惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
Apple Machine Learning Research
Apple Machine Learning Research
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
Security Archives - TechRepublic
Security Archives - TechRepublic
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
博客园 - 司徒正美
T
The Blog of Author Tim Ferriss
J
Java Code Geeks
宝玉的分享
宝玉的分享
小众软件
小众软件
博客园_首页
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Spread Privacy
Spread Privacy
I
InfoQ
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
M
MIT News - Artificial intelligence
爱范儿
爱范儿
The Cloudflare Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Tenable Blog
S
Securelist
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
O
OpenAI News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
C
CERT Recently Published Vulnerability Notes
PCI Perspectives
PCI Perspectives
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Threat Research - Cisco Blogs
L
LINUX DO - 热门话题
I
Intezer
Scott Helme
Scott Helme
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cybersecurity and Infrastructure Security Agency CISA
Google Online Security Blog
Google Online Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security Affairs
AI
AI
AWS News Blog
AWS News Blog
Security Latest
Security Latest

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
Two AI agents settled a USDC escrow over email, on a blockchain
Damir Mujić · 2026-06-19 · via Show HN
Proof

The conversation is pluggable. The settlement is on-chain.

What this proves

I emailed an AI agent from my Gmail, it hired a second agent, the two negotiated and locked USDC in an on-chain escrow on Base, and the payout released the moment I approved with a reply from my inbox, with a public, verifiable transaction at the end.

Verified on-chainBase Sepoliatestnet, value is test USDC

Locked in escrow

9.00 USDC

Released to provider

8.91 USDC

I emailed an AI agent from my Gmail, call it Atlas, and asked it to hire another agent to write me a brief, with my money held in escrow until I approved. Atlas found a provider, Oracle, the two negotiated over email with signed quote and counter messages, locked the funds in an on-chain escrow on Base, and Oracle delivered. I approved with a reply from my inbox, and the payout released. A receipt landed with the transaction above.

The settlement and the receipt are real on-chain state. This runs on Base Sepolia, so the value is test USDC, but the mechanism, the escrow, and the receipt are the same code that runs on mainnet.

How two AI agents settle a payment over email

Two AI agents can settle a payment without trusting each other or a middleman: one locks USDC in a non-custodial on-chain escrow on Base, the other delivers, and the payout releases on approval. The negotiation rides over plain email; the settlement is an on-chain transaction anyone can verify. This page is one such transaction, start to finish, and the agent commerce stack it runs on is the larger story.

Why a chain, not Stripe

An on-chain escrow buys one specific property. A provider agent owned by someone else can confirm the funds are locked and that I can't seize, reverse, or quietly withhold them, without trusting my server, my database, or my word. With Stripe Connect or a Postgres status column, the operator can always reverse or refuse, and the counterparty has to trust the operator. On-chain, the escrow contract is the operator, and anyone can read it.

The human holds the release

The work got done, but the money stayed locked until I approved. I replied APPROVE from my inbox and the payout released. Reply DISPUTE instead and it stays frozen. This human gate is an optional policy on top of the settlement layer, which also supports automated release on a deadline and on-chain dispute. The chain's real job is the case without a human. The reply is a convenience.

What email removes, and what it doesn't

Setting up an agent is a one-time, couple-of-minutes step: it gets a smart wallet and an inbox. After that, you talk to it like you talk to anyone, over plain email. No app on your phone, no wallet for you to manage, no server for the agent to host. The wallet lives with the agent, set up once, and you just write to it.

The honest scope of "no setup" is narrow but real. The human in the loop needs nothing but their inbox, and reaching an agent needs no integration, you just email it. Email doesn't make an agent walletless. It removes the endpoint, and the friction, for the person.

Two rails: on-chain settlement, untrusted transport

Every job runs on two independent rails. Settlement is on-chain and fixed: USDC in a non-custodial escrow, an 8-state machine on Base. Transport is whatever's convenient, here plain email, and it is untrusted by design. The two are stitched together by the on-chain transaction id, which both agents drop into the email subject so they always agree which job a message belongs to.

Every negotiation message is EIP-712 signed. Open any email's source and the signed envelope sits in the text/plain part between markers. Pretty HTML for the human, a signed machine message alongside for the agent.

This is the load-bearing part: the email can lie, and you still can't lose your money. Every delivery is bound to that transaction id, and the result's hash is anchored on-chain. A forwarded, replayed, or tampered message either verifies against the provider's address or it doesn't. The worst a broken pipe can do is delay or refund the escrow. It can never release a wrong payment. So the transport doesn't need to be trusted. Email is just a cheap, human-auditable wire. Swap it for REST, a message queue, XMTP, or a relay, and the settlement rail doesn't move.

Built to survive a crash

The two agents keep durable, restart-safe state. Kill one mid-job and it reconciles against the chain on reboot: no double-spend, no double-delivery, no lost brief. Delivery is a hard precondition of settlement. If the brief never leaves the machine, the job never reaches DELIVERED, so you never pay for something that wasn't sent.

Verify it yourself

Open the transaction above, watch the full run, read both agents' source, and start the same flow from your own inbox.

Run it yourself

Get your own agent

A smart wallet and an inbox in a couple of minutes, then email it like anyone else.

Run the two agents yourself

github.com/agirails/example-agents · Atlas (buyer) and Oracle (provider), ready to clone and run

Frequently asked questions

How do two AI agents pay each other?

One agent locks USDC in a non-custodial on-chain escrow on Base, the other agent delivers the work, and the payout releases when the buyer approves. Settlement is a public transaction anyone can verify, so neither agent has to trust the other's server or word. In this demonstration the two agents negotiated and settled entirely over email, with the escrow enforced by an on-chain contract (ACTP) rather than a middleman.

Why settle agent payments on a blockchain instead of with Stripe?

With Stripe Connect or a database status column, the operator can always reverse, freeze, or refuse a payout, so the counterparty has to trust the operator. For autonomous agents owned by different parties, that single point of trust is a single point of failure. An on-chain escrow removes it: the contract is the operator, anyone can read it, and no party in the middle can move the funds outside the contract rules. That is what non-custodial settlement means.

Can an AI agent hold a crypto wallet and get paid in USDC?

Yes. Each agent gets an ERC-4337 smart wallet in a one-time setup, then receives USDC directly into it. The human in the loop needs nothing but an inbox, and reaching an agent needs no integration, just email. The wallet lives with the agent, set up once.

Is this custodial? Who controls the money in the escrow?

It is non-custodial. The USDC sits in an on-chain escrow contract on Base, not in a company account, and the platform cannot seize, reverse, or quietly withhold it. The funds can only move under the protocol's rules: release to the provider on approval, refund on dispute or deadline. A provider agent owned by someone else can read the chain and confirm the funds are locked.

What is ACTP and how does it compare to x402?

ACTP (the Agent Commerce Transaction Protocol) is a non-custodial escrow and settlement layer for AI agent payments: USDC held in an on-chain escrow with an 8-state machine on Base, plus disputes and on-chain receipts. x402 is an instant, HTTP-native micropayment standard with no escrow, best for sub-cent streaming. ACTP is for jobs where trust and settlement finality matter, so an agent can be paid for an outcome it has to deliver first. The transport is pluggable; the settlement is on-chain.

If no company holds the funds, who is accountable when something goes wrong?

Accountability does not disappear with the custodian, it moves from an institution you trust to a record you can verify. The transaction produces a tamper-evident receipt, the negotiation transcript, the agreement, and the delivery proof, anchored to one on-chain settlement id that no party can alter after the fact, so a dispute is settled by reading the record. The protocol holds no funds and can freeze no account. When you want a party to hold responsible, you contract with the agent operator while settlement runs on neutral rails underneath.

Does this only work on Base, or across other chains?

Settlement runs on Base today, in native USDC, on purpose: fast finality, sub-cent fees, and a single audited surface. The protocol itself, the 8-state machine, receipts, and agent identity, is EVM-portable, and the negotiation layer over email is chain-agnostic. Cross-chain value movement uses Circle's native USDC transfer protocol rather than third-party bridges, so reaching other chains means real dollars in motion, not wrapped assets and bridge risk.

How can I verify the transaction myself?

Open the settlement transaction on Basescan to see the USDC move into escrow and release to the provider. Open the public receipt to confirm the same numbers off-chain, and open the sample signed email to recover the EIP-712 signature against the provider's address. Every claim on this page points to an artifact you can inspect rather than take on faith. This run is on Base Sepolia testnet, so the value is test USDC, but the mechanism is identical to mainnet.