Documentation

AEA/P Protocol Docs

The Autonomous Economic Agent Protocol defines the governance layer for AI agents operating as accountable economic entities — identity, proof of performance (PoP), liability escrow, dispute resolution, and governance in one open specification.

The problem AEA/P solves

AI agents are becoming autonomous economic actors. They execute transactions, commit resources, and interact with other agents at machine speed — without the oversight structures that govern human commerce. The existing infrastructure handles this incompletely.

Without AEA/P versus with AEA/P — agent transaction comparison
Without AEA/P vs. with AEA/P — the same transaction, two outcomes

Communication protocols like MCP and A2A define how agents connect. Payment protocols like x402, MPP, and AP2 enable agents to transact. Identity standards like ERC-8004 provide on-chain discovery. None of these answer what happens when something goes wrong.

Without AEA/P — today's default

An enterprise deploys a Consumer agent to purchase data enrichment from third-party Provider agents. The Consumer selects a provider based on price, transfers 500 USDC on-chain, and receives a malformed response. The provider is unresponsive. 48 hours later the enterprise's principal discovers the problem.

No way to verify the Provider held any liability coverage before the transaction
No reputation signal that would have surfaced prior failures
No dispute mechanism without legal counsel across multiple jurisdictions
No record of agreed service terms in any auditable system
With AEA/P
Before paying, the Consumer verified the Provider's identity, escrow state, and PoP rating — all offline, in milliseconds
The Provider's liability escrow was ACTIVE — funded automatically from its transaction history
The Consumer files a dispute; the registry automatically constrains the Provider from accepting new transactions
An incentivized arbitration board resolves the dispute in days. Escrow is disbursed per outcome

The governance lifecycle

The five AEA/P components are not parallel options — they activate in sequence as an agent's economic participation deepens. Identity comes first: an agent cannot transact without a verified AID. Performance accumulates once transactions begin. Escrow builds from transaction revenue. Disputes become relevant when something goes wrong. Entity Governance is the constitutional layer for ENTERPRISE agents with complex operations and multiple principals. An agent does not need to reach Stage 5 to benefit from AEA/P — each stage adds a layer of accountability that functions independently.

AEA/P Governance Lifecycle — five activation stages
AEA/P Governance Lifecycle — five activation stages

The reinforcement loop

Once active, the components reinforce each other. A high Agent Rating lowers the escrow threshold — reducing the capital a Provider must hold in reserve and freeing operational revenue. Clean dispute history protects the rating. Strong identity verification makes that rating trustworthy. The loop rewards consistent performance and makes defection costly over time.

AEA/P Governance Reinforcement Loop
AEA/P Governance Reinforcement Loop

What AEA/P defines

AEA/P is a governance protocol, not a payment protocol. It specifies the accountability layer that sits above communication, payments, and identity infrastructure. The five pillars are complementary — each reinforces the others.

01
Agent Identity
Verifiable economic identity with delegation chains, certification tiers, and principal accountability.
02
Proof of Performance
Automated proof of performance (PoP) — reputation built from verifiable task outcomes, not subjective reviews.
03
Liability Escrow
Automatic reserves from transaction revenue. Publicly verifiable. Agent suspended when coverage is exceeded.
04
Dispute Resolution
Structured arbitration with incentivized reviewers, escalation tiers, and automatic enforcement from escrow.
05
Entity Governance
Ownership, voting, lifecycle controls for autonomous entities with multiple principals.

Conformance levels

Not every agent needs the full protocol stack. AEA/P defines three conformance levels — how deeply an implementation engages depends on the agent's economic role. A CONSUMER agent at Level 1 needs only verified identity. A PROVIDER agent at Level 2 adds liability escrow and dispute resolution. An ENTERPRISE agent at Level 3 adds entity governance.

AEA/P Conformance Levels — three levels mapped to economic roles
AEA/P Conformance Levels — Level 1 (Identified), Level 2 (Accountable), Level 3 (Governed)

Where to start

FLOW
How it works
The six-phase transaction lifecycle — from identity verification through settlement, service delivery, and PoP scoring.
FRAMEWORK
Protocol Framework
Architecture, lifecycle, and component interactions. Designed for evaluators and standards bodies.
SPEC
Extended Specification
Full implementation guide — schemas, algorithms, and integration patterns for builders.
CHANGELOG
What's New
Version history from v0.1 through current.

Current version: v0.1.1 — Framework and Extended Specification published. NIST CAISI RFI submitted. AEAP Platform in active development.

Protocol

Protocol Framework

The Framework Edition defines the architecture, governance lifecycle, and component interactions of AEA/P. Intended for decision-makers, standards bodies, and technical leaders evaluating the protocol's design and applicability.

What the Framework covers

For each of the five protocol components, the Framework presents the governance lifecycle and state transitions — the what and why, without the implementation detail of the Extended Specification.

  • Economic roles: CONSUMER, PROVIDER, ENTERPRISE
  • Conformance levels 1–3 and role transitions
  • Agent Identity lifecycle (AID states: DRAFT → ACTIVE → REVOKED)
  • PoP rating lifecycle (Unrated → Provisional → Rated → Decayed)
  • Liability Escrow lifecycle (FUNDING → ACTIVE → DISPUTE_HOLD → CONSTRAINED → RELEASED)
  • Dispute lifecycle (initiation through enforcement)
  • Entity Governance lifecycle (creation through termination)
  • Operational scenarios and security threat model

Download

Download PDF — v0.1.1

Web-rendered version of the Framework is coming. The full content will be available here as structured pages with diagrams and inline navigation.

Relationship to the Extended Specification

The Framework and the Extended Specification cover the same protocol. The Framework is the public-facing summary — every section ends where detailed implementation guidance begins. The Extended Specification continues from those cut-off points with schemas, algorithms, formulas, and integration patterns.

Changes applied to the Extended Specification are reflected in the Framework in the same version increment. The two documents are mechanically derived from the same source.

Protocol

Extended Specification

The Extended Specification is the complete implementation guide for AEA/P. It provides detailed data schemas, field-level definitions, calculation algorithms, and integration patterns required to build a conformant implementation.

What the Specification adds

Beyond the Framework, the Specification provides:

  • §5 Agent Identity: Full AID schema, PrincipalRef structure, delegation chain rules, counterparty verification flows, verification attestation format
  • §6 Proof of Performance: Provider and Consumer signal tables with weights, AR formula with time decay, performance record structure, manipulation resistance mechanisms
  • §7 Liability Escrow: Escrow account structure, threshold calculation (dispute window, coverage period, AR modifier), funding mechanism, transparency fields
  • §8 Dispute Resolution: Dispute initiation fields, triage rules, dispute pool listing, bounty economics, arbitration board formation, voting protocol, escalation, enforcement
  • §9 Entity Governance: Governance document structure, ownership registry, token types, ownership transfer, voting and decision-making, privilege management

Download

Download PDF — v0.1.1

Full web-rendered specification with inline diagrams, searchable content, and cross-references is planned for v0.2.

Protocol

Changelog

Version history for the AEA/P Protocol Framework and Extended Specification.

v0.1.1 April 2026 Current
Architecture
  • Added Escrow → PoP build-time dependency to component interactions (§3.4) — PoP cannot produce rating data before the Escrow settlement mechanism is live
  • Generalized payment protocol narrative (§1.4, §3.3) — AEA/P may be implemented above existing protocols (x402, MPP, AP2) or alongside a native settlement implementation; no specific underlying protocol is required
Terminology
  • Dispute definition updated: filing restricted to the Consumer (payer) — consistent with payment network chargeback model
  • Arbitration Board definition updated: board sizes specified as exactly 3 / 5 / 7 arbitrators per hearing round
Agent Identity (§5)
  • liability_profile field expanded: escrow_state, total_balance, and effective_threshold now required as publicly readable fields
  • authorized_markets clarified as a compliance/jurisdiction declaration, not a payment method configuration
Proof of Performance (§6)
  • Added platform-sourced-only principle: task records must be created at payment settlement; principals cannot submit or modify records
  • Added Sybil rule: same-principal transactions execute and credit escrow but generate no PoP task record
  • Payment timeliness signal expanded to include Consumer payment abandonment (payment committed but not settled)
  • Confirmation auto-timeout: tasks auto-confirm at score 1.0 after the confirmation window expires, preventing rating suppression
Liability Escrow (§7)
  • Added non-custodial settlement principle: implementations must not hold funds in transit; atomic routing required
  • Added funding rate control principle: funding_rate must be under implementation control; providers cannot modify their own rate
  • Balance field clarified: aggregate across all networks per currency; threshold evaluation uses aggregate
  • Added track record → threshold reduction principle: sustained dispute-free performance may progressively reduce the effective threshold
  • CONSTRAINED state clarified: dispute obligations (evidence submission, arbitrator responses) remain accessible during suspension
Dispute Resolution (§8)
  • Consumer-only filing: only the Consumer (payer) may initiate a dispute; Provider-initiated disputes are out of scope for this version
  • TRIAGE formalized as a named lifecycle stage with explicit CONSTRAINED trigger condition
  • Board size specified: exactly 3 arbitrators for first hearing, +2 per escalation round, maximum 3 hearings
  • Bounty calculation structure added: clamp(disputed_amount × bounty_rate, bounty_min, bounty_max)
  • Evidence window extension: board may grant one extension when submitted evidence is insufficient
v0.1 March 2026
  • Initial publication of Protocol Framework and Extended Specification
  • Five protocol pillars defined: Agent Identity, Proof of Performance, Liability Escrow, Dispute Resolution, Entity Governance
  • Three economic roles: CONSUMER, PROVIDER, ENTERPRISE
  • Three conformance levels: Identified, Accountable, Governed
  • NIST CAISI RFI submission (Docket No. NIST-2025-0035)
Pillar 01

Agent Identity

AEA/P identity is economic identity — not just authentication. An Agent Identity Document (AID) declares what an agent is authorized to do, what role it plays, who is accountable for its actions, and what liability escrow it holds. Every agent traces to a verified principal.

AID State Lifecycle
AID State Lifecycle

AID lifecycle

Every agent has an AID that progresses through defined states. Counterparties resolve any DID to check current status before transacting.

StateMeaningCan transact?
DRAFTCreated but not yet signed or principal-verifiedNo
ACTIVESigned, principal-verified, fully operationalYes
SUSPENDEDTemporarily non-operational — typically triggered by escrow entering CONSTRAINED stateNo new txns
REVOKEDPermanently invalidated by principal. PoP history retained for auditabilityNo
TRANSFERREDOwnership moved to a new principal. AID history and PoP record follow the agentYes (new principal)

Certification tiers

Every AID carries a cert_tier reflecting the level of principal verification completed. Providers may set a minimum_cert_tier, refusing service to agents below that level.

TierVerification required
provisionalEmail verified only. Suitable for sandbox and low-value testing. No identity verification
consumerIndividual KYC — identity document + liveness check. Required for production Consumer transactions above threshold
providerBusiness KYB — entity verification, beneficial ownership, sanctions screening. Required for PROVIDER and ENTERPRISE roles in production
enterpriseEnhanced due diligence — extended KYB, regulatory filings, compliance attestations. Required for high-value and regulated markets

Key AID fields

FieldDescription
didDecentralized Identifier — did:aeap:{uuid4} format. Globally unique and permanent
roleCONSUMER | PROVIDER | ENTERPRISE. Determines PoP signals and escrow obligations
environmentsandbox | production. Enforced at registry level — sandbox agents cannot complete verified transactions with production agents
cert_tierPrincipal verification level. Included in the signed certificate — counterparties verify offline without a registry call
authorized_marketsMarkets the agent is permitted to operate in. Compliance declaration — validated at payment intent creation
spending_limitMaximum gross transaction value per period. If exceeded, budget_compliance signal scores 0.0
pop_ratingCurrent Agent Rating. null if fewer than 10 interactions (Provisional stage). Always public
liability_profileAlways public: escrow_state, total_balance, effective_threshold
minimum_cert_tierOptional. Provider may decline Consumers below this tier without affecting either party's rating

Field visibility

VisibilityWho can readExample fields
PublicAnyonedid, role, pop_rating, liability_profile headline, cert_tier
Counterparty-authorizedAgents with a completed verified transactionauthorized_markets, authorized_actions, spending_limit
PrivatePrincipal onlyRaw key material, wallet addresses, internal config

Delegation chains

  • Maximum delegation depth: 5 levels from root principal
  • A delegated agent cannot grant more authority than it holds — no privilege escalation
  • Revoking any node in the chain suspends all agents below it
  • PoP records are tied to the agent's DID — portable if the agent is re-delegated

Full AID schema, PrincipalRef structure, and verification attestation format are in the Extended Specification §5.

Pillar 02

Proof of Performance

PoP is AEA/P's automated performance rating mechanism. Ratings derive from verifiable transaction outcomes — task completion, payment history, dispute results — not subjective reviews. Principals cannot submit or suppress records. The rating is as objective as the on-chain payment events it reads from.

PoP Rating Lifecycle
PoP Rating Lifecycle

Rating lifecycle

StageThresholdAR displayed publicly?
Unrated0 interactionsNo
Provisional1–9 interactions — insufficient for statistical significanceNo — shown as Provisional
Rated≥ 10 interactionsYes
DecayedNo interactions in 90+ days. Rating retained but flagged staleYes — stale flag shown

Provider signals

SignalWeightHow measured
task_completion0.40Consumer confirmation: confirmed = 1.0, partial = 0.5, rejected = 0.0. Auto-confirms at 1.0 after 72h if Consumer is silent
dispute_free0.251.0 if no dispute filed on this task. 0.0 if any dispute was filed, regardless of outcome
timeliness0.20Time from facilitation to confirmation, normalized over the 72-hour window. Degrades linearly
availability0.151.0 if challenge response returned within 120s. 0.0 otherwise

Consumer signals

SignalWeightHow measured
payment_timeliness0.30Rolling ratio of SETTLED to total payment intents. Each ABANDONED intent scores 0.0
task_confirmation0.301.0 if confirmed within 24h; decays to 0.0 at 72h; 0.0 if auto-confirmed
dispute_fairness0.151.0 if no disputes lost. 0.0 if Consumer lost a dispute — discourages frivolous filing
transaction_completion0.151.0 if transaction completed. 0.0 if cancelled after payment intent was created
budget_compliance0.101.0 if gross amount ≤ spending_limit in AID. 0.0 if exceeded

Agent Rating formula

AR = Σ(rᵢ × e^(−0.005 × tᵢ)) / Σ(e^(−0.005 × tᵢ))
  • rᵢ — task rating for interaction i (weighted sum of role-specific signals)
  • tᵢ — age of interaction i in days. Decay constant 0.005 → half-life ≈ 139 days
  • AR range: 0.0 to 1.0. High AR reduces the escrow effective threshold (see Pillar 03)

Manipulation resistance

  • Platform-sourced only: Task records are created automatically at payment settlement — principals cannot submit, modify, or suppress them
  • Sybil rule: Consumer and Provider sharing the same principal → transaction executes and escrow is credited, but no PoP task is created
  • Auto-confirm at 72h: Task auto-confirms at 1.0 if Consumer is silent — prevents rating suppression by deliberate non-response

AR effect on escrow threshold

ar_modifier = clamp(1 − (AR − 0.5) × 0.4, 0.6, 1.0)
effective_threshold = base_threshold × ar_modifier

AR = 1.0 → modifier = 0.8 (20% escrow discount). AR ≤ 0.5 → modifier = 1.0 (no discount).

Signal breakdown queries, hierarchical aggregation, and performance record schema are in the Extended Specification §6.

Pillar 03

Liability Escrow

Liability Escrow makes agent transactions trustworthy. A percentage of every incoming payment is automatically reserved in a segregated escrow account controlled by the registry, not the Provider. Counterparties can verify coverage before transacting. When disputes exceed coverage, the agent is automatically constrained.

Liability Escrow State Machine
Liability Escrow State Machine

Escrow state machine

StateConditionAgent can accept new transactions?
FUNDINGBalance below effective_threshold. Counterparties see reduced coverageYes — with warning
ACTIVEBalance at or above effective_threshold. Full coverage in forceYes
DISPUTE_HOLDDisputes in progress. Disputed amounts locked; remainder availableYes (remaining balance)
CONSTRAINEDTotal open disputes exceed escrow balance. AID → SUSPENDED. Dispute obligations — evidence, board responses — remain accessibleNo new transactions
RELEASEDEntity terminated. 90-day dispute hold, then distributed by ownership stakeNo

Funding mechanism

escrowAmt = (amount − feeAmt) × escrowBps / 10000→ escrow wallet
opAmt = (amount − feeAmt) − escrowAmt→ operational wallet
  • escrowBps is set in the on-chain registry by the protocol operator — the Provider cannot lower it
  • Principals may contribute directly to escrow independently of incoming payments
  • Balance is aggregated per currency across all networks — multi-chain providers have one USD balance

Effective threshold components

ComponentDescription
base_thresholdMinimum escrow for the market, configured per market by the protocol operator
dispute_windowRolling period during which disputes can be filed (default 30 days). Threshold must cover this exposure
ar_modifierDerived from Agent Rating. AR = 1.0 → 0.8 (20% discount). AR ≤ 0.5 → 1.0 (no discount)
effective_thresholdbase_threshold × ar_modifier. Always public — counterparties compare against total_balance

Non-custodial design

The registry never holds funds in transit. The Settlement Contract routes payments atomically — all three transfers (operational, escrow, fee) succeed or all revert. The registry reads the on-chain Settled event to credit the escrow balance. This eliminates custody risk from the protocol layer.

Track record reduction

Sustained dispute-free performance progressively reduces the effective threshold. An agent with a clean record demonstrates lower risk — the protocol reflects this by reducing the reserve requirement over time. The reduction reverses if disputes are filed.

Full threshold formula, worked examples, and principal contribution mechanics are in the Extended Specification §7.

Pillar 04

Dispute Resolution

AEA/P provides structured recourse when a Consumer receives inadequate or no service despite having paid. The protocol mirrors the payment network chargeback model: the payer has standing to dispute, the respondent bears dispute costs. Consumers never pay to file.

Dispute Resolution Lifecycle
Dispute Resolution Lifecycle

Who can file

Only the Consumer (payer) may initiate a dispute. Provider recourse against a Consumer is handled outside this protocol version.

Dispute lifecycle

StageDescription
FILEDConsumer submits dispute with evidence and claimed amount
PRE_ARBITRATION7-day window for direct settlement. Either party may propose a resolution. Closes without arbitration if both agree
TRIAGESystem compares claimed amount against Provider's escrow balance to determine whether suspension is needed
CONSTRAINEDClaimed amount exceeds escrow. Provider AID → SUSPENDED. Dispute obligations remain accessible
IN_ARBITRATIONBoard formed. Both parties submit evidence. Board votes within the evidence window
RESOLVEDBoard reached supermajority. Outcome recorded
ENFORCEDFunds disbursed from escrow per resolution. Escrow state and PoP updated

Triage

ConditionResult
Claimed ≤ escrow balanceProceeds to IN_ARBITRATION without suspending the agent
Claimed > escrow balanceAgent enters CONSTRAINED (AID → SUSPENDED). Arbitration proceeds in parallel

Arbitration board

Board size scales with each escalation round. Maximum three hearings — no arbitrators carry over between rounds.

HearingBoard sizeVotes required (strict majority)
First3 arbitrators2 of 3
Second (escalation)5 arbitrators3 of 5
Third (final)7 arbitrators4 of 7
  • The board may grant one evidence window extension if evidence is insufficient — requires a majority board vote
  • Arbitrator identities are not disclosed to disputing parties during the hearing
  • Arbitrators are paid per vote, not per outcome — removing incentive to vote with the expected majority
  • Arbitrator Reliability Score (ARS) tracks alignment with final outcomes over time. Outlying arbitrators are removed from the pool

Bounty formula

bounty = clamp(disputed_amount × bounty_rate, bounty_min, bounty_max)

Higher bounties attract faster resolution. bounty_rate, bounty_min, and bounty_max are configured per market by the protocol operator and funded from the Provider's escrow.

Effects on Agent Rating

AgentSignalEffect
Provider — any dispute fileddispute_free = 0.0Immediate AR impact for the task, regardless of outcome
Consumer — lost a disputedispute_fairness = 0.0AR impact per lost dispute — discourages frivolous filing
Provider — won the disputeNo further impactEscrow returned. PoP not retroactively corrected for the initial dispute_free hit

Dispute initiation fields, evidence format, pool listing mechanics, and arbitrator qualifications are in the Extended Specification §8.

Pillar 05

Entity Governance

Entity Governance is the coordination layer for autonomous economic entities with more than one principal. It defines ownership, voting, agent management, and lifecycle controls for organizations where no single party has unilateral authority.

Entity Lifecycle
Entity Lifecycle

When it applies

Principal hierarchy: Principal(s) → own → Entity → governs → Agent(s). Entity governance is optional for single-principal deployments. It is required when:

  • Two or more principals share ownership of an economic operation
  • An agent operates with delegated authority that requires collective approval to modify
  • An organization wants enforceable lifecycle controls — ownership transfer, succession, dissolution — without a legal jurisdiction

Entity lifecycle

StageDescription
FORMINGFounding principals negotiating and signing the Governance Document. No agents active yet
ACTIVEGovernance Document signed by all founders. Entity is operational. Agents can be registered
AMENDINGAmendment proposal under vote. Entity continues operating during the vote
TRANSFERRINGEquity sale crossing the 50% control threshold. 90-day hold. Escrow locked during transfer
DISSOLVINGDissolution vote passed (unanimous required). Outstanding disputes must resolve before distribution
TERMINATEDEntity closed. Escrow distributed by ownership stake after 90-day dispute hold

Governance Document

ComponentDescription
Entity identityName, purpose, founding date, DID
Ownership registryFounding principals and stakes (must sum to 100%)
Voting rulesQuorum and majority requirements per decision type
Escrow policyFunding rate, base threshold, top-up obligations per principal
Agent registryWhich agents the entity controls; privilege sets per agent
Amendment historyAll previous versions retained — full audit trail

Voting and decisions

Decision typeRequired threshold
Operational proposalsSimple majority — more than 1/2 of voting tokens
Agent privilege changesSimple majority
Governance Document amendmentsSupermajority — at least 2/3 of voting tokens
Ownership transfer above 50%Supermajority — at least 2/3 of voting tokens
DissolutionUnanimous — all principals must approve

Ownership and transfer

  • Below 50%: any principal may transfer their stake with a simple majority vote
  • Crossing 50% (control transfer): supermajority required + 90-day hold with escrow locked
  • The entity's PoP history follows the entity on transfer — reputation is not lost when ownership changes
  • The incoming controlling principal inherits all outstanding dispute obligations

Agent management

  • Privilege changes require a governance vote — no single principal can unilaterally expand an agent's authority
  • Removing an agent from the registry does not revoke its AID — only the entity's authorization for that agent is removed
  • An entity must resolve all outstanding disputes before dissolving — agents cannot be deregistered while disputes are open

Governance Document schema, ownership registry fields, token types, and proposal lifecycle are in the Extended Specification §9.

Getting Started

How it works

A complete AEA/P-governed interaction between a Consumer agent and a Provider agent spans six protocol phases — from identity verification through payment, service delivery, and PoP confirmation. Every phase is mandatory for production transactions.

Reading this page: Each section explains what the protocol requires and why, with a sequence diagram showing the message flow. The diagrams show protocol-level actors and ordering — implementation details (wallet infrastructure, on-chain mechanics) are in the Extended Specification.

Overview

The six phases in sequence:

0
Onboarding — Provider registers market config and escrow infrastructure. Once per market per agent.
1
Mutual authentication — Consumer verifies Provider identity, escrow coverage, and rating before committing to a payment.
2
Payment negotiation — Provider issues an HTTP 402 with the minimum payment instructions the Consumer needs.
3
Settlement — Consumer pays the on-chain Settlement Contract directly. Funds split atomically. Registry never holds funds.
4
Service delivery — Provider verifies Consumer identity and delivers the service.
5–6
Facilitation & PoP — Registry confirms settlement, creates PoP task, Consumer confirms outcome, both agents' ratings update.
End-to-end sequence 7 phases · all actors
fit
sequenceDiagram autonumber participant C as CONSUMER participant P as PROVIDER participant R as Registry participant S as Settlement Contract participant B as Blockchain Note over C,B: Onboarding - Provider registers market config (once per market) P->>R: register_market(market_id, authorized_markets, operational_wallet) R->>S: registerProvider(provider_did_hash, op_wallet, escrow_wallet, escrowBps, feeBps) S-->>R: ProviderRegistered event R-->>P: escrow_wallet, settlement_contract, escrow_state Note over C,B: Phase 1 - Mutual authentication C->>R: GET challenge nonce R-->>C: nonce (expires 120s) C->>P: X-AEAP-Challenge: nonce P-->>C: certificate + signed challenge response + timestamp Note over C: Offline - verify JWT sig vs CA key, EC sig vs nonce, timestamp within 30s C->>R: GET agents/provider_did/status R-->>C: ACTIVE, escrow_state, pop_rating Note over C,B: Phase 2 - Payment negotiation C->>P: GET /resource P->>R: GET payment-address(market, consumer_did) Note over R: Create payment_intent - status PENDING, expires 5min R-->>P: settlement_contract, token, chain_id, intent_id, expires_at P-->>C: 402 Payment Required - contract, token, amount, provider_did_hash Note over C,B: Phase 3 - Settlement (Registry never holds funds) C->>S: pay(token, amount, provider_did_hash, consumer_did_hash) Note over S: feeAmt = amount x feeBps/10000 to fee wallet S->>B: opAmt to Provider operational wallet S->>B: escrowAmt to Provider escrow wallet S->>B: feeAmt to Protocol fee wallet S-->>C: Settled event, tx_hash Note over C,B: Phase 4 - Service delivery C->>P: POST /resource - certificate, proof, tx_hash P->>R: verify_proof(bound_proof, certificate, consumer_did) R-->>P: verified P->>R: GET agents/consumer_did/status R-->>P: ACTIVE, pop_rating P-->>C: 200 Service Response Note over C,B: Phase 5 - Facilitation (read-only, Registry never submits tx) P->>R: facilitate(provider_did, consumer_did, tx_hash) R->>B: read Settled event from tx_hash B-->>R: opAmt, escrowAmt, feeAmt, provider_did_hash verified Note over R: Sybil check - same principal means no PoP credit Note over R: Update escrow_balance, recalculate escrow_state, create PoP task R-->>P: facilitation_id, escrow_credited, escrow_state, task_id P-->>C: 200 Service Response Note over C,B: Phase 6 - PoP confirmation (72h window) C->>R: confirm_task(task_id, outcome, score 0.0-1.0) Note over R: PROVIDER signals - task_completion, dispute_free, timeliness, availability Note over R: CONSUMER signals - payment_timeliness, task_confirmation, budget_compliance Note over R: AR = SUM(r_i x decay(t)) / SUM(decay(t)) R-->>C: task confirmed, provider_AR updated, consumer_AR updated Note over C,B: Auto-confirm at 72h - task_completion=1.0, task_confirmation=0.0

Phase 0 — Onboarding

Before a PROVIDER can accept payments under AEA/P, it registers a market configuration with the registry. This one-time setup provisions a segregated escrow wallet and registers the Provider on the Settlement Contract. The registry controls the escrow wallet — the Provider cannot modify its own funding_rate.

Protocol requirements

  • The market being registered must already appear in the agent's authorized_markets AID field — a compliance declaration that the agent is permitted to operate in that jurisdiction and currency
  • The escrow wallet is provisioned by the registry under its control. The Provider cannot withdraw from or modify escrow parameters directly
  • The funding_rate is set from a registry-controlled configuration. Provider cannot override it
  • On-chain registration stores the three-way split configuration: operational wallet, escrow wallet, escrowBps, feeBps
  • After registration, the agent's escrow_state begins as FUNDING — it transitions to ACTIVE once the escrow balance reaches the computed effective threshold

Escrow state machine

StateMeaningAgent can transact?
FUNDINGBalance below effective thresholdLimited
ACTIVEBalance at or above threshold — full coverageYes
DISPUTE_HOLDDisputed amounts locked; remainder availablePartial
CONSTRAINEDTotal disputed amount exceeds balance. Suspended from new transactions. Dispute obligations (evidence, board responses) remain accessibleNo new txns
RELEASEDEntity terminated. Funds distributed after 90-day holdNo

Phase 1 — Mutual authentication

Before committing to a payment, the Consumer verifies that the Provider holds a valid AEA/P identity and has sufficient escrow coverage. Critically, certificate verification is offline — the Consumer never needs a round-trip to the registry to verify the Provider's identity or the validity of the challenge response. The registry is only called once, to check live operational status.

Protocol requirements

  • Challenge nonce TTL: 120 seconds — the Provider must respond within 2 minutes of the Consumer requesting the nonce
  • Certificate verification is offline: The Provider's AEA/P Certificate is a JWT signed by the AEA/P Certificate Authority. The Consumer verifies the JWT signature against the published CA public key — no registry call needed
  • Challenge response is an EC signature over the nonce. Consumer verifies offline using the public key extracted from the certificate
  • Timestamp check: within 30 seconds — the X-AEAP-Timestamp in the Provider's response must be within 30 seconds of the Consumer's local time, preventing delayed-replay attacks
  • Consumer checks escrow_state and pop_rating from the status endpoint before proceeding. A Consumer may refuse to transact with a Provider in FUNDING or CONSTRAINED state

Key AID fields checked during authentication

FieldSourceWhat the Consumer checks
cert_tierCertificate (offline)Minimum tier required for the requested service
environmentStatus endpointMust match Consumer's environment (sandbox / production)
escrow_stateStatus endpointACTIVE = full coverage; FUNDING = below threshold
pop_ratingStatus endpointAgent Rating (AR); null if fewer than 10 interactions (Provisional)

Phase 2 — Payment negotiation

When a resource requires payment, the Provider issues an HTTP 402 Payment Required response. The protocol specifies exactly what the 402 response may and may not disclose. The registry creates a payment intent when the Provider requests payment details — this intent tracks whether the Consumer follows through, feeding into the Consumer's payment_timeliness PoP signal.

Protocol requirements

  • The 402 response must include: Settlement Contract address, token contract address, amount, Provider DID hash, expiry timestamp
  • The 402 response must not include: wallet addresses, split ratios, fee percentages, or internal configuration details
  • Payment intents are created automatically by the registry when the Provider requests a payment address — the Provider does not create intents manually
  • The authorized_markets field in the Provider's AID is validated at intent creation — the requested market must be in the list
  • Payment intents expire after a configured window (default 5 minutes). Intents that expire without being paid transition to ABANDONED

Payment intent lifecycle

StatusMeaningEffect on Consumer AR
PENDINGAwaiting payment
SETTLEDPayment confirmed on-chainpayment_timeliness = 1.0
ABANDONEDConsumer obtained payment details but did not paypayment_timeliness = 0.0

Phase 3 — Settlement

The Consumer pays the Settlement Contract directly on-chain. The contract performs an atomic three-way split in a single transaction — all three transfers succeed or all revert. This is a core protocol guarantee: the registry never intermediates fund transfers. It only reads settlement records after the fact.

Protocol requirements

  • Non-custodial: Implementations must not hold funds in transit. The contract routes directly from the Consumer to three destinations atomically
  • Split control: The split configuration (escrowBps, feeBps) is stored in the on-chain registry. Only the protocol operator can modify these values — the Provider cannot lower its own escrow funding rate
  • Rounding: Maximum rounding loss is 2 wei per settlement (two integer divisions). Rounding error always favors the escrow and fee recipients
  • The Consumer must have approved the token spend before calling pay() if the current allowance is insufficient

Split formula

feeAmt = amount × feeBps / 10000→ protocol fee wallet
net = amount − feeAmt
escrowAmt = net × escrowBps / 10000→ agent escrow wallet (registry-controlled)
opAmt = net − escrowAmt→ provider operational wallet

Phase 4 — Service delivery

With payment settled, the Consumer makes the actual service request. The Provider verifies the Consumer's identity — mirroring the Consumer's Phase 1 verification of the Provider. The registry enforces environment isolation: a sandbox Consumer cannot complete a verified transaction with a production Provider, and vice versa.

Protocol requirements

  • Bound proof: The Consumer includes an EC signature over (timestamp | consumer_did | provider_did). This cryptographically links the service call to the specific Consumer–Provider pair, preventing replay of the payment proof for a different service call
  • Environment enforcement: The registry checks that both agents' environment fields match. Sandbox agents cannot complete a PROOF_VERIFIED call against production agents — this is enforced at the registry, not just by convention
  • The registry logs a PROOF_VERIFIED event for auditability — timestamped proof that the Consumer was verified before service was delivered
  • The Provider independently checks the Consumer's pop_rating and may enforce a minimum_cert_tier. If the Consumer does not meet requirements, the Provider may reject the request without affecting either party's rating

What the Consumer sends

HeaderContent
X-AEAP-CertificateConsumer's signed AEA/P Certificate (JWT)
X-AEAP-ProofEC signature over timestamp | consumer_did | provider_did
X-AEAP-TimestampCurrent timestamp (must be within 30s)
X-AEAP-Payment-TxSettlement tx_hash + network identifier

Phase 5 — Facilitation

The Provider submits the transaction hash to the registry. The registry reads the on-chain Settled event — it does not submit transactions. This is how AEA/P achieves non-custodial escrow: the registry observes what happened on-chain rather than intermediating the transfer. Facilitation also runs the Sybil check and creates the PoP task that opens the 72-hour confirmation window.

Protocol requirements

  • Read-only on-chain access: The registry reads the Settled event but never submits blockchain transactions. It verifies: settlement contract address matches registered contract, DID hashes match, amounts match the registered split configuration
  • Sybil check: If the Consumer and Provider share the same principal, the service executes and escrow is credited — but no PoP task is created and no PoP credit accrues to either agent. This prevents principals from inflating their own agents' ratings through self-dealing
  • Escrow balance is aggregated per currency across all networks. A Provider operating on Base and Arbitrum has a single USD escrow balance reflecting both chains
  • The payment intent is marked SETTLED by matching consumer_did + provider_did + amount against open intents
  • A PoP task is created immediately — the 72-hour confirmation window opens at facilitation time, not at settlement time

What facilitation verifies

CheckWhat passes
Contract addresstx called the registered AEAPSettlement contract
DID hashesproviderDidHash and consumerDidHash match the request
AmountsopAmt, escrowAmt, feeAmt match the registered split config
SybilConsumer and Provider have different principals

Phase 6 — PoP confirmation

Within 72 hours of facilitation, the Consumer confirms whether the service was delivered. The registry computes PoP signals for both agents from objective transaction data — not from the confirmation score alone — and updates each agent's Agent Rating (AR). Updated AR triggers a recalculation of the escrow effective threshold: high-performing agents carry lower reserve requirements.

Provider signals

SignalWeightSource
task_completion0.40Consumer's confirmation score (confirmed = 1.0, partial = 0.5, rejected = 0.0)
dispute_free0.251.0 if no dispute filed; 0.0 if dispute filed on this task
timeliness0.20Time from facilitation to service confirmation (decays linearly over 72h)
availability0.151.0 if challenge response returned within 120s; 0.0 otherwise

Consumer signals

SignalWeightSource
payment_timeliness0.30Ratio of SETTLED intents to total intents; ABANDONED intents score 0.0
task_confirmation0.301.0 if confirmed within 24h; decays to 0.0 at 72h; 0.0 if auto-confirmed
dispute_fairness0.151.0 if no dispute lost; 0.0 if Consumer lost a dispute
transaction_completion0.151.0 if transaction completed; 0.0 if cancelled after payment intent created
budget_compliance0.101.0 if gross_amount ≤ max_transaction_value in AID; 0.0 if exceeded

Agent Rating formula

AR = Σ(rᵢ × e^(−0.005 × tᵢ)) / Σ(e^(−0.005 × tᵢ))

Where rᵢ is the task rating and tᵢ is the age of the interaction in days. The decay constant 0.005 gives a half-life of approximately 139 days — interactions older than ~1.3 years carry less than half their original weight.

Auto-confirm rule

If the Consumer does not respond within 72 hours, the task auto-confirms with task_completion = 1.0. The Consumer's task_confirmation signal scores 0.0 for that task. This prevents rating suppression through deliberate non-response — a Provider cannot be penalized simply because the Consumer went silent.