AffixIO has published the @affix-io/agentic-trust package on npm and opened the Agentic Trust repository on GitHub. This release gives developers, payment teams, and platform teams a concrete entry point for building agent identity verification, consent verification, and trusted payment authorization into agentic commerce infrastructure.
Why AffixIO Agentic Trust matters for agentic payments
Agentic systems are moving from prototypes to production flows. It is simple to give an AI agent credentials and let it call payment APIs. It is more demanding and more important to control which agents can act, what scope they have, how consent is captured, and how each transaction is justified to issuers and merchants.
Existing authentication and gateway layers verify callers at the connection level. They do not solve agent identity, delegated authority, or transaction level consent. AffixIO Agentic Trust focuses on that missing trust layer for agentic payments. It represents who the agent is, who it acts for, what scope it has, and which trust signals support each AI agent payment.
The outcome is a verification infrastructure for AI agents that integrates with existing authorization and risk engines, turning opaque AI traffic into structured agentic transaction verification signals that can be evaluated and audited.
What AffixIO published on npm and GitHub
AffixIO Agentic Trust npm package
The @affix-io/agentic-trust npm package is an early infrastructure SDK for expressing agentic trust decisions in code. It helps teams structure agent identity, delegated authority, consent proofs, and transaction constraints so they can be evaluated consistently within payment and authorization flows.
This is early infrastructure, not a complete payment product. The goal is to give engineering teams a technical foundation for experimentation around agent identity verification SDK patterns, consent aware payment authorization, and agentic payments trust layers.
View the AffixIO Agentic Trust npm package
Agentic Trust GitHub repository
The public Agentic Trust GitHub repository contains the implementation and reference materials behind the npm package. By maintaining this repository in the open, AffixIO makes its approach to agent verification, consent verification, and transaction level authorization available for inspection and review.
The repository is intentionally focused and versioned as part of a longer roadmap for agentic commerce trust infrastructure. It is a base layer that can be extended and integrated, not a monolithic black box.
View the Agentic Trust GitHub repository
What agentic trust means in practice
AffixIO uses the term agentic trust for the verification and authorization layer that governs what AI agents are allowed to do on behalf of users and institutions. It extends beyond login and API access, and it brings several concepts into one verification system.
Agent identity
Agent identity is the ability to name the specific agent instance responsible for a transaction. AffixIO Agentic Trust treats the agent as a verifiable subject with its own identifiers, keys, and metadata, instead of collapsing all agent traffic into a generic client identity.
Runtime and execution trust
Execution trust covers where and how the agent runs. It includes runtime configuration, deployment environment, and the path by which prompts, tools, and policies reach the agent. AffixIO Agentic Trust can ingest runtime context so that trust decisions consider execution properties, not only static secrets.
Delegated authority
Delegated authority describes the explicit powers a user or organization has granted to an agent. Rather than a simple yes or no for access, agentic trust aims for scoped authority: limits across amount, merchant categories, channels, and time windows that define what the agent is allowed to do.
User consent
Consent verification links a human decision to a specific agent and category of action. With AffixIO Agentic Trust, consent is represented as structured data that can be checked at authorization time to confirm that it exists, is current, and matches the requested transaction type.
Transaction level authorization
Transaction level authorization evaluates a concrete request rather than generic access. The trust layer considers agent identity, delegated authority, consent proofs, payment instrument data, and merchant context to produce a decision that issuers and merchants can apply directly within their authorization pipelines.
Auditability
Auditability is the ability to reconstruct why a specific AI agent transaction was approved or declined. AffixIO Agentic Trust treats logging and explanation as core features so that disputes, investigations, and model evaluations can reference trust signals, not just raw payment events.
How an AffixIO Agentic Trust verification flow works
A typical AffixIO Agentic Trust flow for AI agent payments can be described as a sequence of verification and authorization steps that fit into existing payment stacks.
- Agent requests an action. An AI agent prepares a payment or protected operation and submits a structured request including its agent identifier, the represented user, and transaction parameters.
- System verifies agent identity. Verification services check agent identifiers, registration data, and keys to confirm which agent is calling and whether that agent is recognized and active.
- Consent and authority are checked. The trust layer validates that the user has delegated authority to this agent and that current consent proofs cover the type of action and proposed limits.
- Transaction scope is evaluated. Amount, currency, merchant attributes, channel, and risk inputs are compared against configured policy for this agent and user pair, including dynamic thresholds.
- Trust decision is returned. The system returns a structured decision that describes whether the agent, consent, and transaction context satisfy policy, along with reasons and trust signals.
- Payment or protected action is approved or rejected. Issuers, merchants, or platforms consume the trust decision as part of their authorization logic and either approve the AI agent transaction, reject it, or trigger additional controls.
The @affix-io/agentic-trust package is designed to help teams implement these steps as a reusable trust layer for agentic payments rather than as scattered, one off checks.
Agentic trust verification diagram
Example use cases for AffixIO Agentic Trust
Issuer side AI agent authorization
Issuers can ingest AffixIO Agentic Trust signals alongside traditional authorization data. When an AI agent submits a transaction, the issuer can evaluate which agent initiated the request, which customer delegated authority, what consent exists, and whether the transaction matches configured limits before returning a decision.
Merchant side checkout trust checks
Merchants can add an agentic trust layer to checkout flows by calling AffixIO Agentic Trust before they submit a payment for authorization. This allows them to distinguish human initiated from agent initiated requests, apply different controls, and log verification decisions that support chargeback handling and fraud monitoring.
User consent verification before agent initiated payments
Platforms can record explicit user consent for categories of agent behavior and tie those records to AffixIO Agentic Trust. Before an agent executes a subscription change, invoice payment, or on demand purchase, the verification step checks that consent exists and is valid for the requested scope, enabling consent aware payment authorization.
Connected agent versus trusted agent
Many AI agents can already reach payment APIs, but a connected agent is not automatically a trusted agent. AffixIO Agentic Trust focuses on closing that gap for agentic commerce infrastructure.
Connected agent
- Has API access with generic credentials
- Identity inferred from platform or account context
- Authority broad, with limited explicit scoping
- Consent captured once, rarely tied to each action
- Few transaction policy checks specific to the agent
- Audit trail limited to raw payment and log events
Trusted agent
- Has API access plus explicit agent identity verification
- Identity stable across sessions and environments
- Authority scoped by value, merchant class, and channel
- Consent proof attached to each relevant transaction type
- Transaction policy checks executed before each high value action
- Audit trail includes structured trust decisions and signals
Why AffixIO put Agentic Trust on npm and GitHub
Trust infrastructure for AI agents must be concrete and testable. Publishing @affix-io/agentic-trust on npm and maintaining the Agentic Trust repository on GitHub grounds the category of agentic trust in running code that teams can inspect, integrate, and stress test.
Public packages and repositories signal real implementation work, technical credibility, and a willingness to build verification infrastructure for AI agents as shared infrastructure rather than as a closed service. They also give security teams a basis for review and compliance conversations.
You can explore the current implementation on npm and on GitHub as AffixIO continues to define and harden agentic commerce trust infrastructure.
AffixIO Agentic Trust FAQ
What is Agentic Trust?
Agentic trust is the set of controls that determine whether an AI agent should be allowed to perform a specific action on behalf of a user or institution. It brings together agent identity verification, consent verification, delegated authority, and transaction level authorization so that payments and other high value actions are executed only by trusted agents.
Why do AI agents need trust verification before making payments?
AI agents can submit large volumes of payment requests across many contexts. Without agentic trust, issuers and merchants cannot reliably tell which agent is acting, what consent exists, or whether the transaction fits policy. Trust verification adds structured checks so that agentic payments are controlled by verification infrastructure instead of implicit assumptions.
What is the AffixIO Agentic Trust npm package?
The AffixIO Agentic Trust npm package is an infrastructure SDK that helps teams build an agentic payments trust layer. It focuses on representing agent identity, consent, and transaction constraints so existing systems can enforce trusted AI agent transaction flows in a consistent way.
What is the Agentic Trust GitHub repository?
The Agentic Trust GitHub repository is the public home for the implementation behind the npm package, including examples and documentation. It provides visibility into how AffixIO structures agent verification, consent verification, and agentic transaction verification for payment use cases.
How do businesses verify user consent for AI agent transactions?
Businesses can use AffixIO Agentic Trust to represent consent as structured data linked to an agent, user, and scope of action. Before a transaction is sent to an issuer or processor, the verification stage checks that this consent object is present, valid, and compatible with the requested transaction, strengthening consent verification for agentic payments.
How can merchants verify AI agents during checkout?
Merchants can integrate AffixIO Agentic Trust into their checkout flows so AI initiated requests pass through identity checks, consent checks, and transaction policy checks before authorization. This turns checkout into a trust aware gateway for agentic commerce instead of treating agents as indistinguishable from human users.
How can issuers verify AI agents during authorization?
Issuers can ingest AffixIO Agentic Trust signals alongside standard transaction data. By evaluating agent identity, delegated authority, and consent proofs for each request, issuers can distinguish trusted AI agent payments from untrusted flows and apply different authorization logic, limits, and monitoring.
What makes an AI agent trusted before conducting transactions?
An AI agent becomes trusted when it operates inside verification infrastructure that enforces identity, consent, authority, and policy at every sensitive step. AffixIO Agentic Trust focuses on making these controls explicit and inspectable so issuers, merchants, and platforms can have confidence in agentic transaction verification outcomes.
What is the difference between authentication and agentic trust?
Authentication verifies that a caller has valid credentials. Agentic trust verifies that a particular agent, acting for a particular user, is allowed to perform a specific action under a defined scope. It extends beyond login to include ongoing verification of consent, delegation, and transaction level policies for AI agents.
Can agentic trust reduce fraud in autonomous commerce?
Agentic trust is designed to reduce fraud by making agent behavior observable and constrained. When every AI agent transaction includes structured trust signals and passes through standardized verification steps, issuers and merchants can detect abnormal patterns earlier and build stronger defenses around high risk agentic payments.
Start building your agentic payments trust layer
AffixIO Agentic Trust is an early public step in how AffixIO approaches verification infrastructure for AI agents, agent identity, consent verification, and trusted payment authorization. If you are responsible for payment systems, platform governance, or agentic commerce infrastructure, this is a concrete basis for experimentation.
Explore the technical artifacts below or contact the AffixIO team to discuss integration into issuer, merchant, or platform environments.