Agentic commerce doesn't fail because agents can't pay. It fails because they can't be trusted or stopped. The agent catalog is pay-and-hope: a couple hundred anonymous listings and no way to check who you're paying. We built the other thing. A real merchant an agent can verify before spending anything, with a decline that fires before money moves, a kill switch that provably works, and receipts on-chain.
Trust and stopping are not slogans here. They are two behaviors you can read off a receipt. Both are shown below exactly as they happened.
An agent tried to spend more than it was allowed. The transaction stopped before any money moved. Escalation is not just a brake: it means a human mints a scoped credential, which is governance that enables bigger commerce, not only blocks small ones.
A second decline fired the same way against the $9.99 company-scan on 2026-07-03. See it in the Ledger ›
A credential's whole life in one line: born, it enables commerce, then it dies. Revocation is live, the revocation surface is public and pollable by anyone, and every verification path rejects a revoked credential.
Poll the revocation surface yourself: the verifier playground ›
This is the only place on the site the stack is explained in full. Every other page, and every episode, links here. Read left to right: each document derives its authority from the one before it, and each is signed and checked live at the moment of a transaction, not cached.
The constraints are not settings in a config file. They are encoded in the agent's identity, so the same document that defines who she is defines what she may spend. The full credential formats, the SD-JWT internals, the eight constraint types, and the verify endpoints all live in the developer guide.
Point the verifier at our agents and watch it walk the chain in real time. Inspect a live credential, or run our credentials through the reference verifier yourself.
Figures as of July 2026; live counts on the playground.
Discovery traffic is real and being indexed; paid external demand is still zero. Listing is not traction, and we won't pretend otherwise. Live counts on the playground.
A governed agent bought from an external vendor with zero human approvals.
Episode 2 · March 22, 2026Buy inputs, enhance them, sell the outputs, both sides on one chain.
Episode 3 · March 22, 2026We bought from ourselves, on purpose, and the rail rejects genuine self-dealing.
Episode 4 · March 29, 2026Nell's chain on a public registry, verifiable before a transaction.
We built a working VI server the week the draft interoperability spec published. Our credentials verify unmodified under the reference verifier: Mastercard's reference implementation accepts our credentials, and that compatibility is enforced in CI, so it can't quietly regress. Read that claim precisely: it is acceptance under a reference implementation, not an endorsement or a partnership.
The two behaviors above, the decline and the kill switch, are the human oversight story that Article 14 asks for. The clock also moved: under the adopted Digital Omnibus, high-risk obligations (Articles 8 to 17 and 26) are deferred to December 2, 2027 for Annex III systems and August 2, 2028 for Annex I embedded systems. Article 50 transparency obligations remain August 2, 2026. The point is simple: start the conformance record now and walk into December 2027 with eighteen months of evidence already in hand.
The chain is the chain.