the problem
when an AI agent commits $4,200 to a vendor API, who's liable if the transaction record changes later? the agent can't testify. the logs live in S3 where an admin could edit them.
what mnemopay does
we append every payment decision to a merkle chain before the money moves — that's the MerkleAudit layer. if an agent's memory says it approved $4,200 but the bank sees $42,000, the hash mismatch proves tampering.
it's a two-phase commit: phase one writes the intent + context to the audit chain and returns a receipt hash. phase two sends the payment only if the agent confirms the hash. if anything changes between phases, the hashes won't match and the payment aborts.
why now
MCP servers are proliferating — 180+ in the wild, dozens touch payments. without a standard governance layer, every agent builder reinvents audit trails badly or skips them. we're treating this like database ACID but for money that agents control.
code's at github.com/mnemopay if you're building agent tooling that touches finance.
Top comments (0)