Autonomous payment should start with registration, not vibes.
Before an agent can spend, OpenPermit registers the mandate scope: payer, delegate, seller, method, chain, token, budget, expiry, revocation.
No registered scope, no autonomous payment.
Smart-account x402 is our default path for generic-agent checkout.
On Base, the agent gets a continuation. OpenPermit checks the mandate, settles x402 in USDC, retries the seller, and records the receipt.
No wallet in the agent context.
A smart account payment should not be accepted just because a header looks signed.
With ERC-1271, the account can validate the payment digest against the mandate before the seller serves the resource.
Contract-level approval. Policy still in the loop.
EIP-7702 is the difference between "here's the wallet" and "here's exactly what you're allowed to do."
OpenPermit keeps the delegate inside a mandate: seller, method, chain, amount, nonce, revocation.
Autonomy without handing over the key.
Agents should not carry hot wallets.
With OpenPermit, a smart account can give an agent constrained authority: allowed seller, resource, chain, token, budget, expiry.
The agent can pay. The user keeps control.
Agent spend should not disappear into a run log.
Every paid request needs a receipt: mandate, seller, resource, amount, policy decision, settlement, delivery.
That is how ops can see what an agent bought, why it was allowed, and whether it was delivered.
Machines do not need your checkout page. They need a protocol response.
For a paid API, 402 Payment Required becomes the quote: price, method, resource, terms.
The agent pays, retries with credentials, and your server verifies before returning data.
Every agent payment should answer two questions:
Who approved this?
What limits were active?
If the seller, amount, resource, or expiry doesn't match the mandate, the payment should not move. OpenPermit puts that permission check before spend.
The best agent payment integration should feel boring.
Wrap fetch once. When a seller returns 402, OpenPermit checks the mandate, handles payment, and retries with credentials.
Normal fetch semantics. Policy in the loop.
Sellers should not need to build a custom checkout for every agent.
With OpenPermit, an API route becomes a paid resource: price, accepted rails, verification, receipt. Unpaid requests get a 402. Paid retries get checked before your endpoint responds.
AI agents don't need bigger wallets. They need smaller permissions.
A useful permit says: $50 max, approved sellers, approved resources, expiry. If anything drifts, deny it.
That's the part OpenPermit cares about: control before payment.
Builders shouldn't have to bolt spend rules onto every agent flow.
OpenPermit gives the agent a permit: allowed sellers, resources, budget, expiry, revocation. The wallet stays behind policy.
Permits, not wallets.