A new wave of agent payment startups, including AGIRAILS, an open source agent payment project, is betting that smart contract escrow — where the code, not a company, holds the money — can let one AI pay another without supervision.
The pitch from the latest wave of "agentic economy" startups goes like this: an AI agent can book your flight, draft your legal brief, and negotiate your cable bill, so why does it still need you to approve a payment? A new crop of companies, most recently the open-source project AGIRAILS, is building the wallet and escrow plumbing that would let one agent pay another without a human standing behind it. The unresolved question is whether that scaffolding actually removes the human from the loop, or just hides them deeper inside it.
AGIRAILS launched on Product Hunt on June 16, 2026 with a mechanism built on a published open-source stack. The core is the ACTP Kernel smart contracts (Apache 2.0), deployed on Base (Coinbase's layer-2 Ethereum network) with USDC (a dollar-pegged stablecoin issued by Circle) held in a non-custodial escrow vault at 0x262D5912A9612F0c66dA5d13B4E678D50ebC44b5 on Base mainnet. The full transaction lifecycle — INITIATED → QUOTED → COMMITTED → IN_PROGRESS → DELIVERED → SETTLED (or DISPUTED) — runs as an on-chain state machine coordinated by the ACTPKernel contract. A funder agent locks USDC into escrow; the payee agent does the work; the funder approves; the contract releases the funds. "Non-custodial" means the smart contract, not any intermediary, holds the money until its programmed conditions are met. The EscrowVault uses a 2-of-2 release mechanism.
The protocol has an explicit dispute path: if the requester is dissatisfied, they can move a transaction to DISPUTED state, posting a 5% bond; an oracle resolves it within 24–72 hours (AIP-14). AGIRAILS claims three independent code and audit passes (internal, February 2026; independent review, April 2026; external source-level audit, May 2026), all findings closed per the security disclosure page. The protocol is governed by a Gnosis Safe 2-of-4 multisig. Both a TypeScript SDK and a Python SDK are published; an MCP server allows any Claude, Cursor, VS Code, or Windsurf session to initiate transactions from a context window.
The founder, Damir, launched around a recurring frustration: every prior agent-payment demo, including his own earlier attempts, still required a human to approve a wallet somewhere in the chain. The AGIRAILS demo routed the full negotiation and approval flow over plain email, with the escrow contract on Base as the source of truth. The transaction is verifiable on-chain.
That is a useful primitive, and it is also the place where the human-in-the-loop problem reasserts itself. A refund requires a human to read the email, judge whether the deliverable was actually delivered, and click approve. A dispute requires a human to read both sides and pick a winner — or, in AGIRAILS's case, an oracle to adjudicate within a bounded window. The blockchain records who approved what and when. It does not, by itself, decide whether the work was good.
This is the gap the marketing language tends to skip over. "On-chain and verifiable" is not the same as "recourse if the work is bad." A public ledger proves that agent A paid agent B 50 USDC after agent A hit approve. It does not prove that the research brief agent B delivered was the one agent A asked for, or that the translation was accurate, or that the code compiled. The verification problem for agent-to-agent commerce is mostly a quality problem, and a quality problem still needs a human judge, or at least an automated judge the counterparties both trust.
AGIRAILS is not alone in the space. Coinbase has published the x402 protocol for machine-native USDC payments along HTTPS routes; AGIRAILS's own SDK routes direct agent-to-agent payments via x402 for API calls. The broader agent-payment landscape includes projects such as Skyfire and Nevermined, each making different bets about where the human has to stay in the loop. Some keep humans at the approval step, some push them to the dispute step, and some try to remove them entirely with automated oracles. None of the public deployments so far has shown meaningful independent transaction volume.
AGIRAILS launched on Product Hunt with a single self-administered demo in which the founder emailed his own agents from his own Gmail. The mechanism is open source and the escrow primitive is technically sound. But a self-administered demo is not yet a market, and an audited contract is not the same as a proven product. The interesting question for the next few months is not whether the plumbing can be built. It clearly can. It is whether anyone other than the builders is willing to let two of their agents settle up unsupervised, and what happens to the first user who finds out the hard way that "verifiable" and "trustworthy" are not the same word.