OpenCard
OpenCard – Authorisation, Governance & Payments for AI Agents

Control what AI agents can spend, how they spend, and where – before money moves.

OpenCard gives real-time control over agent-driven financial actions, defining what agents can spend, how much, and where. Set centralised policies, track every action with audit logs, and intervene instantly with kill switches.

Book a DemoJoin Waitlist
TS & Python SDKsWorks with your existing payment stackNo credit card requiredLive in 10 minutes

Now — Live

  • Runtime Authorisation
  • Governance & Policies
  • Audit Logs & Dashboard
  • Kill Switches & Approvals

Coming Soon

  • Payment Execution
  • Mandates & Verifiable Credentials
  • Rail & Protocol Integrations
  • Multi-Agent Settlement

AI agents are ready to spend. The infrastructure isn’t.

Today’s AI agents can browse, compare, decide, and act autonomously. But the moment they need to spend money, teams face the same three walls, and none of them have answers.

No agent-level authorisation

“Is this agent actually allowed to transact?” — There’s no runtime layer checking whether a given agent is authorised to initiate spend, let alone for this amount, this merchant, or this category.

Governance buried in code

Spend limits and approval logic are scattered across agent codebases. Changing a limit requires a redeploy. Finance and risk teams have zero visibility or control over what the agents are doing with money.

No audit trail

When an agent overspends or makes an unauthorised purchase, there’s no centralised log of what was requested, what was allowed, and why. Compliance teams have nothing to show auditors.

Three layers of control. One platform. Deploy what you need today.

OpenCard gives teams real-time control over agent-driven financial actions, defining what agents can spend, how much, and where. Set centralised policies, track every action with audit logs, and intervene instantly with kill switches.

Authorisation

LIVE

Per-request, per-agent, per-merchant—in milliseconds.

Every time an agent attempts a spend action, OpenCard evaluates in real time: Is this agent authorized to transact? Is this amount within limits? Is this merchant or category permitted? Decisions are returned instantly—ALLOW, DENY, or REQUIRE_APPROVAL—with reasons and policy references.

const decision = await oc.decide({
  agent: { id: "travel-booker" },
  action: {
    type: "spend_request",
    amount: { value: 450, currency: "GBP" },
    merchant: { name: "SkyFly", categoryCode: "4511" }
  }
});
// -> { decision: "REQUIRE_APPROVAL", reason: "Exceeds per-txn limit of GBP300" }

Governance

LIVE

Centralized policies. No redeploys. Risk and finance in control.

Define spend limits, merchant allowlists, category rules, and agent eligibility in one place. Update them from the dashboard or API, and every agent respects the new rules instantly without code changes. Toggle dry-run mode to shadow decisions before enforcing. Hit the kill switch to revoke any agent’s spend authority instantly.

// Policy change from dashboard or API -- no agent redeploy needed
await oc.policies.update("policy/daily-spend-cap", {
  rules: [{ field: "amount.value", op: "<=", value: 500 }],
  onFail: "DENY"
});

Payments

COMING SOON

Mandate-aware execution, real payment rails, full settlement governance.

When your agents are ready to move real money, OpenCard extends from decisioning into execution. Machine-readable mandates, verifiable credentials, and direct integrations into payment rails and protocols—all built on the same control plane you already use for authorization and governance.

Join the Payments Waitlist →

From install to first authorisation in under 10 minutes.

This is how OpenCard works today—no payment rails or mandates required.

01

Step 01

Create a project & get your API key

Sign up, create a project in the OpenCard dashboard, and generate a scoped API key. All policies, decisions, and logs are isolated per project.

02

Step 02

Install the SDK

npm install @opencard/sdk    # TypeScript
pip install opencard          # Python
03

Step 03

Initialize with your API key

import { OpenCard } from '@opencard/sdk'
const oc = new OpenCard({ apiKey: process.env.OPENCARD_API_KEY })
04

Step 04

Wrap agent spend actions with decide()

const decision = await oc.decide({
  agent: { id: "procurement-bot" },
  principal: { id: "org_123" },
  action: {
    type: "spend_request",
    amount: { value: 85, currency: "GBP" },
    category: "saas",
    merchant: { name: "Notion" }
  }
});

if (decision.decision === "ALLOW") await executePurchase();
if (decision.decision === "REQUIRE_APPROVAL") await notifyApprover(decision.reason);
if (decision.decision === "DENY") block(decision.reason);
05

Step 05

Configure policies in the dashboard

Set spend limits, merchant rules, and agent eligibility from the UI. No code changes. Toggle dry-run to observe before enforcing.

06

Step 06

Monitor, audit, and act

See every authorisation decision in your project dashboard. Export logs. Set alerts. Hit the kill switch if an agent misbehaves.

Read the Docs →See Sample Integrations →
LIVE

A control plane for authorisation and governance—shared by engineering, risk, and finance.

The OpenCard dashboard gives every team what they need: engineering can test and debug policies; risk and finance see behavior, limits, and anomalies; ops hold the kill switch.

Dashboard preview

Decisions feed

Live count of allowed, denied, and approval-needed spend by agent or project. Filter by project, agent, merchant, category, or decision type.

Policy admin

Create and edit spend limits, merchant rules, and agent eligibility from forms. Toggle dry-run vs enforce per project—no code changes.

Audit log

Search and filter every decision: timestamp, agent, user, amount, merchant, and reason. Export as CSV or JSON.

API key management

Create, rotate, and revoke API keys for each project. See last-used times and environment labels.

Kill switch

Instantly revoke any agent's spend authority with one click, effective immediately.

Approval escalation

Route actions needing approval to a human. Ensure sensitive spend is reviewed before execution.

Authorisation decides. Governance controls.

These are two distinct jobs. OpenCard does both—and understanding the difference is what makes the platform work.

Authorisation

Real-time, per-request decisions

Scope

Per-request, per-agent

Question answered

“Is this specific spend allowed right now?”

In OpenCard

Agent eligibility, spend limits, merchant checks—in milliseconds

Who cares

The agent (needs a yes/no answer)

Governance

Organisational, ongoing controls

Scope

Organisational, ongoing

Question answered

“Who sets the rules, how do we monitor them, and can we prove it?”

In OpenCard

Policy management, dashboards, audit logs, kill switches, dry-run

Who cares

Risk, finance, compliance, and engineering leadership

Why it matters

Authorisation without governance is a black box.Governance without authorisation is just policy no one enforces.

OpenCard gives you both
LIVE

Built for developers who build agents.

One function call. Full spend authorization and governance. Works with every major agent framework.

  • One function, full coverage — oc.decide() wraps any spend-adjacent action
  • TypeScript types and Python type hints
  • Works with your existing payment provider — no rail change needed
  • Dry-run mode for dev and staging environments
  • Graceful degradation config on timeout or network failure
  • Framework-native adapters below
FrameworkInstall
LangChainnpm install @opencard/langchain
CrewAIpip install opencard-crewai
OpenAI Agents SDKnpm install @opencard/openai-agents
Claude MCPnpm install @opencard/mcp
AutoGenpip install opencard-autogen
LangGraphnpm install @opencard/langgraph

Don’t see your framework? Contact us

View Docs →See Examples →

Before agents can pay, you need to know they’re allowed to.

OpenCard starts with the decision layer—not the execution layer—because governance has to exist before payments can scale safely.

OpenCard answers all of these in v1—with a runtime control plane, centralised policies, and a full audit trail. When the payments layer ships, it builds directly on this foundation. Your agent registrations, policies, and logs carry forward. No re-integration. No governance retrofit.

The governance layer comes first. The payments layer plugs into it.

Before agentic payments work in production

Teams need clear answers to these control questions:

01

Is this agent authorised to interact with money at all?

02

How much can it spend, and in what categories?

03

Which merchants and vendors are allowed?

04

What needs a human to approve?

05

What happens when an agent misbehaves?

Frequently asked questions

Give your agents permission to act – safely.

Start governing agent spend today. Be first on payments when it ships.

Book a Demo

Deploy in 10 minutes. Works with your existing stack. No payment rails required.