Docs / vs. single-vendor

Single-vendor controls vs. a cross-vendor control plane

Credit where due: the wallet vendors ship real controls. Coinbase has MPC account policies and spend permissions. Turnkey has a genuinely strict pre-sign policy engine with consensus approvals. Openfort has session keys and signer control. Card issuers have spend limits and auth streams. If your agents live on one backend, use those — they're good.

What no single vendor can sell you

Vendor consoleCountersign
One policy across Coinbase + Turnkey + Openfort + a card✗ — one per vendor, different languages✓ one declarative policy, compiled per rail
One kill switch for the whole fleet✗ — N buttons on N dashboards✓ one freeze, all rails, 432–697 ms, each stop confirmed
One audit trail of every attempt on every rail✗ — per-vendor logs, vendor-trusted✓ append-only hash-chained ledger, Ed25519-signed, publicly verifiable
Pre-flight guard uniform across rails (incl. x402 / AP2 payments)✓ one /evaluate call, fail-closed
Cross-rail anomaly view (the whole fleet's spend pattern)✗ — each vendor sees only its slice✓ velocity / blocked-burst breakers over the unified ledger
NeutralityEach vendor governs its own ecosystemSits above all of them; vendors are rails, not judges

Not a proxy — a compiler

The wrong way to build this layer is a proxy that agents should call. Countersign compiles your policy into the vendors' own native controls wherever the rail can express them — Coinbase MPC policy, Turnkey CEL, Openfort signer control, card spend limits — so the cap holds even for a spend that never touches Countersign. What a rail can't express natively is enforced fail-closed at the layer and labeled honestly in the per-rail enforceability matrix. You always know which guarantee you're holding.

When you don't need Countersign

One backend, a small fleet, no external audit requirement: the vendor console is simpler. Start there.

When you do

Honest scope: everything here is testnet-only — no mainnet, no custody, no PII. The hosted sandbox seeds a mock three-backend fleet so you can exercise policy, guard, freeze, and ledger end-to-end; the vendor enforcement described on this page was proven live on real testnet backends. Mainnet follows a third-party security audit.

Try it in 60 seconds — no account, no human

Self-serve key, an isolated sandbox tenant with a three-backend demo fleet, testnet only.

Get a free key → Watch the freeze GitHub