Open-source financial authority layer for AI agents
Sardis lets agents transact only through signed mandates, deterministic policy checks, approval paths, revocation, and audit evidence before any wallet, card, stablecoin, payment API, or provider rail is used.
Website Β· Manifesto Β· Docs Β· Playground Β· Enterprise
Sardis is the open-source financial authority layer for AI agents. It sits between autonomous agents and money-moving systems so every consequential financial action is checked against a mandate, policy decision, approval path, revocation path, and audit packet before execution.
Sardis is not a card wrapper, prepaid wallet, or rail-specific payment app. It governs the authority to spend across stablecoin wallets, card programs, fiat payment APIs, x402-style HTTP payments, AP2/TAP mandates, provider-hosted wallets, and simulator rails.
The core primitive is verifiable authority before an agent can spend, subscribe, purchase, refund, settle, or trigger paid usage. Customers can bring their own providers; Sardis enforces the authority layer above them without needing to custody funds or become the merchant of record.
The deeper thesis is that agents do not just have a capability problem; they have a trust problem. Sardis treats money as the sharpest version of a broader substrate problem: how non-human actors perform consequential actions with explicit authority, reviewable state transitions, and durable evidence.
| Layer | Open source | Hosted / commercial |
|---|---|---|
| Authority model | Mandates, policies, approvals, revocation, audit packets | Same semantics with managed org, RBAC, SSO, retention, and support |
| Provider execution | Adapter interfaces, simulator, BYO credentials | Managed credential vault, webhook handling, alerts, provider routing |
| Developer surface | SDKs, MCP server, examples, protocol adapters | Hosted dashboard, approval inbox, compliance workflows, audit export |
Read the boundaries:
# MCP Server (Claude, Cursor, ChatGPT)
npx @sardis/mcp-server start
# Python SDK
pip install sardis
# TypeScript SDK
npm install @sardis/sdk
# LangChain
pip install sardis # Uses sardis-sdk under the hood
# CrewAI
pip install sardis # Compatible with CrewAI tools
# OpenAI Functions
pip install sardis # Use with OpenAI function calling
# Gemini / ADK
pip install sardis # Compatible with Google AI SDKs
# Vercel AI SDK
npm install @sardis/ai-sdkAI agents can draft invoices, call paid APIs, buy tools, book travel, issue refunds, subscribe to services, and interact with merchants. The missing layer is not only "payments." It is the authority system that decides whether the agent was allowed to do the financial action in the first place.
Sardis provides:
- Mandates -- who delegated authority to the agent, for what scope, under which limits.
- Policy firewall -- deterministic checks before execution or signing.
- Approvals -- step-up flows for high-risk, high-value, or ambiguous actions.
- Revocation -- stop future execution when authority changes.
- Provider adapters -- route approved actions to wallets, cards, stablecoins, payment APIs, or simulators.
- Audit packets -- immutable evidence for operators, customers, partners, and reviewers.
Sardis can route approved actions to provider adapters. Live-money deployments depend on the configured provider account, jurisdiction, compliance program, and customer policy.
| Feature | Status | Description |
|---|---|---|
| Spending Policy Engine | Implemented | Deterministic NL-to-policy, atomic spend tracking |
| AP2 Mandate Verification | Implemented | Full mandate chain verification with evidence |
| Provider Adapter Model | Implemented | Rail-agnostic execution contract and simulator-first semantics |
| Policy Attestation API | Implemented | Signed attestation envelopes with Ed25519 |
| PreExecutionPipeline | Implemented | Composable hook chain with fail-closed defaults |
| Hosted Checkout | Pilot | Merchant checkout flows with session security |
| ERC-8183 Agentic Jobs | Pilot | On-chain job escrow (conservative caps: 1% fee, USDC-only) |
| x402 Protocol | Pilot | HTTP-native micropayments |
| Card Provider Adapters | Pilot | Provider-backed virtual card execution behind explicit capability checks |
| Stablecoin Provider Adapters | Pilot | Provider-backed stablecoin execution behind explicit capability checks |
| Multi-chain (Polygon, Arbitrum) | Experimental | Chain routing implemented, not production-tested |
| UCP MCP Transport | Experimental | Partial implementation |
| FIDES Trust Graph | Experimental | DID-based trust federation |
Status key: Implemented = code and tests exist in the public repository. Pilot = functional with conservative limits and active hardening. Experimental = code exists, not production-tested.
- Provider-neutral authority layer -- govern cards, wallets, stablecoins, payment APIs, x402, AP2, TAP, and simulator rails
- Mandates and spending policy -- "Max $50/tx, $200/day, SaaS vendors only"
- Pre-execution policy firewall -- fail-closed checks before signing, issuing, paying, refunding, or settling
- Approval and revocation flows -- step-up before risky actions, kill switch when authority changes
- Provider adapter contract -- capability declarations, idempotency, signed webhooks, revocation windows, audit fields
- 15+ AI framework integrations -- LangChain, CrewAI, OpenAI Agents, Claude SDK, Google ADK, A2A, AgentKit, Vercel AI SDK, MCP, and more
- Agent-to-agent escrow -- Cryptographic mandate chain for A2A payments
- KYA (Know Your Agent) -- Trust scoring and behavioral anomaly detection
- Double-entry audit ledger -- Append-only transaction history with cryptographic proofs
- Protocol support -- AP2 and TAP (production), x402 (pilot), UCP and A2A (partial)
from sardis import Sardis
sardis = Sardis(api_key="sk_...")
result = sardis.payments.create(
agent_id="agent_abc",
amount="50.00",
token="USDC",
recipient="merchant@example.com"
)
print(f"Payment: {result.tx_hash}")import { SardisClient } from '@sardis/sdk';
const client = new SardisClient({ apiKey: 'sk_...' });
const agent = await client.agents.create({ name: 'my-agent' });
const wallet = await client.wallets.create({
agent_id: agent.agent_id,
currency: 'USDC',
limit_per_tx: '100.00',
});
const tx = await client.wallets.transfer(wallet.wallet_id, {
destination: '0x...',
amount: '25.00',
token: 'USDC',
chain: 'base_sepolia',
domain: 'openai.com',
});Add to your claude_desktop_config.json:
{
"mcpServers": {
"sardis": {
"command": "npx",
"args": ["@sardis/mcp-server", "start"]
}
}
}That's it. Your agent now has a bounded financial authority surface instead of unconstrained payment access.
| Framework | Package | Install |
|---|---|---|
| MCP (Claude, Cursor, ChatGPT) | @sardis/mcp-server |
npx @sardis/mcp-server start |
| LangChain | sardis |
pip install sardis |
| CrewAI | sardis |
pip install sardis |
| OpenAI Functions | sardis |
pip install sardis |
| Gemini / ADK | sardis |
pip install sardis |
| Vercel AI SDK | @sardis/ai-sdk |
npm install @sardis/ai-sdk |
| Claude Agent SDK | sardis |
pip install sardis |
| LlamaIndex | sardis |
pip install sardis |
| Mastra | @sardis/sdk |
npm install @sardis/sdk |
All frameworks use the same policy engine, mandate model, provider adapters, and audit semantics.
Every financial action follows a single authority path before execution. There are no alternative code paths that bypass policy checks.
AI AGENT
(Claude, Cursor, LangChain, OpenAI)
|
MCP / SDK
|
βββββββββββββββ΄ββββββββββββββ
β FinancialActionOrchestratorβ
β (single entry point) β
βββββββββββββββ¬ββββββββββββββ
|
βββββββββββββββ΄ββββββββββββββ
β PreExecutionPipeline β
β β
β Composable hooks: β
β - Policy evaluation β
β - Spend tracking β
β - Dedup check β
β - Compliance gate β
β - KYA trust scoring β
β β
β Fail-closed: any hook β
β failure blocks the tx β
βββββββββββββββ¬ββββββββββββββ
|
βββββββββββββββ΄ββββββββββββββ
β PROVIDER ADAPTER β
β Cards / wallets / APIs β
βββββββββββββββ¬ββββββββββββββ
|
+βββββββββββ΄ββββββββββ+
| |
Stablecoin Rails Fiat / Card Rails
Wallet providers Payment providers
x402 / AP2 / TAP BYO provider acct
| |
βββββββ΄ββββββ ββββββ΄βββββ
β LEDGER β β LEDGER β
β Append β β Append β
β Only β β Only β
βββββββββββββ βββββββββββ
Key design principles:
- Fail-closed -- Default deny on all policy, compliance, and security checks
- Provider-neutral -- Sardis governs execution without requiring one custody, wallet, card, or payment provider
- Audit everything -- Append-only ledger with signed attestation envelopes for every decision
sardis/
βββ packages/ # Core monorepo packages
β βββ sardis-core/ # Domain models, config, database
β βββ sardis-api/ # FastAPI REST endpoints
β βββ sardis-chain/ # Blockchain execution, chain routing
β βββ sardis-protocol/ # AP2/TAP protocol verification
β βββ sardis-wallet/ # Wallet management, MPC
β βββ sardis-ledger/ # Append-only audit trail
β βββ sardis-compliance/ # KYC (iDenfy) + AML (Elliptic)
β βββ sardis-cards/ # Card provider adapter experiments
β βββ sardis-mcp-server/ # MCP server for Claude/Cursor
β βββ sardis-sdk-python/ # Full Python SDK
β βββ sardis-sdk-js/ # TypeScript SDK
β βββ sardis-cli/ # Command-line tool
β βββ sardis-checkout/ # Merchant checkout flows
βββ sardis/ # Simple Python SDK (public interface)
βββ contracts/ # Solidity smart contracts
β βββ src/
β βββ SardisWalletFactory.sol
β βββ SardisAgentWallet.sol
β βββ SardisEscrow.sol
βββ apps/
β βββ dashboard/ # React admin dashboard
β βββ landing/ # Public website
β βββ canvas-site/ # Technical canvas source
βββ playground/ # Interactive demo sandbox
βββ examples/ # Usage examples
βββ demos/ # Demo applications
βββ docs/ # Public technical documentation
βββ tests/ # Integration tests
- Getting Started Guide β First payment in 5 minutes
- API Reference β Complete endpoint documentation
- MCP Server Setup β Claude Desktop integration
- Policy Language β Write spending rules in plain English
- Chain Support β Supported networks and tokens
- Framework Guides β LangChain, OpenAI, Vercel AI SDK
- Security Model β MPC architecture and threat model
- Compliance β KYC/AML/SAR framework
- Examples β Code samples for all frameworks
We welcome contributions! Please see our Contributing Guide for details.
Quick contribution checklist:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature - Make your changes with tests
- Run the test suite:
uv run pytest tests/ - Submit a pull request
Development setup:
# Clone the repository
git clone https://github.com/EfeDurmaz16/sardis.git
cd sardis
# Install dependencies
uv sync
# Run tests
uv run pytest tests/
# Start local API server
uvicorn sardis_api.main:create_app --factory --port 8000- Website: sardis.sh
- Documentation: docs.sardis.sh
- Playground: sardis.sh/playground
- GitHub: github.com/EfeDurmaz16/sardis
- Discord: discord.gg/XMA9JwDJ
- PyPI: pypi.org/project/sardis
- npm: npmjs.com/package/@sardis/mcp-server
- Context7 Docs: context7.com/efedurmaz16/sardis
The public repository is licensed under the terms in LICENSE. See OPEN_CORE.md for the product boundary between the open-source authority layer and the hosted Sardis Cloud operations layer.
The intended split is:
- Open source -- mandate semantics, policy evaluation, provider interfaces, simulator providers, SDKs, protocol adapters, examples, and audit schemas.
- Hosted / commercial -- dashboard, RBAC/SSO, approval inbox, managed provider credentials, webhook operations, compliance workflows, audit retention, alerts, and support.
Sardis -- Open-source financial authority for AI agents
Mandates | Provider Adapters | Approvals | Revocation | Audit
Built for the AI agent ecosystem
Β© 2026 Efe Baran Durmaz