APL evaluates in-process — no network call. Every outcome is hash-chained and optionally anchored to Solana devnet.
treasury-agent.apl v1.0.0This demo runs entirely in your browser. In production, every decision — APPROVE, DENY, or REVIEW — is hash-chained and anchored to Solana devnet.
Every financial decision passes through this stack. In order. Deterministically.
Tries to send USDC, call a DeFi protocol, or pay an HTTP 402 invoice.
Evaluates the .apl policy file. No LLM. No network call. Pure deterministic evaluation in <10ms.
APPROVE / DENY / REQUIRE_APPROVAL returned. SHA-256 hash chains to the previous decision. Tamper-proof sequence.
Decisions are written to the Solana Memo program asynchronously. $0.00025 per anchor. 400ms finality. Tamper-evident, independently verifiable.
Total: APL eval + network overhead = <300ms. Solana anchor is async — never blocks the agent.
These are the failure modes of autonomous agents that move money without an enforcement layer.
AI agent routes a $47,000 transfer to a newly-sanctioned wallet. Transaction confirms. OFAC fine follows.
Intaglio evaluates the destination against the sanctions list before execution. DENY returned in 11ms. Transfer never happens.
DeFi agent opens a 50x leveraged position because the LLM interpreted 'maximize yield' too aggressively.
Policy file says max_leverage: 10. Intaglio returns DENY before the instruction reaches the protocol. Max loss: zero.
EU regulator requests 2-year audit log of all AI financial decisions. You reconstruct from scattered database tables that could have been altered.
Every decision is hash-chained and anchored to Solana. Regulator-verifiable, tamper-proof, exportable to PDF in one click.
AI payroll agent processes 300 contractor payments overnight. One contains a typo in the amount field. $300,000 instead of $3,000.
Policy says REQUIRE_APPROVAL for any single payment above $50,000. Human reviews. Catches the error. $297,000 saved.
Author an .apl file declaring allowed rails, spend limits, approval thresholds, and logging obligations. Human-readable. Auditor-verifiable.
Before every agent financial action, Intaglio returns APPROVE, DENY, or REQUIRE_APPROVAL in <300ms. No LLM in the enforcement path. Deterministic.
Every decision is hash-chained and its signature anchored to Solana. Tamper-proof. Regulator-verifiable. Exportable to PDF in one click.
Connect your wallet. Set limits in 60 seconds. Your AI can never spend beyond what you allow. Get started free →
APL (Agent Policy Language) is an open specification for declaring what an AI agent is and is not allowed to do with money. Write it once. Attach it to any agent framework. Every decision is evaluated deterministically — no LLM interpretation, no prompt injection risk.
policy treasury-agent v1.0.0
agent treasury-bot-01
operator acme-gmbh
scope {
rails [x402 solana-pay]
currencies [USDC USDT]
}
limit {
per_transaction { value 10000 currency USDC }
per_day { value 50000 currency USDC }
}
require {
human_approval_above { value 5000 currency USDC }
deny_if_sanctioned true
deny_if_destination NOT_IN whitelist.json
}
obligation {
log_to solana:devnet
retention 7y
# MiCA Art. 68 — immutable audit trail requirement
}The compliance layer every AI agent runs on. Not a guardrail. Not a wallet. The enforcement layer. None of them enforce policy before execution with an auditable open standard.
Observable, not enforceable. Has no deny() primitive. If the LLM decides to send $500k to a blacklisted address, LangChain executes it.
Policy is your system prompt. Prompt injection bypasses every rule. Your compliance officer cannot audit a system prompt.
Built for content moderation, not treasury operations. Zero financial transaction logic. No APPROVE/DENY for monetary transfers.
Gives AI agents the keys to your wallet. Policy enforcement is explicitly out of scope. Spending limits are your problem.
Enterprise API gateway — Agent Personas launched Apr 28 2026. Plain-English rules map to tool-level permissions. No on-chain audit. No open spec. No MiCA. Enterprise-only pricing.
Gartner 'Company to Beat' for AI governance. Strong observability — discovers shadow AI agents across your org. No financial transaction enforcement. No Solana. No open APL spec. Requires enterprise contract.
Open-source, OWASP 10/10 coverage, <0.1ms enforcement. Strong general governance. No on-chain audit — tamper-evident requires trusting Microsoft's infrastructure. No MiCA-specific compliance. No financial transaction logic.
Issues agents a card with a spend cap. No pre-execution semantic policy — structural controls only (MCC blocks, spend limits set at provisioning). No per-action OFAC screening: sanctions check is account-level only. Agent guardrails: Q4 2026 private preview, not shipped. Compliance audit = transaction log, not policy decision record. No MiCA Art. 68. No open spec auditors can read.
Open APL spec (CC-BY-4.0). Deterministic enforcement before execution. Solana-anchored audit trail — no trust required, regulator-verifiable forever. MiCA Art. 68 templates included. Free self-hosted tier.
Every AI agent operator processing financial transactions in Europe is affected. Intaglio is the only open-standard solution that addresses these requirements today.
| Requirement | Intaglio | Alternatives |
|---|---|---|
| MiCA Art. 68 — AI decision audit trail | ✓ Yes | ✗ No |
| EU AI Act Art. 12 — high-risk system logging | ✓ Yes | ✗ No |
| DORA — financial system resilience records | ✓ Yes | ✗ No |
| OFAC sanctions list enforcement | ✓ Yes | ✗ No |
| Tamper-proof on-chain record | ✓ Yes | ✗ No |
| Open standard (auditor-readable policy) | ✓ Yes | ✗ No |
| Deterministic (no LLM in enforcement path) | ✓ Yes | ✗ No |
| Human approval workflow | ✓ Yes | ✗ No |
Every Intaglio decision is anchored to Solana devnet. Here is why that choice is not arbitrary.
Stablecoin Payments
x402 is the HTTP payment protocol for AI agents. Without enforcement, your agent pays any HTTP 402 request automatically — no questions asked. Intaglio wraps x402: the policy check runs before any payment executes — in-process APL eval in <10ms, under 300ms end-to-end.
Without Intaglio
// Agent pays automatically // No policy check // No audit trail // No human override const result = await x402.pay(invoice) // ← could be $50,000 // ← could be sanctioned wallet // ← could be fraud
With Intaglio
// Policy check runs first (<10ms)
// Only pays if policy says APPROVE
const decision = await intaglio.enforce({
amount: invoice.amount,
destination: invoice.payTo,
})
if (decision.outcome === 'APPROVE') {
await x402.pay(invoice) // ← safe
}
// DENY = blocked + hash-anchored
// REQUIRE_APPROVAL = queued for human<10ms
Enforcement latency
does not slow x402 flow
100%
Payment blocked
when policy says DENY
Every payment
Audit record
hash-anchored to Solana
Every plan includes the APL engine, hash-chained audit records, and the operator dashboard.
Free
Try Intaglio. No credit card.
Starter
For teams shipping AI agents.
Pro
For growing agent fleets.
Enterprise
Custom decision volume, VPC / on-premise deploy, custom compliance modules, dedicated support.
APL engine (MIT), hash-chain audit, operator dashboard, Solana devnet anchoring.
PDF audit export, MiCA Art. 68 templates, webhook notifications, Slack integration.
Multi-rail support (x402, MPP, AP2), team RBAC, sanctions list auto-update.
Standards body donation, third-party audit, ISO 42001 mapping, mainnet anchoring.
Try the live demo. Read the spec. Deploy in 10 minutes.