Docs / Negotiation

Negotiation guardrails

A spending agent no longer just pays a fixed number — it negotiates: counters a price, accepts a multi-period commitment, agrees to an exclusivity clause. A cap on the final amount says nothing about the deal an agent is allowed to strike. Countersign's policy schema v3 governs the terms, and it binds at the moment the mandate is signed.

One policy, in terms not just amounts

// schemaVersion 3 — the negotiation block sits alongside the money caps
await cs.applyPolicy({ policy: {
  schemaVersion: 3, asset: "USDC",
  perTxCap: "10000000",                          // 10 USDC hard money cap (still applies)
  negotiation: {
    bidCeiling: "5000000",                        // never OFFER more than 5 USDC
    counterFloor: "500000",                       // never ACCEPT below 0.5 USDC (as seller)
    walkAway: { maxRounds: 4, termClasses: ["exclusivity"] },
    approvalTriggers: { recurring: true, novelCounterparty: true },
    envelopes: [{ id: "data-feeds-q3", maxAmount: "3000000", counterparty: "0x…FEED5" }],
  },
}});

The gates

Evaluate a move mid-negotiation

const d = await cs.evaluate({
  agentId, asset: "USDC", venue: "base-sepolia",
  amount: "2400000", counterparty: "0x…FEED5",
  negotiation: { role: "buyer", round: 2 },       // optional: recurring, termClasses[]
});
// → allow (inside the envelope, zero human latency)
// a 6 USDC bid → deny (over ceiling); an exclusivity clause → deny (walk-away);
// a 12-month recurring deal → needs_approval (held on the existing approvals surface)

Why envelopes never weaken the policy

An envelope is a standing approval, not a bypass. Ordering is strict: every deny gate — the money caps, venue rules, walk-aways — runs first. Only then can a matching envelope stand in for a human on the approval gates. A 51 USDC spend under a 50 USDC per-transaction cap is denied even if an envelope would have covered it; an exclusivity term is refused even if an envelope's terms include it. The envelope buys latency, never permission it didn't have.

Bound to the signing moment

Per the 2026 spike into agentic-commerce protocols, the only signed, gateable artifact today is the payment mandate (Google's AP2). "Capability negotiation" in checkout protocols is payment-method discovery, not price/terms bargaining. So the guard binds where it can actually enforce: guardAp2 carries the negotiation context, and every gate here is honestly a Countersign layer control in the enforceability matrix — no rail binds negotiation terms natively, and we don't claim one does. Novel-counterparty history is rebuilt from the ledger on restart, so a memory of who you've dealt with survives a redeploy.

In MCP clients the terms flow through the same guard — countersign_guard_ap2 and countersign_request_spend both accept the negotiation context. Run pnpm demo:negotiate in the repo to watch a full bargain governed gate by gate.

Honest scope: everything here is testnet-only — no mainnet, no custody, no PII. The hosted sandbox seeds a mock three-backend fleet so you can exercise policy, guard, freeze, and ledger end-to-end; the vendor enforcement described on this page was proven live on real testnet backends. Mainnet follows a third-party security audit.

Try it in 60 seconds — no account, no human

Self-serve key, an isolated sandbox tenant with a three-backend demo fleet, testnet only.

Get a free key → Watch the freeze GitHub