AsyncClient() as client:
        response = await client.post(
            "https://intentchain.ai/v1/payment",
            headers={
                "Authorization": f"Bearer {API_KEY}",
                "X-Agent-ID": "wire-transfer-agent",
            },
            json={
                "from": from_acct,
                "to": to_acct,
                "amount": amount,
                "currency": currency,
            },
        )
    # IntentChain handles the protected execution path:
    # Auth → Policy eval → Permit → Credential mediation → Forward → Receipt
    return response.json()
# The agent never sees bank credentials.
# The agent cannot change the amount after policy approval.
# The gateway records a structured execution receipt.

policy.json — Amount Threshold + Velocity Check

{
  "name": "wire-transfer-limits",
  "canonical_action": "money.payment",
  "rules": [
    {
      "field": "amount",
      "operator": "lte",
      "value": 25000,
      "on_fail": "deny"
    },
    {
      "field": "agent_daily_total",
      "operator": "lte",
      "value": 250000,
      "on_fail": "deny",
      "message": "Agent daily ceiling exceeded"
    }
  ],
  "resolution": "deny-wins"
}
// Deny-wins: if ANY rule fails, the action is blocked.
// No LLM in the decision path — deterministic evaluation.

terminal — Raw HTTP Request

# Wire transfer through IntentChain gateway
curl -X POST https://intentchain.ai/v1/payment \
  -H "Authorization: Bearer sk_live_AbCdEf..." \
  -H "X-Agent-ID: wire-transfer-agent" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "acct_8832",
    "to": "acct_4421",
    "amount": 5000,
    "currency": "USD"
  }'
# Response (transparent — same as downstream API)
{
  "charge_id": "ch_9f3a",
  "amount": 5000,
  "currency": "USD",
  "status": "completed"
}

Attack vector	Raw credentials	Policy middleware	IntentChain
Direct HTTP call outside the framework hook Uninstrumented SDK or raw client path	✕ Direct call executes	~ Missed if outside hook	✓ No protected path except the gateway
Approved request is changed before execution Payload differs from what policy approved	✕ Executed as sent	~ Depends on where approval runs	✓ Permit hash mismatch → blocked
Agent replays the same payment 10× Same request repeated	✕ 10 executions succeed	~ Retry behavior varies by app	✓ Single-use permit rejects replay
Credential theft from the agent runtime Container or memory compromise	✕ Full downstream access	~ Still exposed if creds live in runtime	✓ Agent holds no downstream creds
Unsupported endpoint or schema drift Action not in an approved native or mirrored profile	✕ Downstream decides	~ Depends on adapter coverage	✓ Denied by default

Signed single-use permits

Ed25519-signed JWTs bind exact parameters. Changed payload → hash mismatch → blocked. Expired → blocked. No permit, no path.

Agent-safe credential mediation

Gateway retrieves downstream credentials at forward-time from the configured credential store. Agents never see or handle downstream API keys.

Deterministic allow or deny

Policy-required actions are evaluated deterministically against validated request data. No LLM sits in the live decision path.

Mirror ingress

Protect tenant-approved OpenAPI mirrored routes with the same validation, permit, and forwarding model.

Structured receipts and audit trail

Every request logs intake, validation, policy decision, forwarding, and receipt events so audit goes through the full execution lifecycle.

Roadmap: Authority envelopes and verification

Budgets, trusted facts, and approval-vs-outcome verification extend the same execution rail for higher-assurance control layers.

Payments, refunds, and settlement

AI support agents issuing refunds, processing chargebacks, and adjusting billing. Every action is financially irreversible — a rogue agent means real money lost.

→ Refund issuance with per-agent daily limits

→ Chargeback processing with amount binding

→ Settlement reconciliation against payment processor

High-value Real-time Irreversible

Wire transfers, KYC, and loan origination

Banking agents moving money between accounts, approving loan applications, and updating customer KYC records. Regulated, audit-critical, and zero-tolerance for errors.

→ Wire transfers with customer daily limits + agent budget ceilings

→ Loan origination with escalation thresholds

→ KYC approval with trusted-fact verification from core banking

Highest-value Regulated Audit-critical

Account provisioning, billing, and state changes

Enterprise AI automating account lifecycle — provisioning, tier changes, billing adjustments, and configuration mutations across Salesforce, Zendesk, and internal systems.

→ Account provisioning with approval workflows

→ Billing adjustments with exposure tracking

→ Cross-system state changes with reconciliation

Medium-value Cascading impacts

Prescription renewals, billing, and patient records

Healthcare AI handling appointment scheduling, prescription renewals, billing disputes, and patient record updates. Compliance-heavy with strict audit requirements.

→ Prescription renewals with formulary validation

→ Billing dispute resolution with amount limits

→ Patient record updates with role-based access control

Compliance-heavy Audit-critical

Put the first irreversible agent action behind a controlled path.

Start with one governed payment, transfer, refund, or account mutation.
No downstream credentials in the agent runtime. No protected mutation outside the gateway.

Run the demo Contact us

Deterministic control
for the agentic economy.

The critical action does not reach the target API unless IntentChain allows it

SaaS

Enterprise self-hosted

A $5,000 payment. Seven steps. No downstream keys in the runtime.

IntentChain truly differentiates.

Authorize. Bind. Execute.

One API call. One controlled execution path.

What breaks in runtime governance, and what doesn't

What ships now, and what comes next

Built first for money movement and account state

Payments, refunds, and settlement

Wire transfers, KYC, and loan origination

Account provisioning, billing, and state changes

Prescription renewals, billing, and patient records

Put the first irreversible agent action behind a controlled path.

Deterministic control for the agentic economy.

The critical action does not reach the target API unless IntentChain allows it

SaaS

Enterprise self-hosted

A $5,000 payment. Seven steps. No downstream keys in the runtime.

IntentChain truly differentiates.

Authorize. Bind. Execute.

One API call. One controlled execution path.

What breaks in runtime governance, and what doesn't

What ships now, and what comes next

Built first for money movement and account state

Payments, refunds, and settlement

Wire transfers, KYC, and loan origination

Account provisioning, billing, and state changes

Prescription renewals, billing, and patient records

Put the first irreversible agent action behind a controlled path.

Deterministic control
for the agentic economy.