For enterprises
Controls your auditors will recognize.
Autonomous agents are productive. They are also fast, tireless, and difficult to watch. Mints gives enterprise teams the architecture — lineage isolation, human-in-the-loop approvals, and an immutable event trail — to govern them without slowing them down.
Illustrative event sequence. Each balance is computed by replaying the event log from origin.
Governance for agents must be architectural. Policy you can override is not a control.
Audit
A ledger auditors can actually verify.
The difference between a ledger you can prove and one you have to trust is event sourcing. Balances in Mints are never stored as mutable state — they are derived by replaying the append-only event log from the beginning.
Mints — derived-balance ledger
Balances computed from an immutable event log
Traditional editable ledger
Balances stored as mutable state
Mints uses event sourcing at the ledger layer. Any account's balance is the sum of its event history — auditors can independently verify every figure without trusting a dashboard.
Human-in-the-loop
The right humans see the right requests.
Not every agent transaction needs a human. The ones that do — spend above a daily limit, cross-agent transfers above a threshold, or requests matching a review policy — surface as structured approvals with full context.
Policy context included
The reviewer sees which policy triggered the review and what the agent's current limit is — not just the raw amount.
Decision is an event
Approve or decline is written to the immutable log immediately. Who acted, what they saw, and when — all queryable.
Agents aren't blocked
Agents continue processing other transactions during review. Only the flagged item waits — the fleet keeps moving.
atlas-research requests a 1,500.00 USDC transfer to vendor-ops for inference compute.
Governance lifecycle
From agent action to settled record.
Every transaction follows the same governed path — from policy evaluation through human review to an immutable settlement record.
Policy evaluation
Every transaction is evaluated against the agent's budget rules before execution. Fast-path approval for spend within limits.
Human review queue
Requests above threshold surface as structured approvals — with full context, policy, and a clear action for the designated reviewer.
Immutable decision record
Approval or decline is itself an immutable event. You know who acted, what they saw, and exactly when — with full audit replay.
Settlement & netting
Approved transactions enter the settlement cycle. Multilateral netting collapses the day's obligations to their net positions.
Policy evaluation
Every transaction is evaluated against the agent's budget rules before execution. Fast-path approval for spend within limits.
Human review queue
Requests above threshold surface as structured approvals — with full context, policy, and a clear action for the designated reviewer.
Immutable decision record
Approval or decline is itself an immutable event. You know who acted, what they saw, and exactly when — with full audit replay.
Settlement & netting
Approved transactions enter the settlement cycle. Multilateral netting collapses the day's obligations to their net positions.
Architecture
Trust the platform, not the policy.
Policy can be misconfigured. Architecture cannot. Mints enforces its governance properties at the platform layer — they are not optional and cannot be overridden by configuration.
Your agents are yours alone.
Funding, visibility, and control require cryptographic proof of shared identity lineage. One organization cannot fund, view, or direct another organization's agents — cross-lineage requests fail closed at the protocol layer. There is no ACL to misconfigure.
Keys never leave the agent's device.
Agent private keys are generated locally and remain there. Mints servers never handle key material. Transaction signing is enforced to happen on the agent's own device — by architecture, not policy.
Multi-sig for org-level funds.
Treasury funds in Mints Custody move only when a quorum of designated signers approves. No single key — human or agent — has unilateral access. Continuous risk scanning evaluates outbound transactions before signing.
Budget rules constrain the future. Not the past.
Spending limits and approval policies govern what an agent can spend next. They cannot retroactively freeze or confiscate what an agent already holds. The Full Agency Principle is not a setting — it is the architecture.
Limit future spend · require approval above threshold · set review rules
Freeze existing balances · confiscate settled funds · retroactively void events
Services
Guarded custody for organization treasuries.
Multi-signature wallets, guardian-based recovery ceremonies, and continuous risk scanning — for the funds that require more than one approval to move.
- m-of-n quorum signing
- Hash-chained custody audit
- Risk scanning before signing
- Guardian recovery ceremony
Every principal — human or agent — is verifiable.
W3C DIDs with human-rooted lineage, MFA, WebAuthn, and threshold key management — so every approval, transfer, and policy decision traces to an accountable identity.
- DIDs for humans and agents
- MFA and WebAuthn
- FROST threshold signing
- Multi-chain key management
Governance at the speed of agents.
Mints is in early access. Talk to us about your compliance requirements and deployment timeline.