Payment OS for the Agent Economy — non-custodial MPC wallets with natural language spending policies for AI agents
Project description
Sardis
Payment OS for the Agent Economy
AI agents can reason, but they cannot be trusted with money. Sardis is how they earn that trust.
Website · Docs · Playground · Enterprise
📦 Quick Install
# MCP Server (Claude, Cursor, ChatGPT)
npx @sardis/mcp-server start
# Python SDK
pip install sardis
# TypeScript SDK
npm install @sardis/sdk
# LangChain
pip install sardis # Uses sardis-sdk under the hood
# CrewAI
pip install sardis # Compatible with CrewAI tools
# OpenAI Functions
pip install sardis # Use with OpenAI function calling
# Gemini / ADK
pip install sardis # Compatible with Google AI SDKs
# Vercel AI SDK
npm install @sardis/ai-sdk
🤔 What is Sardis?
Sardis gives AI agents non-custodial MPC wallets with natural language spending policies. It prevents financial hallucinations—agents accidentally spending $10k instead of $100—with a real-time policy firewall that validates every transaction before execution.
Your Claude agent, LangChain workflow, or autonomous bot gets its own wallet with programmable guardrails: "Max $100/day on cloud services, only approved vendors, no gambling." The agent cannot override these policies.
Sardis executes stablecoin payments (USDC) on Base with multi-chain funding via CCTP v2 (Ethereum, Polygon, Arbitrum, Optimism). Virtual cards are available in pilot via Stripe Issuing.
Protocol & Feature Maturity
| Feature | Status | Description |
|---|---|---|
| Spending Policy Engine | Production | Deterministic NL-to-policy, atomic spend tracking |
| AP2 Mandate Verification | Production | Full mandate chain verification with evidence |
| USDC Payments (Base) | Production | Non-custodial MPC wallet execution |
| Policy Attestation API | Production | Signed attestation envelopes with Ed25519 |
| PreExecutionPipeline | Production | Composable hook chain with fail-closed defaults |
| Hosted Checkout | Pilot | Merchant checkout flows with session security |
| ERC-8183 Agentic Jobs | Pilot | On-chain job escrow (conservative caps: 1% fee, USDC-only) |
| x402 Protocol | Pilot | HTTP-native micropayments |
| Virtual Cards (Stripe Issuing) | Pilot | Agent-controlled virtual card issuance |
| Multi-chain (Polygon, Arbitrum) | Experimental | Chain routing implemented, not production-tested |
| UCP MCP Transport | Experimental | Partial implementation |
| FIDES Trust Graph | Experimental | DID-based trust federation |
Status key: Production = deployed, tested, load-bearing. Pilot = functional with design partners, conservative limits. Experimental = code exists, not production-tested.
Key Features
- Non-custodial MPC wallets -- Turnkey integration, zero private key exposure
- Natural language spending policies -- "Max $50/tx, $200/day, SaaS vendors only"
- Financial hallucination prevention -- Policy firewall blocks invalid transactions
- 9 AI framework integrations -- MCP, LangChain, OpenAI, Vercel AI, CrewAI, LlamaIndex, Mastra
- Virtual cards (Pilot) -- Stripe Issuing for agent-controlled fiat payments
- Agent-to-agent escrow -- Cryptographic mandate chain for A2A payments
- KYA (Know Your Agent) -- Trust scoring and behavioral anomaly detection
- Base (production) + 4 funding chains -- Multi-chain funding via CCTP v2
- Double-entry audit ledger -- Append-only transaction history with cryptographic proofs
- Protocol support -- AP2 and TAP (production), x402 (pilot), UCP and A2A (partial)
🚀 Quick Start
Python (5 lines)
from sardis import Sardis
sardis = Sardis(api_key="sk_...")
result = sardis.payments.create(
agent_id="agent_abc",
amount="50.00",
token="USDC",
recipient="merchant@example.com"
)
print(f"Payment: {result.tx_hash}")
TypeScript
import { SardisClient } from '@sardis/sdk';
const client = new SardisClient({ apiKey: 'sk_...' });
const agent = await client.agents.create({ name: 'my-agent' });
const wallet = await client.wallets.create({
agent_id: agent.agent_id,
currency: 'USDC',
limit_per_tx: '100.00',
});
const tx = await client.wallets.transfer(wallet.wallet_id, {
destination: '0x...',
amount: '25.00',
token: 'USDC',
chain: 'base_sepolia',
domain: 'openai.com',
});
MCP (Claude Desktop / Cursor)
Add to your claude_desktop_config.json:
{
"mcpServers": {
"sardis": {
"command": "npx",
"args": ["@sardis/mcp-server", "start"]
}
}
}
That's it. Your agent now has a wallet with spending limits.
🎯 Framework Integrations
| Framework | Package | Install |
|---|---|---|
| MCP (Claude, Cursor, ChatGPT) | @sardis/mcp-server |
npx @sardis/mcp-server start |
| LangChain | sardis |
pip install sardis |
| CrewAI | sardis |
pip install sardis |
| OpenAI Functions | sardis |
pip install sardis |
| Gemini / ADK | sardis |
pip install sardis |
| Vercel AI SDK | @sardis/ai-sdk |
npm install @sardis/ai-sdk |
| Claude Agent SDK | sardis |
pip install sardis |
| LlamaIndex | sardis |
pip install sardis |
| Mastra | @sardis/sdk |
npm install @sardis/sdk |
All frameworks use the same policy engine and MPC wallet infrastructure.
Architecture
Every payment follows a single execution path through the PaymentOrchestrator. There are no alternative code paths that bypass policy checks.
AI AGENT
(Claude, Cursor, LangChain, OpenAI)
|
MCP / SDK
|
┌─────────────┴─────────────┐
│ PaymentOrchestrator │
│ (single entry point) │
└─────────────┬─────────────┘
|
┌─────────────┴─────────────┐
│ PreExecutionPipeline │
│ │
│ Composable hooks: │
│ - Policy evaluation │
│ - Spend tracking │
│ - Dedup check │
│ - Compliance gate │
│ - KYA trust scoring │
│ │
│ Fail-closed: any hook │
│ failure blocks the tx │
└─────────────┬─────────────┘
|
┌─────────────┴─────────────┐
│ MPC SIGNING (Turnkey) │
│ Non-custodial keys │
└─────────────┬─────────────┘
|
+──────────┴──────────+
| |
On-Chain Rails Fiat Rails
USDC on Base Virtual Cards
(+ CCTP v2 funding) (Stripe Issuing)
| |
┌─────┴─────┐ ┌────┴────┐
│ LEDGER │ │ LEDGER │
│ Append │ │ Append │
│ Only │ │ Only │
└───────────┘ └─────────┘
Key design principles:
- Fail-closed -- Default deny on all policy, compliance, and security checks
- Non-custodial -- Private keys never stored; MPC signing via Turnkey
- Audit everything -- Append-only ledger with signed attestation envelopes for every decision
📂 Repository Structure
sardis/
├── packages/ # Core monorepo packages
│ ├── sardis-core/ # Domain models, config, database
│ ├── sardis-api/ # FastAPI REST endpoints
│ ├── sardis-chain/ # Blockchain execution, chain routing
│ ├── sardis-protocol/ # AP2/TAP protocol verification
│ ├── sardis-wallet/ # Wallet management, MPC
│ ├── sardis-ledger/ # Append-only audit trail
│ ├── sardis-compliance/ # KYC (iDenfy) + AML (Elliptic)
│ ├── sardis-cards/ # Virtual cards (Stripe Issuing)
│ ├── sardis-mcp-server/ # MCP server for Claude/Cursor
│ ├── sardis-sdk-python/ # Full Python SDK
│ ├── sardis-sdk-js/ # TypeScript SDK
│ ├── sardis-cli/ # Command-line tool
│ └── sardis-checkout/ # Merchant checkout flows
├── sardis/ # Simple Python SDK (public interface)
├── contracts/ # Solidity smart contracts
│ └── src/
│ ├── SardisWalletFactory.sol
│ ├── SardisAgentWallet.sol
│ └── SardisEscrow.sol
├── dashboard/ # React admin dashboard
├── landing/ # Marketing website
├── mobile/ # React Native companion app
├── playground/ # Interactive demo sandbox
├── examples/ # Usage examples
├── demos/ # Demo applications
├── docs/ # Documentation
│ └── marketing/ # GTM content and strategies
└── tests/ # Integration tests
📚 Documentation
- Getting Started Guide — First payment in 5 minutes
- API Reference — Complete endpoint documentation
- MCP Server Setup — Claude Desktop integration
- Policy Language — Write spending rules in plain English
- Chain Support — Supported networks and tokens
- Framework Guides — LangChain, OpenAI, Vercel AI SDK
- Security Model — MPC architecture and threat model
- Compliance — KYC/AML/SAR framework
- Examples — Code samples for all frameworks
🤝 Contributing
We welcome contributions! Please see our Contributing Guide for details.
Quick contribution checklist:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature - Make your changes with tests
- Run the test suite:
uv run pytest tests/ - Submit a pull request
Development setup:
# Clone the repository
git clone https://github.com/EfeDurmaz16/sardis.git
cd sardis
# Install dependencies
uv sync
# Run tests
uv run pytest tests/
# Start local API server
uvicorn sardis_api.main:create_app --factory --port 8000
🔗 Links
- Website: sardis.sh
- Documentation: sardis.sh/docs
- Playground: sardis.sh/playground
- GitHub: github.com/EfeDurmaz16/sardis
- Discord: discord.gg/XMA9JwDJ
- PyPI: pypi.org/project/sardis
- npm: npmjs.com/package/@sardis/mcp-server
- Context7 Docs: context7.com/efedurmaz16/sardis
📄 License
This project uses an open-core licensing model:
-
MIT License — SDKs, MCP Server, Integration Adapters, CLI tools
sardis(Python meta-package)@sardis/sdk,@sardis/mcp-server,@sardis/ai-sdk- All integration adapters and examples
-
Proprietary — Core banking infrastructure, policy engine internals, MPC node management
See LICENSE.txt for full details.
Sardis — The Payment OS for the Agent Economy
Non-Custodial | MCP Native | Financial Hallucination Prevention
Built with ❤️ for the AI agent ecosystem
© 2026 Efe Baran Durmaz
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sardis-1.1.0.tar.gz.
File metadata
- Download URL: sardis-1.1.0.tar.gz
- Upload date:
- Size: 20.7 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.22 {"installer":{"name":"uv","version":"0.9.22","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
71b049ac503ae9d17c4b3ffbc3e3dd7cf8657e6b103d4ed8e3e25c69a5d6dfec
|
|
| MD5 |
10ef7ce19d9068ece2c96a6a8cdd1393
|
|
| BLAKE2b-256 |
b30e487afa97f2e2d85c56143fba75ebb41e99e5353880e0b290bddac0c3cc78
|
File details
Details for the file sardis-1.1.0-py3-none-any.whl.
File metadata
- Download URL: sardis-1.1.0-py3-none-any.whl
- Upload date:
- Size: 30.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.22 {"installer":{"name":"uv","version":"0.9.22","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
405e812ebed60dc9c6f9ac338c40a8cb38ee5ba6983bf03b250146d4e1125fa1
|
|
| MD5 |
8737d7bef0eec91dc5c22d135062912e
|
|
| BLAKE2b-256 |
292cca1507843b4dbd1c3ac7d9547640b466e33e6758c0c61d6584175f048ef2
|
