Make receipt verification safe for AI agents.
v6.5 defines how an AI agent should request payment verification without receiving secrets, overbroad data, or unsafe unlock authority.
Agent-ready does not mean agent-controlled money movement. It means bounded, auditable, fail-secure receipt verification that an AI agent can safely consume.
30-Second v6.5 Summary
SafeGate agent-ready verification means: agent asks → SafeGate verifies → bounded response returns → audit event is recorded → unsafe states fail secure.
1. Why Agent-Ready Comes After Audit Trail
An AI agent should not be trusted just because it asks for access. SafeGate must first have audit trail, edge-case behavior, safe error handling, rate-limit direction, and privacy boundaries.
v6.0 to v6.4 created that foundation. v6.5 defines how agents can use receipt verification without bypassing the trust layer.
2. Agent Verification Flow
Agent Requests Verification
The agent sends a receipt ID and limited context. It does not send or receive backend secrets.
SafeGate Validates Input
Receipt format, known record, merchant boundary, and request scope are checked.
SafeGate Verifies State
Payment state, receipt proof, access state, and merchant evidence are checked server-side.
Bounded Response Returns
The agent receives only what it needs: result, code, state, boundary, and next allowed action.
Audit Event Is Recorded
Every agent verification request becomes an audit-relevant event.
Unsafe State Fails Secure
Invalid, ambiguous, replay-like, unauthorized, or rate-limited requests do not unlock access.
3. Proposed Agent Request Envelope
{
"agentId": "agent_demo_001",
"agentType": "merchant_assistant",
"intent": "verify_receipt",
"receiptId": "SG-RCPT-1781465776152",
"requestedAction": "confirm_access_state",
"merchantContext": "demo_merchant",
"requestMode": "agent_ready_direction",
"mustNotReceive": [
"backend_secret",
"service_role_key",
"wallet_passphrase",
"raw_provider_payload",
"private_user_data"
]
}
4. Proposed Agent-Safe Success Response
{
"ok": true,
"statusCode": 200,
"code": "AGENT_RECEIPT_VERIFIED",
"receiptId": "SG-RCPT-1781465776152",
"orderId": "TP-DEMO-273551",
"network": "Pi Testnet",
"verification": {
"paymentState": "PAYMENT_FINALIZED",
"receiptProof": "CREATED",
"accessState": "UNLOCKED",
"merchantRecord": "FOUND"
},
"allowedAgentAction": "CONFIRM_ACCESS_DELIVERED",
"blockedAgentActions": [
"CREATE_PAYMENT_CLAIM",
"BYPASS_ACCESS_CONTROL",
"REQUEST_SECRET",
"OVERRIDE_MERCHANT_RECORD"
],
"auditEvent": {
"eventType": "AGENT_RECEIPT_VERIFIED",
"actorType": "ai_agent",
"result": "OK",
"safeBehavior": "CONTINUE",
"createdAt": "mock_timestamp"
},
"boundaries": {
"productionPublicApiClaim": false,
"productionApiKeyIssued": false,
"backendSecretExposed": false,
"piMainnetSettlementClaim": false
}
}
5. Bad Agent / Unsafe Request Handling
| Agent Behavior | Response Code | Safe Behavior | Audit Event |
|---|---|---|---|
| Agent asks for backend secret | 403 AGENT_ACTION_FORBIDDEN | Deny secret access | AGENT_SECRET_REQUEST_BLOCKED |
| Agent probes unknown receipt IDs | 404 RECEIPT_NOT_FOUND / 429 RATE_LIMITED | No enumeration hints; throttle if repeated | AGENT_RECEIPT_PROBING_DETECTED |
| Agent retries same receipt too aggressively | 409 DUPLICATE_OR_REPLAY_ATTEMPT | Preserve state; no new unlock | AGENT_REPLAY_ATTEMPT |
| Agent asks to override access control | 403 AGENT_ACTION_FORBIDDEN | Block override | AGENT_ACCESS_OVERRIDE_BLOCKED |
| Payment state is ambiguous | 503 VERIFICATION_AMBIGUOUS | Fail secure; no unlock | AGENT_VERIFY_AMBIGUOUS_FAIL_SECURE |
| Internal error occurs | 500 INTERNAL_ERROR_SAFE | No stack trace, no secret, no unlock | AGENT_VERIFY_INTERNAL_ERROR_SAFE |
6. Agent Policy Rules
Least Data
Agent receives only the minimum fields required for verification outcome.
No Secret Access
Agent never receives service role keys, API keys, tokens, wallet passphrases, raw provider payloads, or internal logs.
No Autonomous Override
Agent cannot override access state, merchant record, receipt proof, or payment status.
Fail Secure
Ambiguous, delayed, replay-like, unauthorized, or suspicious requests do not unlock access.
Rate-Limited
Agent requests should be scoped by agent ID, merchant, API key, receipt ID, and behavior pattern.
Audit-Logged
Every agent verification request and blocked action becomes a minimal audit event.
7. Agent-Ready Does Not Mean Production API
This page defines agent-ready direction. It does not claim a production public API or unrestricted AI access.
Agent-ready means SafeGate can define how AI agents should consume verification safely within bounded contracts, rate limits, audit trails, and privacy rules.
8. V6 Progression
v6.0 Audit Trail Planning
v6.1 Endpoint Direction
v6.2 Edge Case Plan
v6.3 Evidence Timeline
v6.4 Security Hardening
v6.5 Agent-Ready Direction
Current stage: AI agent receipt verification boundaries.
9. Public Boundary
SafeGate v6.5 is a public direction page. It does not claim a production public API, does not issue real API keys, does not create production merchant accounts, does not expose backend secrets, and does not claim Pi Mainnet settlement proof.
Current evidence remains Pi Testnet controlled post-payment trust flow.