PRODUCT · 03 · PRINCIPAL

Every agent answers to
a real, signed human.

The Principal is the verified human (or service account) the agent acts on behalf of. KYC'd, WebAuthn-signed, scoped to a Company. Every mandate the agent signs cryptographically chains back to a Principal — so "who authorized this" is never ambiguous.

01 · COMPANY

KYB. The legal entity. Holds the bank account, the issuer relationship, the master USDC custody.

02 · PRINCIPAL

KYC'd human (or service account). Holds a WebAuthn key. Authorizes Agents and signs IntentMandates.

03 · AGENT

Software identity. Signs CartMandates and PaymentMandates derived from a Principal's IntentMandate.

What a Principal can do

Sign once. Bind every downstream action.

Authorize agents

Spawn, suspend or delete agents. Each agent inherits a sub-policy from the Principal's master policy.

Sign IntentMandates

Define what the agent may do — vendors, caps, time-bound, geography. Signed with the Principal's WebAuthn key, anchored on Base.

Approve via WhatsApp

Threshold-breaking PaymentMandates ping the Principal on WhatsApp. Tap-to-approve, signature recorded, agent unblocks.

Rotate keys

Lose your laptop? Rotate the WebAuthn credential without invalidating any historical signatures — the trace is anchored, not co-located with the key.

Schema

A Principal, on the wire.

{
  "id": "prn_01J9X3F2K4Z7T9V1Q5N3M8B2H7",
  "company_id": "co_01J9X3F2K4Z7T9V1Q5N3M8B2H6",
  "type": "human",
  "kyc_status": "verified",
  "name": "Avery N.",
  "email": "[email protected]",
  "phone": "+1-415-555-0188",
  "webauthn_credentials": [
    { "id": "cred_…", "device": "iPhone 15 (Face ID)", "added": "2026-04-12" },
    { "id": "cred_…", "device": "MacBook Pro (Touch ID)", "added": "2026-04-12" }
  ],
  "agents": ["ag_…", "ag_…", "ag_…"],
  "policy": {
    "spend_per_day_usd": 12000,
    "approval_required_above_usd": 2500,
    "geofence": ["US", "CA", "GB", "DE"]
  },
  "anchor_tx": "base://0xabc…f01"
}
Verification flow

From signup to signed mandate in 4 steps.

01

Email + KYC

Verify email, then upload an ID. Persona-powered, 30s median.

02

WebAuthn

Bind a passkey on phone + laptop. No password, no SMS, no shared secret.

03

Spawn an agent

Sign the agent's IntentMandate with your passkey. Mandate anchored on Base.

04

Agent transacts

Agent now signs CartMandates and PaymentMandates derived from your IntentMandate.

Tie every agent to a real human.

Spin up a Principal in under 60 seconds. Free to verify, free to sign.

Get started