AgiCards

Description

The Problem

AI agents are rapidly gaining the ability to take real financial actions — booking services, purchasing APIs, subscribing to tools. But there is no infrastructure today that lets a user control, limit, and verify what an agent actually spends. Giving an agent a credit card or wallet with signing keys means trusting it completely. No guardrails, no audit trail, no proof of what decision was made and why.

The Solution

AgiCards is a programmable card control layer built specifically for AI agents. The rule is simple — deposit first, spend second. Users fund a wallet, register an AI agent, and define exactly what that agent is allowed to spend. Maximum per request. Daily limit. Allowed merchant categories. Auto-approval threshold. The agent cannot touch a single dollar outside those rules. Everything is enforced by a smart contract on 0G Mainnet — not by a company, not by trust.

How It Works

User Deposits
      ↓
Register Agent + Set Policy
      ↓
Agent Submits Card Request
      ↓
0G Compute Evaluates Policy
      ↓
    Approved?
    ↙       ↘
  YES        NO
   ↓          ↓
Reserve    Reject +
Funds      Release
   ↓
Issue Web3 Card / Stripe Adapter
   ↓
Write Proof to 0G Storage
   ↓
Anchor Root to 0G Chain

What Gets Recorded on 0G

Every step of the flow produces a verifiable proof root — not a log entry on a private server, but a Merkle root anchored to a public chain that anyone can verify without asking permission.

• Agent profile root — proof the agent was registered with a specific identity

• Policy root — proof the spend rules were committed before any request was made

• Receipt root — proof the card request happened and funds were reserved

• Compute decision root — proof 0G Compute evaluated the policy and reached a conclusion

• Memory root — proof the agent's activity history was recorded

All five roots are live on 0G Mainnet right now and verifiable at agicards.dev/app/proof.

0G Integration

Two Spend Paths — One Proof Layer

AgiCards is designed as a hybrid from day one — not patched together as an afterthought.

What is live today: The Web3 card path. Every agent request is evaluated by the 0G Compute policy engine, approved by the smart contract, and recorded with verifiable proof on 0G Storage and 0G Chain. This works right now, on mainnet, with no dependency on any external payment provider.

What is coming next: The Stripe Issuing adapter. Stripe Issuing allows platforms to programmatically create and control real Visa and Mastercard virtual cards. AgiCards already has this adapter layer architected — once a request clears the smart contract policy engine, it can be routed to Stripe to issue a real card usable anywhere Visa and Mastercard are accepted. This path requires a Stripe Issuing programme approval and is subject to jurisdiction availability, which is why it ships as a roadmap item rather than a live feature today.

Why this architecture matters: The same policy engine, the same 0G proof layer, and the same smart contract enforcement govern both paths. An agent approved to spend on a Web3 card today will be approved the exact same way on a real Stripe-issued card tomorrow. The proof trail does not change — only the card rails do. On-chain enforcement and traditional payment infrastructure working together, not competing.

Security

The smart contract was reviewed by Mustapha Abdulaziz of SpectraSec Lab. Nine audit findings were identified — one high, five medium, and three low severity. Eight were resolved before submission, including ETH egress from the treasury, daily limit enforcement, reentrancy guard, mode checks, pause gates, and quota accounting. One low-severity finding remains open (transient DoS, no funds at risk). The full audit report is available in the repository.

Live

• App: agicards.dev

• Proof page: agicards.dev/app/proof

• Contract: 0xc757698204543af249e328764e89530464de668e on 0G Mainnet · Chain 16661

• Explorer: chainscan.0g.ai/address/0xc757698204543af249e328764e89530464de668e

Day 1 — Foundation

• Designed the full system architecture: wallet → agent → policy → request → 0G proof

• Built and deployed AgiCardsRegistry.sol to 0G Mainnet (Chain 16661)

• Integrated 0G Storage SDK — agent profiles and policy records stored as Merkle roots

• Integrated 0G Compute Router — OGM-1.0-35B-A3B model evaluating spend requests in real time

• Contract address live: 0xc757698204543af249e328764e89530464de668e

Day 2 — Product

• Built the complete Next.js 15 dashboard from a Figma design export — wallet, agents, card orders, and 0G Layer pages

• Implemented the full card request lifecycle: deposit → register agent → set policy → request → evaluate → approve → reserve → issue → proof

• Ran a full end-to-end proof session on mainnet — generated five live 0G Storage roots: agent profile, policy, receipt, compute decision, and memory

• Built the 0G Layer proof page specifically for judges — all five roots and the explorer link in one place

• Deployed to production at agicards.dev with custom domain via Cloudflare DNS

Day 3 — Security, Polish, and Submission

• Brought in smart contract auditor Mustapha Abdulaziz (SpectraSec Lab) for independent audit

• Auditor identified four security findings — daily limit not enforced on-chain, missing reentrancy guard, mode check gap on Web3 spend path, and pause not gating in-flight requests

• All four findings fixed and committed before submission

• Full audit report published in the repository under audit/

• Completed README documentation covering architecture, 0G modules, reviewer notes, faucet instructions, and deployment proof

• Recorded demo video with AI voiceover walking through the full product flow

• Pitch deck completed and published

AgiCards is currently unfunded and was built entirely during the hackathon period by a two-person team — one builder and one smart contract auditor. No external capital has been raised.

The project is at MVP stage with a working product live on 0G Mainnet. The immediate funding priority would be securing a Stripe Issuing programme approval to activate the real-card adapter path, followed by expanding the policy engine and agent identity layer.

Open to grants, ecosystem funding, and strategic partnerships — particularly within the 0G ecosystem and the emerging AI agent economy.