FARIGATE CLOUD

When an AI agent pays, who can prove what happened?

FARIGATE Cloud is a hosted gate for agent payments. The agent presents its AP2 mandate chain; the gate decides whether the payment executes — and emits an offline-verifiable Dispute Pack either way. Allow or refuse, the evidence is the product.

The six dispute questions

Every dispute about an agent-initiated payment comes down to a handful of questions. A FARIGATE dispute pack answers each from cryptographically verified material — or marks it NOT VERIFIED, never assumed — offline, in a browser or a CLI, with zero trust in FARIGATE itself:

  1. Was the action authorized? The signed decision receipt records the gate's decision for this exact action digest.
  2. By whom? The presenting actor plus the mandate user principal key (and the agent key, for human-not-present flows) bound in the mandate chain.
  3. Under what policy? The policy set id and policy snapshot hash bound into the signed receipt, with the recorded Cedar decision replayed offline.
  4. Within the mandate? The attached AP2 mandate bundle re-verified offline at the recorded decision time — amount, merchant, validity window, presence mode.
  5. Is the record intact? Artifact digests, the receipt hash chain, and the signed pack binding all recomputed by the verifier.
  6. Did it settle on the rail? An additive, separately-signed rail-confirmation layer: the downstream settlement result (e.g. Visa Direct approval) bound to this decision by receipt digest, with the settled amount and currency matching what was authorized. NOT VERIFIED when no settlement is recorded — proof the rail returned an approved result bound to the authorization, not that funds irreversibly cleared.

What the gate does

Verifies mandates AP2 v0.2.0 mandate profile: SD-JWT chains, ES256 signatures, key binding, delegation, expiry, amount and merchant constraints. Fails closed on anything unknown.
Decides under policy Cedar policy evaluation under a signed governance bundle; the decision, policy snapshot hash, and reasons land in a signed receipt.
Refusals are products A denied payment produces a complete, verifiable refusal pack. The verifier reproduces the refusal offline from the attached material.
Evidence hands off The response carries a self-contained dispute pack: mandate tokens, signed receipt, policy snapshot, signed pack binding. Verifiable anywhere, forever.

Verify with zero trust in us

Dispute packs verify in the browser verifier (the exact appliance verifier crate compiled to WebAssembly — packs never leave your machine) or with farigate-cli verify-evidence-pack from the repository. Hosted-gate public keys are published on the registry trust page.

Honest claims

FARIGATE Cloud trust is hosted-gate trust. Receipts and pack bindings are signed by a per-deployment key generated at first boot; governance and mandate trust are the published FARIGATE Cloud v0 set. No key ceremony has happened. A verifier PASS proves what the gate decided and signed — never production readiness, customer readiness, or that a payment could not have happened through some other system.

AP2: FARIGATE implements the AP2 v0.2.0 mandate profile as published at google-agentic-commerce/AP2 tag v0.2.0. No claim of AP2 certification or Google/FIDO/network endorsement is made.

v0 limits: single instance, in-memory rate limiting, no execution rail in the hosted path — the gate decision plus evidence is the product.

Start

Quickstart: provision a key, submit an agent_payment, get a dispute pack, verify it in your browser — about five minutes against a local stack or the hosted gate.