The permission boundary an agent must cross to move a human’s money. A scoped, revocable mandate — cap, merchant allow-list, category, expiry, step-up rules — that any executing party checks before honoring an agent’s action.
Working MCP tools today — scoped, signed, fail-closed · still gauging demand for the hosted + insured tiers.
Live in the Gera trust-layer MCP as issue_mandate + verify_mandate: a human grants an agent a scoped, revocable Ed25519-signed mandate (cap, currency, merchant allow-list, categories, expiry), and any executing party verifies it before acting. Verification fails closed — forged, expired, over-cap, or out-of-scope all return valid:false with reasons. Pure authorization; no money moves. A hosted revocation registry is the roadmap.
Tools an agent can call:
issue_mandate — mint a scoped, signed spend mandateverify_mandate — check signature + expiry + cap + scope (fails closed)Call it now — two live ways:
# stdio (any MCP client — Claude Desktop, Cursor, …)
npx -y @gera-services/mcp-gera-verify
# hosted HTTP (Streamable MCP)
POST https://gera-verify-mcp-production.up.railway.app/mcpOpen source in the Gera monorepo at packages/mcp-gera-verify (real FSA/CQC data, Ed25519-signed attestations). Both the npm package and the hosted endpoint are live today; a branded verify-mcp.gera.services domain is next — tell us if you want early access.
Letting an agent transact for you is terrifying without hard, revocable limits and an audit trail of exactly what it was allowed to do.
A human mints a scoped mandate: "up to £200 at category X until date Y".
Any executing party verifies the agent holds a live mandate before acting.
Every authorized action is logged against the mandate.
Humans set and revoke mandates; agents, banks, and counterparties query them at high frequency.
Every human will run agents. The consent-and-permission rail underneath them is foundational infrastructure.
Register your interest and we will let you know when it goes live. No spam.