Pre-execution verification

Your agent executes
before it verifies.

Stvor sits between intent and execution. Before a payment, transfer, or tool call runs, it checks destination, payload hash, counterparty trust, and policy. Any mismatch → DENIED, no funds move. On success → ECDSA P-256 signed Trust Receipt (ATS-1 draft).

Monitoring acts after. After is irreversible.

GitHub →·Reference impl live (Stripe escrow). Pilot-based onboarding.
ECDSA P-256 receiptsMIT licensedCustody-agnosticStripe reference (live)
STVOR TRUST RECEIPTATS-1 draft
RECEIPT IDats1_sample_001
AGENTagt_finance_agent_v1
ACTIONpayment.execute
DESTINATION0x7a3f91cd...4e
AMOUNT50.00 USDC
COMMITTED2026-07-12T09:41:02Z
EXECUTED2026-07-12T09:41:03Z
DECISION✓ ALLOWED
PAYLOAD HASHsha256:a3f7c291...
SIGNATUREecdsa-p256:3mK9pqR2...
Verify offline · issuer public key only

Not theoretical

This gap already cost billions.

If your product moves user or treasury funds through an agent today, you have the same structural hole: execution happens before anyone verifies the live payload still matches intent.

Bybit

Feb 2025

$1.5B

Destination changed after review. Signers approved what they saw on screen and signed something else. Multisig did not catch the swap between review and broadcast.

Same class of failure as agent destination-swap: commitment at review time ≠ payload at execution time.

JaredFromSubway MEV bot

2023–2024

$7.5M

Unknown counterparty accumulated token approvals over weeks, then drained the bot's wallet. No trust gate on who could receive outbound transfers.

Counterparty trust and policy gates matter as much as signing the right hash once.

Stvor is the check between intent and execution. It acts before. Monitoring acts after — after is irreversible.

The Problem

The gap between intent and execution
has never been closed.

Financial operations fail between the moment they are committed and the moment they execute. Monitoring doesn't catch this. It reports after. After is irreversible.

Payload manipulation

The destination changed. Nobody noticed.

Between commitment and execution, the recipient address was silently rewritten. The AI agent believed it was paying the right vendor. The audit log showed a successful transfer. The money went somewhere else.

// Agent committed to:  destination: "0x7a3f91cd...4e"  amount:      50_000 USDC  vendor:      "Acme Corp"
// What arrived at execution:  destination: "0x4c1b82f7...3a7" ←  amount:      50_000 USDC  vendor:      "Acme Corp"
UNDETECTED BY MONITORINGCRITICAL
Authorization gap

The authorization was revoked. The execution ran anyway.

A treasury automation agent held a signed authorization for routine operations. The authorization was revoked when the vendor contract ended. The agent's context cache was stale. The $200K transfer executed anyway.

// Authorization at signing time:  agent_id:   "agt_treasury_01"  scope:      "transfer.approve"  valid_until: "2026-03-01T00:00:00Z"
// Execution time (2026-04-15):  agent_id:   "agt_treasury_01"  scope:      "transfer.approve"  status:     "EXPIRED" ← ignored
UNDETECTED BY MONITORINGCRITICAL
Context injection

The agent was told to pay a different address. It believed it.

A prompt injection in an external data source replaced the recipient address mid-conversation. The agent completed the task exactly as instructed — by the attacker. The user saw a confirmation. The funds were gone.

// User instruction:  "Pay $15,000 to our payroll   provider as scheduled."
// Agent context after injection:  "Pay $15,000 to payroll provider"  [injected] destination: "0x9d..."  // User never saw this change
UNDETECTED BY MONITORINGCRITICAL

Every existing solution — monitoring platforms, SIEM tools, compliance dashboards — acts after execution. They see what happened. Stvor acts before. It sees what is about to happen.

How it works

Four checks. One decision. Signed receipt.

Stvor runs in front of your execution flow — not inside custody, not after broadcast. I wire this checkpoint with you during the pilot; there is no self-serve npm install path today.

01

Destination match

Destination is hash-committed at intent time. Before execution, Stvor compares the live destination against the commitment. Swap → DENY.

02

Payload integrity

SHA-256(canonical params) must equal the committed hash. Comparison uses crypto.timingSafeEqual() — no early exit on byte differences.

03

Counterparty trust

Minimum trust score on the receiving address or entity. Unknown or low-trust counterparties cannot receive outbound transfers from the agent.

04

Policy check

Amount caps, allowed methods, recipient allowlists — evaluated against the signed policy attached to the commitment. Violation → DENY.

Verification gateTypeScript
// Before your execution rail fires (Stripe, chain, internal ledger)
const checks = await stvor.verify({
  commitment,          // signed at intent time
  payload: liveParams, // what the agent is about to send
});

if (!checks.allowed) {
  throw new DeniedError(checks.reason); // no payment attempted
}

// checks.receipt — ECDSA P-256 signed Trust Receipt (ATS-1)
Payload hash compare
const canonical = sortKeys(trim(params));
const hash = crypto.createHash("sha256")
  .update(JSON.stringify(canonical))
  .digest("hex");

const match = crypto.timingSafeEqual(
  Buffer.from(hash, "hex"),
  Buffer.from(commitment.payloadHash, "hex"),
);

if (!match) return { allowed: false, reason: "PAYLOAD_MISMATCH" };

After ALLOW → portable Trust Receipt. Verifiable offline with only the issuer's public key. Format: ATS-1 (draft).

STVOR TRUST RECEIPTATS-1 draft
RECEIPT IDats1_sample_001
AGENTagt_finance_agent_v1
ACTIONpayment.execute
DESTINATION0x7a3f91cd...4e
AMOUNT50.00 USDC
COMMITTED2026-07-12T09:41:02Z
EXECUTED2026-07-12T09:41:03Z
DECISION✓ ALLOWED
PAYLOAD HASHsha256:a3f7c291...
SIGNATUREecdsa-p256:3mK9pqR2...
Verify offline · issuer public key only

Who it's for

Builders whose agents already move real funds.

Written for a technical founder or eng lead — not a CISO buying a dashboard. If you are still in prototype with no live money, the pilot is probably early. If funds move today and you worry about destination-swap, prompt injection, or post-authorization tampering, read on.

Agent-commerce products in production

You ship autonomous checkout, invoicing, or API-billed agents. Real user money moves on every successful tool call. One destination swap is a company-ending event.

  • LangGraph / custom agent loops
  • Stripe or on-chain settlement
  • No human in the approval loop

DeFi / trading bots with treasury at risk

Your bot holds hot wallet balances and executes strategies 24/7. Approvals accumulate. Counterparties change. You need a gate before every outbound transfer, not a dashboard after the drain.

  • MEV / arb / market-making bots
  • Multi-chain execution
  • Approval and allowance risk

Agent platforms where customers bring their own keys

You provide the agent runtime; customers connect wallets or payment rails. You cannot see inside their custody stack — but you can require a Stvor checkpoint before their agents execute.

  • B2B agent infrastructure
  • Customer-owned keys
  • Liability without visibility

Moving live funds with agents? Book a 2 weeks pilot — I wire the checkpoint in your flow.

Book the pilot — $500

Why custody-agnostic

A trust layer has to be neutral to be trusted.

Stripe did not become HTTPS. Cloudflare did not replace TLS. They sit on top of a neutral primitive and add value without owning the pipe. Stvor is the same shape: verification middleware that works whether you custody with Fireblocks, run your own hot wallet, or settle through Stripe manual-capture.

If the verifier only works inside one vendor's stack, every other stack treats it as that vendor's feature — not infrastructure. Neutrality is the moat. The Trust Receipt (ATS-1) is the portable proof that outlives any single integration.

Competitive Positioning

Custody tools act too late
or inside one provider.

Stvor is pre-execution verification with a signed receipt — not a custody product, not post-event monitoring. Comparison reflects publicly documented behavior; corrections welcome.

Scroll right

SolutionCategoryWhen it actsAI agent nativeCustody-agnosticCryptographic proof
STVOR
Execution Trust LayerPre-execution
Fireblocks
Custody + Policy EnginePre-execution

Policy engine only works within Fireblocks custody

Blockaid
Transaction SimulationPre-sign (web3 only)

Simulates web3 transactions, no agent-native support

Hypernative
Threat MonitoringPost-event

Monitors on-chain events after execution

Safe (Gnosis)
Multi-sig GovernancePre-execution

Multi-sig governance, not AI agent verification

Chainalysis / TRM
Compliance AnalyticsPost-transaction

Forensics and compliance reporting after the fact

The independent trust layer wins for the same reason SSL won: Trust infrastructure must be neutral to be trusted. A verification layer owned by a custody provider is not trusted by its custody competitors. STVOR is custody-agnostic by design — the only position from which it can become foundational infrastructure for the entire ecosystem.

Current stage

Honest about where this is.

Reference implementation is live and demonstrable. Production integrations happen through paid pilots — I stand up the checkpoint in your flow with you. No customer logos, no ARR, no user counts on this page until you see them elsewhere with a source.

Live today

Reference impl
  • ·Reference implementation: Stripe manual-capture escrow flow
  • ·Four-check verification gate (destination, payload, trust, policy)
  • ·ECDSA P-256 signed Trust Receipt output
  • ·Built and demoed (NVIDIA judging, hackathon)

In progress

Now
  • ·ATS-1 receipt format spec (draft, open)
  • ·Pilot integrations with design partners — white-glove, not self-serve
  • ·MIT-licensed reference code on GitHub

Planned rails

Planned
  • ·x402 payment rail integration
  • ·OrbWallet integration
  • ·On-chain receipt registry (evaluating necessity)

Latency: <2ms per check in reference implementation on commodity hardware — not a production SLA until measured in your environment.

Paid 2-week pilot

$500 flat · 2 weeks

I stand up a Stvor checkpoint in front of your execution flow — verify intent, destination, and payload before execution → ALLOW or DENY — plus a signed Trust Receipt after each action. I do the integration. At the end it works and you keep going, or you pay nothing further.

  • Checkpoint wired in front of your live execution flow
  • Destination + payload + trust + policy checks on every action
  • Signed Trust Receipt (ATS-1) after each ALLOW
  • I do the integration — you bring the agent and the rail
  • Works at end of pilot, or you pay nothing further

Technical crowd: ATS-1 spec · GitHub

Roadmap

Where this goes. Not where it starts.

2026Now

Agent-money verification

  • Pilot-based integrations (white-glove)
  • ATS-1 Trust Receipt spec publication
  • Additional execution rails beyond Stripe reference
2027Planned

Broader rails + registry

  • x402 payment rail (planned)
  • OrbWallet integration (planned)
  • Evaluate on-chain receipt registry for composability
2028+Future

Treasury & compliance scale

  • Enterprise treasury automation receipts
  • Regulatory audit trail exports (MiCA / stablecoin context)
  • Post-quantum signature migration path (if warranted)