Your Agent spends. You Own the Rules.
Security middleware for AI agents that spend money — hard limits enforced at the smart contract level, USDC x402 micropayment routing, human-in-the-loop policies, and a full audit trail. Built on Base, powered by Locus.
Live Demo · Skill.md · Video Demo · Locus Wallet · Contract
AI agents are spending money on your behalf — but the infrastructure they run on was built for humans, not machines. Give an agent unrestricted access and you lose control. Rely on off-chain guardrails and you're trusting a database that can be changed, bypassed, or go down entirely.
ZenithPay is security middleware for AI agents that spend money. It sits between your agent and every service it pays, enforcing hard limits at the smart contract level — limits that no API call can override and no server outage can remove.
Think of it as a corporate card spend policy for AI agents: per-transaction limits, daily budgets, merchant allowlists, and a human approval queue for anything above your threshold.
Agent Wallet — Every agent gets a real Locus-powered smart wallet on Base. USDC balance, non-custodial, no seed phrases. Agents hold actual funds — not simulated floats.
Spend Policy — Hard limits deployed onchain via Spend Policy contract. No API can override them — even if ZenithPay goes down, the rules hold. Per-transaction cap, daily budget, merchant allowlist. Plus an off-chain approval threshold: payments above it are paused for human review.
Dual Enforcement — Two layers of spending controls working together. Locus off-chain controls (allowance cap, max tx size) + Spend Policy contract onchain enforcement. Both must pass before a single USDC moves.
Payment Router — Agents pay any Locus wrapped API (Exa, Firecrawl, OpenAI) or x402-compatible service directly in USDC. Every payment includes an intent memo — why the agent spent, permanently logged.
Audit Trail — Every payment logged with agent intent, merchant, amount, timestamp, and tx hash. On-chain events + Supabase ledger. Nothing is hidden.
Everything starts from where your agent lives — the terminal, Claude Code, Claude Desktop, OpenClaw, or any MCP-compatible agent.
Copy this command and paste it into your agent:
curl -s https://api.synthesis.usezenithpay.xyz/skill.mdThen tell your agent:
Read this skill and follow the onboarding instructions.
The agent takes over from here.
Step 1 — Check for existing wallet
→ Found: load agentAddress, ready to spend
→ Not found: continue
Step 2 — Create agent wallet
Agent prompts for email → POST /wallet/genesis
→ Locus deploys smart wallet on Base
→ agentAddress returned, stored locally
→ No private key stored by ZenithPay
Step 3 — Activate agent (human required)
Agent outputs:
⚠️ This agent cannot spend yet.
Activate your agent by setting a spend policy:
→ https://synthesis.usezenithpay.xyz/onboarding?agent=0x...
Connect your wallet, set limits, sign the transaction.
Step 4 — Confirm policy is active
Agent calls zenithpay_get_limits()
✅ Agent is ready to spend.
1. Open the link from your agent
2. Connect your wallet (MetaMask or any EVM wallet)
3. Agent address auto-detected from URL
4. Choose a preset: Conservative / Balanced / Open
5. Sign → policy written to SpendPolicy.sol on Base
6. Fund the agent wallet with USDC
7. Return to your agent — it detects the policy and is ready
| Agent (terminal) | Dashboard (browser) | |
|---|---|---|
| Entry | curl skill.md → agent reads and acts |
Deep link from agent → human activates |
| Wallet | Agent prompts email → POST /wallet/genesis | Not here — agent creates it |
| Policy | Agent gives deep link to human | Human signs onchain via SpendPolicy.sol |
| Payments | zenithpay_pay_service() |
Monitor on Overview |
| Approvals | Agent pauses, awaits human | Approve / deny on dashboard |
| Ledger | zenithpay_ledger() |
Full history on Ledger page |
| Under the hood | Same API, same contract | Same API, same contract |
The agent initiates. The human authorizes. SpendPolicy.sol enforces.
1. Agent calls zenithpay_pay_service({ url, maxAmount, intent })
2. Dual policy check:
→ Locus spending controls (allowance + max tx size)
→ SpendPolicy.sol checkPayment() onchain
3. BLOCKED: PaymentBlocked event on Base, reason returned to agent
PENDING: Above approval threshold — queued for human review
APPROVED: Payment executes via Locus
4. Locus wrapped API or x402 payment settles
→ Intent memo logged with every Locus API call
→ PaymentExecuted event on Base
5. Full audit trail: ledger + on-chain events
┌──────────────────────────────────────────────────────────────────────┐
│ Any Agent │
│ Claude Code · Claude Desktop · OpenClaw · Cursor · Codex │
│ │
│ Agent Wallet (USDC on Base via Locus) │
└──────────────┬───────────────────────┬──────────────────┬────────────┘
│ │ │
MCP Server Agent Skill REST API
│ │ │
└───────────────────────┴──────────────────┘
│
zenithpay_pay_service()
│
┌───────────────────────────────────────▼──────────────────────────────┐
│ ZenithPay API │
│ │
│ Wallet │ Payment │ Limits │ Approvals │ Ledger │
└──────┬─────────────────────────────────────────────────┬─────────────┘
│ │
▼ ▼
┌──────────────────────┐ ┌────────────────────────────┐
│ SpendPolicy.sol │ │ Locus │
│ Base Mainnet │ │ Agent Wallet + Payments │
│ │ │ │
│ checkPayment() │ │ sendPayment() │
│ registerAgent() │ │ callWrappedApi() │
│ updatePolicy() │ │ callX402() │
│ │ │ getBalance() │
│ PaymentExecuted │ │ requestCredits() │
│ PaymentBlocked │ │ │
└──────────────────────┘ └────────────────────────────┘
| Contract | Network | Address |
|---|---|---|
SpendPolicy.sol |
Base Mainnet | 0xbc62b94c3d427ac8538cd158cecb8e59556c48f0 |
| Field | Value |
|---|---|
| Standard | ERC-8004 |
| Token ID | #30594 |
| Agent Name | Zenith |
| Agent Harness | Claude Code |
| Model | claude-sonnet-4-6 |
| Participant ID | 5c18243e8b8b4e8c80d6c06406ed3b1b |
| Team ID | 85b195ccf2e6424cb67895f10a27f1de |
| Registration TX | 0x041995...a185 |
| Locus Wallet Address | 0xcadf92...531a9 |
| Locus Owner Address | 0x567362...FF12 |
zenithpay/
├── api/ # Hono + Bun backend
│ └── src/
│ ├── routes/ # pay, limits, ledger, approvals, wallet
│ ├── payment/ # payment orchestration — Locus + x402
│ ├── policy/ # SpendPolicy.sol reads/writes
│ ├── providers/
│ │ └── locus/ # wallet, send, wrapped APIs, x402, credits
│ ├── mcp/ # MCP server + tool definitions
│ ├── middleware/ # auth
│ ├── db/ # Drizzle schema + client
│ └── config/ # chains.ts, contracts.ts
├── contracts/
│ └── src/SpendPolicy.sol # deployed: 0xbc62b94c3d427ac8538cd158cecb8e59556c48f0
├── web/ # Next.js dashboard
│ └── app/
│ ├── dashboard/ # overview, limits, ledger, approvals, settings
│ ├── onboarding/ # agent activation flow
│ └── signin/
├── skill.md # Agent skill — served at /skill.md
├── agent.json # ERC-8004 agent manifest
└── agent_log.json # Autonomous agent decision log
# Prerequisites: Bun (https://bun.sh), Node.js 20+
git clone https://github.com/samueldanso/zenithpay
cd zenithpay
# API
cp api/.env.example api/.env
# Fill in: LOCUS_API_KEY, LOCUS_WALLET_ID, LOCUS_WALLET_ADDRESS,
# LOCUS_OWNER_ADDRESS, LOCUS_OWNER_PRIVATE_KEY,
# DATABASE_URL, ZENITHPAY_API_KEY_SECRET
cd api && bun install && bun run dev
# Web (separate terminal)
cp web/.env.example web/.env.local
# Fill in: NEXT_PUBLIC_API_URL, NEXT_PUBLIC_CHAIN_ID=8453
cd web && bun install && bun run devOpen http://localhost:3000.
# Run contract tests
cd contracts && forge test -vvv
# Run API tests
cd api && bun run test| URL | |
|---|---|
| Dashboard | synthesis.usezenithpay.xyz |
| API | api.synthesis.usezenithpay.xyz |
| Skill | api.synthesis.usezenithpay.xyz/skill.md |
Any agent that supports MCP, REST, or skills can use ZenithPay in under 60 seconds.
Agent Skill (Claude Code, OpenClaw, Cursor, Codex)
curl -s https://api.synthesis.usezenithpay.xyz/skill.mdMCP Server
{
"mcpServers": {
"zenithpay": {
"url": "https://api.synthesis.usezenithpay.xyz/mcp"
}
}
}REST API
POST https://api.synthesis.usezenithpay.xyz/pay
Authorization: Bearer zpk_...| Method | Endpoint | Description |
|---|---|---|
GET |
/health |
Health check |
GET |
/skill.md |
Agent skill file |
ALL |
/mcp |
MCP server (streamable HTTP) |
POST |
/wallet/genesis |
Create agent wallet via Locus |
GET |
/balance |
Wallet balance + Locus allowance + policy |
GET/POST |
/limits |
Read / set spend policy |
POST |
/pay |
Execute policy-gated payment |
GET |
/ledger |
Full audit trail with intent |
GET |
/approvals |
Pending human approvals |
POST |
/approvals/:id/approve |
Approve a pending payment |
POST |
/approvals/:id/deny |
Deny a pending payment |
ZenithPay uses Locus as the agent wallet and payment execution layer:
- Wallet — Locus deploys and manages the agent's USDC smart wallet on Base
- Payment execution —
locus.sendPayment()handles USDC transfers after SpendPolicy.sol approves - Wrapped APIs —
locus.callWrappedApi()gives agents direct access to Exa, Firecrawl, OpenAI — billed per call in USDC - x402 —
locus.callX402()handles open x402 endpoints (AgentCash stablesocial.dev, stableemail.dev) - Spending controls — Locus adds a second enforcement gate (allowance cap, max tx size) on top of SpendPolicy.sol
- Credits — agents can autonomously request more USDC credits when balance runs low
| Layer | Technology |
|---|---|
| Blockchain | Base Mainnet |
| Agent Wallet | Locus — USDC smart wallet on Base |
| Payments | x402 + Locus wrapped APIs |
| Smart Contracts | Solidity 0.8.28 + Foundry |
| Backend | Hono + Bun |
| Agent Protocol | MCP (Model Context Protocol) + skills.md |
| Frontend | Next.js + Tailwind CSS + shadcn/ui |
| Database | Supabase + Drizzle ORM |
| Identity | ERC-8004 |
ZenithPay is Phase 1 of a larger agent payment infrastructure layer. This hackathon establishes the foundation.
- SpendPolicy.sol — onchain enforcement, Base mainnet
- Locus agent wallet — non-custodial USDC on Base
- Dual enforcement — Locus controls + SpendPolicy.sol layered
- Locus wrapped APIs — Exa, Firecrawl, OpenAI pay-per-use
- x402 payment routing — AgentCash services
- MCP server + Agent Skill — any agent framework supported
- Human approval queue for above-threshold payments
- Dashboard — policy, ledger, approvals
- ERC-8004 agent identity
- Guardian-per-agent contract — funds locked inside the contract, not just policy-gated
- Smart accounts + session keys (ERC-4337) — scoped, expiring agent permissions
- ERC-8004 agent trust identity deeper integration
- MetaMask Delegation Framework — human policy approval via browser wallet
- skills.sh —
npx skills add zenithpay/spend-agent
- Agent Card — virtual cards backed by SpendPolicy engine
- Agent Credit — credit lines backed by onchain spend history
- ZenithPay SDK —
npm install zenithpay-sdk - Multi-agent dashboard — manage fleets of agents
- Locus — payment infrastructure that makes this possible
- x402 Protocol — machine-native micropayments
- Base — the blockchain powering ZenithPay
PRs welcome. Open an issue first for significant changes.
MIT