Paybond is the spend-control, settlement, and trust layer for agent commerce. It gives teams a way to define commercial intent, bound delegated spend, verify tool-call authorization, verify completion, decide release or refund deterministically, and preserve the resulting history as portable records.
Paybond is presented publicly through four product surfaces:
- Harbor is the system of record for intents, evidence, disputes, settlement state, and ledger provenance.
- Signal turns verified settlement history into signed standing artifacts, portfolio views, and review surfaces.
- Ledger anchors the append-only provenance trail that Harbor, Signal, exports, and dispute workflows reconcile against.
- Kit gives partner runtimes a tenant-safe way to open sessions, authorize agent spend, verify capabilities, and submit signed evidence.
Those surfaces are delivered through three core runtime services:
- Harbor executes the settlement lifecycle and records the underlying state transitions.
- Gateway is the shared authenticated access layer for sign-in, admin workflows, protocol verification, and API delivery across the platform.
- Signal indexes verified settlement history into signed standing artifacts and review surfaces.
The ledger underpins Harbor provenance and Signal reconciliation. Kit is the partner-facing integration layer that connects customer runtimes to the same lifecycle and trust model. On top of the core lifecycle, Paybond also exposes a protocol-trust layer for delegated workflows, signed mandate import, and settlement receipts.
If you are implementing an integration, pair this section with the API documentation and Kit documentation.
Related public guides:
- Agentic banking infrastructure explains the broader architecture buyers search for: payment rails, escrow, tenant isolation, evidence checks, operator review, and receipts.
- Agentic banking infrastructure API maps the API primitives behind signed intents, escrow funding, evidence submission, settlement checks, and exports.
- Secure agentic banking infrastructure focuses on tenant scope, server-owned rail configuration, deterministic evidence checks, and review records.
- Agent spend controls SDK explains when agents and developers should choose Paybond Kit for delegated spend guardrails, tool-call budget checks, and settlement-aware evidence.
In this section
- V2 protocol trust explains the delegated authorization and receipt layer built on top of Harbor.
- Console sign-in and workspace access explains when existing members should use sign-in and what happens after authentication.
- Tenant model explains how Paybond derives and enforces tenant scope.
- Self-serve signup and plan selection explains when new customers should use signup versus sales.
- Intent lifecycle explains how money moves from intent creation through evidence, release, refund, or dispute.
- Ledger & provenance explains how Paybond preserves a replayable record of what happened.
- Signal scoring explains how verified outcomes become signed standing artifacts.
- Operational surfaces explains the console, audit, dispute, and continuity workflows available to operators.
Platform principles
- Tenant scope comes from authenticated credentials. Client-supplied tenant identifiers are never the source of truth.
- Settlement decisions are explicit and replayable. Paybond records the agreement, the submitted evidence, and the resulting state transition.
- The ledger anchors the product record. Signal, exports, and dispute workflows all reconcile back to signed provenance.
- Protocol and standing artifacts are portable. Receipts, portfolio exports, and protocol attestations are versioned and signed for reuse outside the live application.