BILLATERAL.IO
AI agents are now spending real money, and nobody has the receipt Starting 2026, every crypto payment over $10,000 must be reported in 15 days x402 tells you the payment went through — not what was bought, or by whom "Our agent bought it" is not an audit defense Receipts are signed by both buyer and vendor, and anchored on-chain forever The IRS keeps a 7-year window — we keep the paper trail AI agents are now spending real money, and nobody has the receipt Starting 2026, every crypto payment over $10,000 must be reported in 15 days x402 tells you the payment went through — not what was bought, or by whom "Our agent bought it" is not an audit defense Receipts are signed by both buyer and vendor, and anchored on-chain forever The IRS keeps a 7-year window — we keep the paper trail
SKRRT LABS · IN DEVELOPMENT · 2026
WAITLIST · OPEN
Billateral logo
Billateral.
PROOF FOR AI PAYMENTS.
Every transaction your agent makes,
signed by buyer and vendor — on-chain.
Why now
!
The problem
>_
How it works
§
The receipt
Security
Agent swarms
?
FAQ
Waitlist
For operators, their CFOs, and partners building the agent economy

AI agents are starting to spend real money. Today, when they do, the business gets a blockchain transaction hash — no vendor name, no invoice, no proof of what was bought. Billateral turns every agent payment into a real receipt, signed by both the buyer and the vendor and anchored on-chain, so your books, your CPA, and the IRS all see the same thing. Trust the agent. Prove the agent.

WHAT IS BILLATERAL?
At any regular shop — grocery store, pharmacy, the coffee place — the register prints two copies of every receipt: one for the merchant, one for the customer. Billateral is that, for AI agents. Every time your agent pays for something, the vendor keeps a signed copy, you keep a signed copy, and both are anchored on-chain so neither side can rewrite history.
One receipt — five jobs it does for you: audit defense · 1099-NEC prep · $10k IRS alerts · agent-to-agent delegation · clean export to your CPA
Read the spec
EXHIBIT A — live_receipt.rcpt_×
* VERIFIED * BILATERAL EAS · BASE
STATUS · ANCHORED IMMUTABLE
receipt no.01HXA4…Q91T
paid viax402 · USDC on Base
amount$12.50 (USD at time of tx)
paid toLumen Data API Ltd
vendor tax IDXX-XXXXXXX
paid byNorthstar Labs Ltd
agentresearch-bot-v3
authorized2026-04-15 · by CFO
expense typeData & API services
business purposeQ2 market research
line item1,000 API calls · $12.50
— signatures —
vendor signed0x4a1b…b37e  ✓ valid
buyer signed0x9c0e…f024  ✓ valid
on-chain proof0x7f4a…c21e  ✓ anchored
ANCHOR: EAS · BASEIMMUTABLE · CANNOT BE DELETED
— CHAPTER 01 —
WHY NOW

Four things are converging, all at once.

Payments went live2025

Agents can now pay with a single HTTP call.

the x402 standard turns any API into something an AI can pay for instantly. Sending money is solved. Keeping track of what was bought is not.

Agents hire agents2025–26

The paper trail is about to disappear.

The major AI labs have all shipped protocols that let one agent delegate work — and money — to another. By the time a payment settles, it may have passed through three different bots.

The IRS is catching up2024–27

New crypto tax rules take effect in 2026.

Form 1099-DA, stricter enforcement of Form 8300, and FinCEN scrutiny on programmable money all land in the next 18 months. Records must go back seven years.

CFOs get the bill2026

Every agent deployment is hitting a finance review.

The controller asks one question: "where's the receipt for this?" Today, nobody buying or building AI agents can answer it. We think that's a product.

CHAPTER 02THE PROBLEM

Every agent payment
is a black box.

The IRS does not care that a bot pressed “pay.” The business still needs a record — and the chain doesn’t hold one.

What the chain sees today

A wallet paid a wallet.

That is the entire surface area of an x402 settlement. A tx hash, a payer address, a network identifier. No vendor identity. No tax category. No business purpose. No counterparty signature.

{
  "success": true,
  "payer": "0xb37e…",
  "transaction": "0x4a1b…",
  "network": "base:8453",
  // what did they buy? ?
  // on whose behalf? ?
  // under what authority? ?
  // what tax category? ?
  // fair market value USD? ?
}
AUDIT.SYS

A fatal exception 0x1099DA has occurred at IRS:AUDIT+0x8300.
The current application will be terminated.

· No vendor identity.
· No business purpose.
· No counterparty signature.
· No evidence the CPA will accept.

Press any key to produce a bilaterally-signed receipt.

An agent can trigger a $10,000+ transaction, tripping Form 8300, and the business has fifteen days to file — without a human ever seeing the request. The evidence the CPA will ask for does not exist.

§ 01.1 — The gaps
  1. I.
    Agents don't sign receipts.They don't know the business's tax ID. They don't categorize expenses. They don't generate invoices. "Our agent bought it" is a shrug, not a defense.
  2. II.
    Vendors don't attest.A PDF invoice in your inbox is unsigned by both parties. It proves nothing beyond the sender's willingness to send one.
  3. III.
    Accounting software is blind to agent spend.Ledgerbook ingests transactions. It cannot ingest cryptographic bilateral proof of what was purchased and why.
  4. IV.
    Swarms hide the paper trail.When agent A delegates to agent B who hires agent C, the trail of authority disappears. The IRS sees one wallet; the reality is a dependency graph.
  5. V.
    1099-DA lands in 2026.Crypto brokers report. Businesses paying via agents need vendor documentation ready today — not in the quarter a notice arrives.
◑‽
It looks like you're building an agent economy.Would you like Billateral to produce a bilaterally-signed receipt for every transaction — bound to your business entity, anchored on a public chain, and cryptographically immutable from the moment it's signed — impossible to alter or delete, by us or by anyone? Receipts never stale, never expire, and never require our servers to stay verifiable.
CHAPTER 03HOW IT WORKS

A receipt signed on
both sides of the wire.

Five stages. Each one leaves a cryptographic trace. None of them require a human in the loop, and none of them leave the paper trail to chance.

STAGE I
I.

Agent initiates
a payment.

Over x402, a wallet tool, or any supported rail. The agent carries a verifiable delegation from its business entity — via our agent-id standard at MVP.

AGENT ──▶ $$$ delegated_agent business_entity tax_category
STAGE II
II.

Vendor signs
line items.

Server-side middleware emits a vendor-side attestation: “I provided this service on this date for this amount, against this business purpose.”

VENDOR ─── signs ──▶ line_items[] terms tax_id
STAGE III
III.

Buyer co-signs
on behalf of.

The buyer-side agent signs with its delegation key. The receipt now bears both signatures — independently verifiable against both public keys.

BUYER ─── signs ──▶ bilateral = true verifiable = true
STAGE IV
IV.

Encrypt.
Pin. Batch.

Receipt body encrypted to both parties only. Pinned to IPFS. Hashed with a blinding nonce. The hash enters a Merkle batch alongside thousands of others.

sha256(json ‖ pk_v ‖ pk_b ‖ r) ──▶ merkle_root
STAGE V
V.

Anchor
on Base.

The Merkle root is written on-chain via EAS. The chain learns nothing beyond “a batch exists.” Both parties hold an offline-verifiable inclusion proof — forever.

→ ANCHORED ON BASE: chain stores only the root — no amounts, no identities
CHAPTER 04THE RECEIPT

One receipt. Two signatures.
Immutable forever.

Every Billateral record is a structured, bilaterally-signed object. Human-readable as a PDF, machine-readable as JSON, legally-defensible as evidence.

Billateral
— BILATERAL RECEIPT · FOR TAX AND AUDIT PURPOSES —
Receipt
01HXA4·BQG·C7D9·Q91T
Issued
2026-04-15 · 14:30:12 UTC
Rail
x402 on Base · USDC
Tx
0x4a1b…b37e
Vendor
Lumen Data API Ltd (XX-XXXXXXX)
Buyer
Northstar Labs Ltd (XX-XXXXXXX)
Agent
agent:did:research-agent-v3
Authority
auth:2026-04-15/research-runtime
Category
data-and-api-services
Purpose
Q2 market research runtime
1,000 financial-data API calls$ 12.50
Rate · pay-per-call · no commitment
Total · USD (FMV)$ 12.50
VENDOR SIGNATURE
Lumen Data API Ltd
0x4a1b3c9d0e7a·b37e2f…
✓ VERIFIED
BUYER SIGNATURE
Northstar Labs Ltd(via agent)
0x9c0e7a1b3c4d·f024e8…
✓ VERIFIED
BATCH #41 · EAS · BASEROOT: 0x7f4a…c21e

§ 03.1 · Public verification

verify.billateral.io — any third party pastes a receipt proof and validates it in-browser against the on-chain commitment. No login. No account. The CPA you already have, using the page they already trust. Signature check runs locally; Merkle inclusion proof checks against a Base RPC.

§ 03.2 · Selective disclosure

Share one receipt, one vendor, one quarter, or the whole year. An optional completeness proof lets the business prove they've shared all receipts for a period — the count is baked into the Merkle root, so any omission is cryptographically detectable.

§ 03.3 · counterparty trust score
SCORING VENDOR
Lumen Data API Ltd
VENDOR · EIN XX-XXXXXXX
·84
UNKNOWNTHRESHOLD · 62ATTESTED
POLICY · YOUR AGENT REJECTS VENDORS BELOW 62ACCEPTED84/62
MINMAX
BUYERS REJECT UNTRUSTED VENDORS. YOUR AGENT REFUSES TO SIGN A PURCHASE BELOW THE THRESHOLD. SIGNALS: VENDOR EIN VERIFIED · FULFILLMENT RATE · AGENT-ID PROVENANCE · DISPUTE HISTORY.
CHAPTER 05SECURITY & PRIVACY

The chain learns nothing.
You learn everything.

A content-hiding commitment anchors the receipt’s existence without exposing its contents. Only the two parties — and the auditors they authorize — can read it.

§ 04.1

End-to-end encryption.

The receipt body is encrypted to a list of explicit reader public keys — buyer, vendor, admin, and any auditor either party grants access to. Not to Billateral. Not to an indexer. Not to a third party.

If our servers are compromised, the attacker sees commitments and ciphertext — not contents. The reader list is append-only, so adding an auditor never re-encrypts the body, and on-chain commitments never need to be re-anchored.

PRIMITIVEHPKE · RFC 9180
§ 04.2

Bilateral signatures.

Both parties sign the same structured payload before it is finalized. Neither side can alter the record after the fact without invalidating the other's signature.

This is the property that makes a Billateral receipt a genuine receipt — not just an invoice in an inbox. Both sides independently hold the same cryptographically-bound artifact.

PRIMITIVEEd25519 · secp256k1
§ 04.3

Content-hiding commitments.

On-chain state per batch is a single Merkle root. No parties, no amounts, no business details. Auditors verify inclusion offline with a proof the business hands over.

A competitor sniffing on-chain state learns "Billateral anchored a batch this hour" — and nothing more. Your vendor list, your spend, your categories — invisible.

ANCHOREAS on Base
§ 04.4

Trust-scored counterparties.

Each party carries a trust score derived from verified tax ID, bilateral-signing history, agent-id provenance, and dispute record. Agents can refuse to transact below a threshold you set.

Raise the threshold for treasury-size payments. Lower it for dust-sized API calls. The policy is enforceable at the payment boundary, not post-hoc in the books.

ENFORCEMENTpre-commit · agent-side
§ 04.5

Post-seed: zero-knowledge.

Stage 2 adds aggregation proofs ("total paid to vendor X in 2026 is exactly $60,000" — without revealing line items), range proofs, and capability-based access grants.

Phase 6 layers on top of Phase 1. The commitment scheme is SNARK-compatible by construction. No forced migration; no broken history.

STAGE 2 · POST-SEEDNoir / Circom
CHAPTER 06SWARMS & DELEGATION

When agents hire agents,
the paper trail holds.

An agent managed by another agent is still spending your money. Billateral records the whole dependency path — not just the wallet that pressed “pay.”

Every hop is attested.

Agent A delegates a research task to agent B, which hires paid tool C and subcontracts transcription to agent D. Four entities, three payments, one taxpayer on the hook.

Billateral follows the delegation chain. Every receipt carries the full dependency path — which agent authorized which, under whose entity, for which business purpose. No transaction leaves the process unattributed.

“Our agent's agent's agent paid” is, remarkably, also not an audit defense. The receipt names all four.

The CFO sees a flat ledger. The auditor, if asked, sees the tree. The chain sees a single commitment.

▼ orchestrator · "research-v3"                 agent:did:…a1
│  ├─ entity: Northstar Labs Ltd                 EIN: XX-XXXXXXX
│  └─ delegation: q2-research-runtime
│
├─ ▸ researcher · "scout-2"                  agent:did:…b4
│   │
│   ├─ ● PAID  $12.50  lumen-data-api           rx-01H·Q91T
│   │   └─ bilateral ✓✓  eas · batch 41           root 0x7f…c21e
│   │
│   └─ ● PAID   $4.00  search-index-svc        rx-01H·R02F
│       └─ bilateral ✓✓  eas · batch 41           root 0x7f…c21e
│
└─ ▸ transcriber · "scribe-1"               agent:did:…c7
    │
    ├─ ● PAID   $0.80  whisper-hosted-api      rx-01H·S14A
    │   └─ bilateral ✓✓  eas · batch 41           root 0x7f…c21e
    │
    └─ ● PAID   $2.20  summary-agent-svc       rx-01H·S14B
        └─ bilateral ✓✓  eas · batch 42           root 0xe2…9a08

─────────────────────────────────────────────
Σ  run total       $19.50
   receipts           4 / 4 bilateral
   attributed to      Northstar Labs Ltd
   tax category       data-and-api-services
CHAPTER 07DASHBOARD · PREVIEW

One envelope.
A reader list that only grows.

A peek at the operator console we're building. Top up a USD balance, watch your agents debit it in real time. Each receipt's body is encrypted once; the list of who can read it is append-only — agent, vendor, or admin can grant a new auditor at any time, before or after creation, with the same one-line operation. Numbers below are mocked for illustration; nothing is billed today.

Billateral · control-panel.exe — northstar-labs_×
BalanceReceiptsAgents · 4
Prepaid USD balance● live
$487.32
MTD spend $312.68burn $14.27 / day
runway · 34 daysauto-recharge @ $250
Top up balance
$250.00USD
$50$250$1k$5k
VISA · ending 4242ACH alt
Settles to USD ledger · normal SaaS line-item
Spend by agent · April 20264 agents · 738 receipts
  • research-agent-v3did:agent:rch-3a91
    $ 142.10
    412 receipts
  • billing-bot-proddid:agent:bil-7c4d
    $ 84.40
    188 receipts
  • analytics-runnerdid:agent:ana-2f1e
    $ 61.04
    96 receipts
  • cleanup-crondid:agent:cln-09b2
    $ 25.14
    42 receipts
Recent receipts · last hour
  • 01HXA4·BQG·C7D9Lumen Data API$ 12.50✓ signed2m ago
  • 01HXA4·BQF·M3K1OpenRouter$ 4.18✓ signed9m ago
  • 01HXA4·BQE·R7T2Twilio$ 0.81✓ signed14m ago
  • 01HXA4·BQD·X9Q5Vendor:0xc4f9…unkn$ 0.42⚠ unilateral31m ago
  • 01HXA4·BQC·H2L8Anthropic$ 3.05⌛ pending44m ago
  • 01HXA4·BQB·N1V0Stripe Issuing$ 19.00✓ signed1h ago
unlocked · in-browser decryptHPKE · RFC 9180
Demo · no-op
§ 10 · the envelopeHPKE · RFC 9180

Body written once. Reader list grows forever.

body · encrypted once
01HXA4·BQG·C7D9
├ wrap K → reader_pk
agent
vendor
admin
auditor
← append-only · forever →

The body is encrypted once with a fresh key K. That key is wrapped independently to every reader. Adding a reader later just appends a new wrap — the body ciphertext stays bit-identical forever.

readers · 01HXA4·BQG·C7D94 · append-only
  • agent
    research-agent-v3
    did:agent:rch-3a91 · 0x4a1b…
    at mint
  • vendor
    Lumen Data API Ltd
    vendor:lumen · 0x9c0e…
    at mint
  • admin
    Northstar Labs · org
    org:nbsd · 0x9f4a…c21e
    at mint
  • auditor
    Mendoza CPA, LLP
    cpa:mendoza · 0x7d12…
    granted
+ grant a new reader⌘G
pkcpa:eversharp · 0xb612…f0a4
granter · admin (you)signature · ed25519 · ready
Mocked for the deck. The real dashboard is a static client app running HPKE (RFC 9180) in WebCrypto — one primitive across every customer, every release. Decryption happens in your tab; reader grants are signed and appended; we never see plaintext. Reproduce every number above by running billateral demo --org=northstar against the testnet.
CHAPTER 08FAQ

Things finance, legal,
and engineering ask.

Q·01Is this an accounting system?+
No. Billateral produces the receipt — the primitive evidence. Your ledger (Ledgerbook, Greenbook, Chainbook, Cryptoledger) ingests those receipts and handles reporting. We are the layer between the agent and the ledger, not a replacement for either.
Q·02Can the vendor refuse to co-sign?+
Yes — which is its own signal. If a vendor declines to co-sign after 72 hours, the receipt is marked unilateral. You still hold a non-repudiable attestation on the signing side, plus the on-chain payment. A pattern of unilateral receipts with a given vendor pulls their trust score down.
Q·03Who can see a receipt?+
The buyer, the vendor, and anyone either party explicitly shares a proof with — typically their CPA or an auditor. Billateral's servers store only encrypted blobs and commitments; we cannot decrypt your receipts. The chain sees a Merkle root per batch and nothing else.
Q·04What does the accountant do?+
Whatever they already do. The business exports a per-receipt proof or an audit bundle and sends it via the channel they already use. The accountant verifies at verify.billateral.io or via the billateral-verify CLI. No logins. No role management. No new surface to learn.
Q·05Does this work for human payments too?+
Yes — the schema generalizes. Agent-first at launch because that's the market with the acute unmet need; human-initiated spend uses the same primitive and the same exports. One ledger of defensible receipts regardless of who pressed the button.
Q·06Does Billateral handle the money?+
No. Your agent will pay the vendor directly via x402 — the funds never touch us. We see only the metadata, and only after both sides have signed it. When we open paid access, our fee will be debited from a prepaid USD balance you top up by card or ACH (just like Twilio or OpenAI credits) — your bank and your CFO see a normal SaaS line on the books, not a crypto inflow. We are not a money transmitter and not an MSB. (We’re still in development; nothing is billed today.)
Q·07What happens if Billateral goes down?+
Your receipts already exist. They are pinned to IPFS, committed on Base, and held by both parties. The hosted service provides indexing, sync, and exports — but the cryptographic layer is offline-verifiable by any third party with a Base RPC endpoint and the billateral-verify CLI.
— A NOTE FROM SKRRT LABS —

We’re heads-down building it.
Get in line, or build with us.

Billateral is in active development. No round closed, no paid users yet — just the spec, the protocol, and a first general partner (Alien). Two ways to stay close:
 DEVELOPMENT STAGE · GENERAL PARTNER: ALIEN · WAITLIST OPEN
EAS · BASE · △ IMMUTABLE ·