IntentRails is the runtime policy and tripwire layer for B2B AI agent fleets. PASS, TRIP, or HALT before money moves — composing with Ramp, Stripe Issuing, Lithic, and x402.
Built for emerging standards
Pick a task, watch the agent propose a spend, and see whether the FCB returns PASS, TRIP, or HALT before your issuer is involved.
Agent task
Ops lead
Procurement agent
agent.propose() → intentrails.evaluate() → rail.execute()
Runtime evaluation
Scoped cards and tokens are necessary. The missing layer is runtime trust — one policy engine that evaluates intent, fleet velocity, and cumulative drift before any rail moves money.
Corporate card programs — Ramp Agent Cards, Stripe Issuing, Lithic — enforce amount, merchant, and MCC at authorization, one card at a time.
No fleet view — fifty agents can each spend up to the daily cap; cumulative exposure still blows the budget.
Authorize-time only — AP2 mandates prove what was signed at setup; they do not ask "should this fire right now?"
Single-rail lock-in — finance teams on Ramp cannot reuse the same policy layer for x402 micropayments or a second issuer.
Fiduciary Circuit Breaker sits between your agent and your issuer — deterministic PASS / TRIP / HALT in under 50ms, with an AP2-shaped RiskPayload for audit.
Fleet tripwires — velocity, cumulative caps, merchant allowlists, and authority scope across every agent in the fleet.
Pre-settlement gate — block rogue spend before your issuer or x402 rail executes the payment.
Issuer-agnostic — same policy layer for Ramp, Lithic, Stripe Issuing, and agent micropayments on x402.
Rail builders are making agent payments possible. IntentRails focuses on the buyer-side control layer that decides whether an agent should spend now.
One-time delegated cards make the agent payment experience legible. IntentRails keeps that clarity but shifts from consumer wallet flow to B2B fleet policy.
Agent Cards validate corporate agent spend. The open wedge is fleet-level velocity, cumulative exposure, and cross-rail runtime policy.
The propose, verify, execute pattern is the right mental model. IntentRails applies it specifically to buyer mandates before payment execution.
Agentic commerce protocols are moving quickly. A neutral trust layer helps buyers avoid rebuilding policy every time rails or protocols change.
Not consumer travel bots or card issuers — platforms where agents buy cloud, SaaS, data, or vendor services on behalf of business customers.
Sandbox platforms and agent orchestrators turning copilots into transactors on corporate budgets.
Teams whose agents buy cloud, SaaS, or vendor services — need fleet caps beyond per-card limits.
Already on Ramp, Lithic, or Stripe Issuing — want one runtime trip layer across cards and x402.
IntentRails sits between your agent orchestrator and whatever moves money — card issuer, x402, or AP2 mandate flow.
Your B2B agent calls IntentRails with the proposed payment — amount, merchant, rail, and the scoped mandate or corporate policy it claims to satisfy.
Deterministic policy checks run in milliseconds — velocity, cumulative spend, merchant allowlists, authority scope. TRIP escalates; HALT blocks before money moves.
On PASS, your platform uses its existing stack — Ramp Agent Card, Lithic virtual card, Stripe Issuing, or x402 — with IntentRails audit trail and AP2 RiskPayload attached.
Ramp proves finance teams need agent spend controls. IntentRails standardizes the runtime trip layer across issuers and rails — the AP2 Risk field incumbents will not unify.
Keep your corporate card program. IntentRails evaluates first; your issuer executes on PASS.
Same policy engine for agent API spend — daily caps, velocity trips, merchant allowlists on-chain or off.
Procurement bots, DevOps agents, and agent marketplaces — turn read-only copilots into safe transactors.
Mandates prove authorization — IntentRails adds runtime risk control and audit on top of each protocol.
Compatible with Google's Agent Payments Protocol — including RiskPayload extensions for runtime tripwires (AP2 #163).
Composable with Mastercard Verifiable Intent — cryptographic proof of delegated authority; FCB decides whether to fire now.
Aligned with FIDO Alliance agentic payment work — audit-friendly RiskPayload records for compliance and dispute evidence.