We Ran a Verifiable Agent-to-Agent Payment. Here's Exactly How.

On February 26, 2026 at 06:50 UTC, a software agent charged another software agent €2.00 through Stripe. No human clicked "Pay." No human approved the charge. The payment intent pi_3T4yNu6iihEhp9U91nXE5X3a succeeded in 66 seconds, confirmed by two separate Stripe accounts.

This post documents the architecture that made it possible, the proof that it happened, and why it matters.

The Problem

AI agents can call APIs. They can process results. But they can't pay for services the way humans do — clicking checkout buttons, entering card numbers, solving CAPTCHAs.

If you want agents to participate in an economy (buying compute, paying for scans, licensing data), you need a payment layer that works without human interaction, while remaining auditable.

The Architecture: Trust Layer

We built a certifying proxy called Trust Layer. It sits between a buyer agent and a seller API. Every call through it is:

1. Authenticated — via API key linked to a Stripe customer
2. Charged — off-session Stripe PaymentIntent, no human approval
3. Hashed — SHA-256 chain binding request, response, payment, and parties
4. Provable — immutable JSON proof, publicly verifiable

Agent (buyer)
    │
    │  POST /v1/proxy
    │  X-Api-Key: mcp_pro_***
    │  { target, amount, payload }
    │
    ▼
Trust Layer (certifying proxy)
    │
    │  1. Validate API key → get Stripe customer_id
    │  2. stripe.PaymentIntent.create(off_session=True, confirm=True)
    │  3. Forward request to upstream API
    │  4. Hash(request + response + payment_id + timestamp)
    │  5. Store immutable proof
    │
    ▼
Upstream API (seller)
    │
    │  Processes request normally
    │  Returns result
    │
    ▼
Agent receives: { proof, service_response }

Zero Registration

Agents don't "sign up." They call /v1/keys/setup with an email, get a Stripe Checkout link, save a payment method once, and receive an API key via webhook. Payment method = identity. No passwords, no OAuth, no KYC.

The Transaction

Here are the verified facts:

Field	Value
PaymentIntent	pi_3T4yNu6iihEhp9U91nXE5X3a
Amount	€2.00
Status	succeeded
Charge	py_3T4yNu6iihEhp9U91dimyelw
Created	2026-02-26T06:49:18 UTC
Confirmed	2026-02-26T06:50:24 UTC
Seller account	acct_1Sx8Ps6iihEhp9U9 (FR)
Client account	acct_1T4cujB0XLCJaFRI (FR)
Payment method	Saved Link (off-session)
Stripe fee	~€0.28 (14%)
Net received	~€1.72

Two distinct Stripe accounts. No shared credentials. The buyer agent initiated the payment programmatically using a saved payment method — confirm=True, off_session=True. No card numbers were transmitted; only the stored payment method ID (pm_1T4eNw6iihEhp9U9mVxv4TmZ).

Agent Client Code (Simplified)

Here's what the buyer agent actually runs:

import requests

API_KEY = "mcp_pro_***"
TRUST_LAYER = "https://arkforge.fr/trust/v1/proxy"

response = requests.post(
    TRUST_LAYER,
    headers={
        "X-Api-Key": API_KEY,
        "X-Agent-Identity": "compliance-scanner-v1",
    },
    json={
        "target": "https://arkforge.fr/api/v1/scan-repo",
        "amount": 2.00,
        "currency": "eur",
        "payload": {
            "repo_url": "https://github.com/org/repo"
        },
        "description": "EU AI Act compliance scan"
    }
)

result = response.json()
proof = result["proof"]
scan = result["service_response"]["body"]["scan_result"]

print(f"Paid: {proof['payment']['amount']} EUR")
print(f"Receipt: {proof['payment']['receipt_url']}")
print(f"Proof ID: {proof['proof_id']}")
print(f"Compliance: {scan['report']['compliance_percentage']}%")

The agent sends one POST request. The Trust Layer handles payment, forwarding, hashing, and proof generation. The agent gets back the scan results and a cryptographic receipt.

The Proof Structure

Every transaction produces an immutable proof:

{
  "proof_id": "prf_20260226_065024_a1b2c3",
  "timestamp": "2026-02-26T06:50:24Z",
  "hashes": {
    "request": "sha256:...",
    "response": "sha256:...",
    "chain": "sha256:..."
  },
  "payment": {
    "transaction_id": "pi_3T4yNu6iihEhp9U91nXE5X3a",
    "amount": 2.0,
    "currency": "eur",
    "status": "succeeded",
    "receipt_url": "https://pay.stripe.com/receipts/..."
  },
  "parties": {
    "agent_identity": "compliance-scanner-v1",
    "buyer_fingerprint": "sha256:...",
    "seller": "arkforge.fr"
  }
}

The chain hash binds everything together:

chain_hash = SHA256(
    request_hash +
    response_hash +
    payment_intent_id +
    timestamp +
    buyer_fingerprint +
    seller
)

If any field is tampered with after the fact, the chain hash breaks. Anyone can verify it independently — no API key required, just the proof ID.

What Makes This Different

There are agent payment experiments out there. Most are:

• Custodial — a platform holds funds and distributes them
• Pre-funded — agents spend from a deposited balance
• Simulated — test mode only, no real money moves

This transaction is different:

1. Real money. €2.00 moved between two Stripe accounts in live mode.
2. Off-session. No human approved the specific charge. The payment method was saved once; subsequent charges are automatic.
3. Verifiable. The PaymentIntent ID, charge ID, and receipt URL are real Stripe objects. Anyone with a Stripe account can verify pi_3T4yNu6iihEhp9U91nXE5X3a is a real, succeeded payment.
4. Two-party. Seller and buyer are separate Stripe accounts (acct_1Sx8Ps... vs acct_1T4cuj...).
5. Deterministic proof. The SHA-256 chain hash makes the proof tamper-evident without relying on a trusted third party beyond Stripe itself.

Economics

At €2.00 per transaction, Stripe takes ~14% (~€0.28). At €0.50, the fee was ~52%. The fixed component of Stripe's fee (€0.25) means micro-transactions below €2 are economically impractical.

For agent-to-agent payments to work at scale, transaction amounts need to be above this threshold, or batched.

Implications

Agent-to-agent payments unlock a category of applications where AI systems can autonomously consume paid services:

• Compliance scanning — an agent scans repos and pays per scan
• Data enrichment — an agent buys verified data from another agent
• Compute brokering — an agent rents GPU time from a provider's API
• Content licensing — an agent pays to access gated content

The infrastructure exists today. Stripe handles the money. The Trust Layer handles the proof. The agents handle the work.

Current Status

The Trust Layer is running in production. The first service available through it is an EU AI Act compliance scanner that inspects GitHub repositories for AI framework usage and maps findings to risk categories. Free tier available (10 scans/day).

Source and documentation: arkforge.fr/mcp

---

Built by ArkForge. The Trust Layer and EU AI Act scanner are open infrastructure for agent-to-agent commerce.