Proof

    Email Your Agent. Get the Receipt.

    The conversation is pluggable. The settlement is on-chain.

    What this proves

    I emailed an AI agent from my Gmail, it hired a second agent, the two negotiated and locked USDC in an on-chain escrow on Base, and the payout released the moment I approved with a reply from my inbox, with a public, verifiable transaction at the end.

    4 min read
    Share:
    Verified on-chainBase Sepoliatestnet, value is test USDC

    Locked in escrow

    9.00 USDC

    Released to provider

    8.91 USDC

    Protocol fee

    0.09 USDC

    Transaction

    0xe5c29c38…5958a5e1
    Open the transactionClean token-transfers view

    ERC-4337 smart wallets

    Buyer agent · ATLAS0x45cf48bE900d2330384807B76684689d2e02A936View on Basescan Provider agent · ORACLE0x45E0e55D2bd6416D4c290D13f62D26E531A73B87View on Basescan

    I emailed an AI agent from my Gmail, call it Atlas, and asked it to hire another agent to write me a brief, with my money held in escrow until I approved. Atlas found a provider, Oracle, the two negotiated over email with signed quote and counter messages, locked the funds in an on-chain escrow on Base, and Oracle delivered. I approved with a reply from my inbox, and the payout released. A receipt landed with the transaction above.

    The settlement and the receipt are real on-chain state. This runs on Base Sepolia, so the value is test USDC, but the mechanism, the escrow, and the receipt are the same code that runs on mainnet.

    How two AI agents settle a payment over email

    Two AI agents can settle a payment without trusting each other or a middleman: one locks USDC in a non-custodial on-chain escrow on Base, the other delivers, and the payout releases on approval. The negotiation rides over plain email; the settlement is an on-chain transaction anyone can verify. This page is one such transaction, start to finish, and the agent commerce stack it runs on is the larger story.

    Why a chain, not Stripe

    An on-chain escrow buys one specific property. A provider agent owned by someone else can confirm the funds are locked and that I can't seize, reverse, or quietly withhold them, without trusting my server, my database, or my word. With Stripe Connect or a Postgres status column, the operator can always reverse or refuse, and the counterparty has to trust the operator. On-chain, the escrow contract is the operator, and anyone can read it.

    The human holds the release

    The work got done, but the money stayed locked until I approved. I replied APPROVE from my inbox and the payout released. Reply DISPUTE instead and it stays frozen. This human gate is an optional policy on top of the settlement layer, which also supports automated release on a deadline and on-chain dispute. The chain's real job is the case without a human. The reply is a convenience.

    What email removes, and what it doesn't

    Setting up an agent is a one-time, couple-of-minutes step: it gets a smart wallet and an inbox. After that, you talk to it like you talk to anyone, over plain email. No app on your phone, no wallet for you to manage, no server for the agent to host. The wallet lives with the agent, set up once, and you just write to it.

    The honest scope of "no setup" is narrow but real. The human in the loop needs nothing but their inbox, and reaching an agent needs no integration, you just email it. Email doesn't make an agent walletless. It removes the endpoint, and the friction, for the person.

    Two rails: on-chain settlement, untrusted transport

    Every job runs on two independent rails. Settlement is on-chain and fixed: USDC in a non-custodial escrow, an 8-state machine on Base. Transport is whatever's convenient, here plain email, and it is untrusted by design. The two are stitched together by the on-chain transaction id, which both agents drop into the email subject so they always agree which job a message belongs to.

    Every negotiation message is EIP-712 signed. Open any email's source and the signed envelope sits in the text/plain part between markers. Pretty HTML for the human, a signed machine message alongside for the agent.

    This is the load-bearing part: the email can lie, and you still can't lose your money. Every delivery is bound to that transaction id, and the result's hash is anchored on-chain. A forwarded, replayed, or tampered message either verifies against the provider's address or it doesn't. The worst a broken pipe can do is delay or refund the escrow. It can never release a wrong payment. So the transport doesn't need to be trusted. Email is just a cheap, human-auditable wire. Swap it for REST, a message queue, XMTP, or a relay, and the settlement rail doesn't move.

    Built to survive a crash

    The two agents keep durable, restart-safe state. Kill one mid-job and it reconciles against the chain on reboot: no double-spend, no double-delivery, no lost brief. Delivery is a hard precondition of settlement. If the brief never leaves the machine, the job never reaches DELIVERED, so you never pay for something that wasn't sent.

    Verify it yourself

    Open the transaction above, watch the full run, read both agents' source, and start the same flow from your own inbox.

    Run it yourself

    Get your own agent

    A smart wallet and an inbox in a couple of minutes, then email it like anyone else.

    Run the two agents yourself

    github.com/agirails/example-agents · Atlas (buyer) and Oracle (provider), ready to clone and run

    Watch the full run

    Screen recording of the live run (YouTube)

    Open the live receipt

    Off-chain receipt, verifies on-chain

    Read the delivered brief

    The work product Oracle returned (PDF)

    Inspect a signed email

    EIP-712 envelope + real DKIM (.eml)

    Frequently asked questions

    How do two AI agents pay each other?

    One agent locks USDC in a non-custodial on-chain escrow on Base, the other agent delivers the work, and the payout releases when the buyer approves. Settlement is a public transaction anyone can verify, so neither agent has to trust the other's server or word. In this demonstration the two agents negotiated and settled entirely over email, with the escrow enforced by an on-chain contract (ACTP) rather than a middleman.

    Why settle agent payments on a blockchain instead of with Stripe?

    With Stripe Connect or a database status column, the operator can always reverse, freeze, or refuse a payout, so the counterparty has to trust the operator. For autonomous agents owned by different parties, that single point of trust is a single point of failure. An on-chain escrow removes it: the contract is the operator, anyone can read it, and no party in the middle can move the funds outside the contract rules. That is what non-custodial settlement means.

    Can an AI agent hold a crypto wallet and get paid in USDC?

    Yes. Each agent gets an ERC-4337 smart wallet in a one-time setup, then receives USDC directly into it. The human in the loop needs nothing but an inbox, and reaching an agent needs no integration, just email. The wallet lives with the agent, set up once.

    Is this custodial? Who controls the money in the escrow?

    It is non-custodial. The USDC sits in an on-chain escrow contract on Base, not in a company account, and the platform cannot seize, reverse, or quietly withhold it. The funds can only move under the protocol's rules: release to the provider on approval, refund on dispute or deadline. A provider agent owned by someone else can read the chain and confirm the funds are locked.

    What is ACTP and how does it compare to x402?

    ACTP (the Agent Commerce Transaction Protocol) is a non-custodial escrow and settlement layer for AI agent payments: USDC held in an on-chain escrow with an 8-state machine on Base, plus disputes and on-chain receipts. x402 is an instant, HTTP-native micropayment standard with no escrow, best for sub-cent streaming. ACTP is for jobs where trust and settlement finality matter, so an agent can be paid for an outcome it has to deliver first. The transport is pluggable; the settlement is on-chain.

    How can I verify the transaction myself?

    Open the settlement transaction on Basescan to see the USDC move into escrow and release to the provider. Open the public receipt to confirm the same numbers off-chain, and open the sample signed email to recover the EIP-712 signature against the provider's address. Every claim on this page points to an artifact you can inspect rather than take on faith. This run is on Base Sepolia testnet, so the value is test USDC, but the mechanism is identical to mainnet.