Risk Engine
How Trustline evaluates agent-mediated transactions, evidence, policy, and outcomes.
Trustline's risk engine evaluates agent-mediated financial actions as structured decisions. A request enters the system with payment context, agent context, evidence references, product policy, and optional external signals. Trustline then determines whether the action should be allowed, reviewed, denied, or recorded for future underwriting.
The design goal is to avoid a brittle split between "AI safety" and "payment risk." In agentic finance, the model's reasoning, the user's delegation, the merchant's risk, the institution's policy, and the payment's settlement binding all matter at the same time. Trustline treats them as a single decision surface.
Core Inputs
| Input class | Examples |
|---|---|
| Agent context | Agent identifier, developer account, tool usage, behavior history, role, and project metadata. |
| User or principal context | User profile, verification state, account standing, consent boundaries, and product eligibility. |
| Transaction context | Amount, asset, rail, merchant, destination, invoice, payment requirements, and settlement status. |
| Evidence context | Reasoning trace, Verifiable Intent presentation, AP2 mandate reference, trace hash, and receipt reference. |
| External signals | Wallet risk, sanctions or blocklist hits, entity tags, high-risk activity, and provider confidence. |
| Outcome data | Repayment, dispute, reversal, settlement failure, late payment, merchant performance, and post-incident review. |
Each downstream product contributes different inputs. X402 Secure emphasizes payment binding and evidence. Claw Credit emphasizes credit-line eligibility, agent behavior, partner service legitimacy, and repayment state. Consumer finance workflows emphasize user capacity, agent mandate, merchant risk, and card authorization timing.
Policy And Evidence
Trustline separates evidence from policy. Evidence answers what is known: which intent proof was presented, which wallet was used, which merchant was selected, which external signal was observed, and what happened after settlement. Policy determines the correct action under those conditions.
This separation matters because different partners may have different risk appetites. A sandbox x402 tool can tolerate more review-mode experimentation than a consumer finance card authorization. A credit-backed agent purchase can require stronger trace evidence than a free API call. Trustline can evaluate the same evidence under different product policies without rewriting the evidence record.
For institutions, policy is also where liability expectations become operational. A treasury workflow, trading support system, or high-value payment flow can require stronger evidence, tighter limits, additional confirmation, or different review behavior than a developer sandbox. The risk engine preserves the policy version and decision context so that an approval or denial can be understood after the workflow has completed.
Risk Is Dynamic
Trustline does not treat an initial score as a permanent fact. An agent can become more trustworthy through consistent behavior and successful outcomes. It can also lose capacity when it drifts, makes unusual requests, interacts with risky counterparties, or generates poor repayment outcomes.
Dynamic scoring is especially important for underwriting. A new agent may begin with low limits and strict evidence requirements. As the system observes successful transactions, stable behavior, and favorable outcomes, Trustline can support higher limits within policy. If adverse events appear, the system can reduce limits, force review, or deny future requests.
Challenge And Review
Elevated-risk requests are not always binary. Some need additional confirmation, stronger evidence, or a product-level review step. Trustline supports review states so downstream products can ask for missing evidence, request user confirmation, or route a case to an operator when the risk posture is ambiguous.
This is a key part of making agentic finance usable. A system that denies too aggressively prevents legitimate demand. A system that approves without friction creates unacceptable loss and liability. Review states let products keep useful transactions alive while preserving a defensible risk boundary.
Auditability
Every meaningful Trustline decision is designed to be explainable to the product that depends on it. The decision record preserves the operational context needed for review: the input context, evidence references, policy version, external signals used, outcome, and receipt or follow-up event.
Auditability is not an afterthought. It is what allows t54 to work with developers, merchants, financial partners, and institutions that need to understand how agent activity is governed. A useful decision record does more than report a score. It explains the evidence boundary, the policy boundary, and the outcome boundary that shaped the decision.