The kill switch for AI agents that spend money.
Countersign is a neutral, cross-vendor control plane: one policy, one freeze, and one tamper-evident audit ledger — across every agent-wallet backend at once. The one thing no single wallet vendor can do, because each only governs its own rail.
From install to a working kill switch in minutes.
Pick your entry point — each is one copy-paste away from value. Free, testnet, no account required.
Install the SDK
The typed client agents and operators use to wire in the cross-vendor freeze, spend guard, and live ledger. Browser + Node.
$ npm i @countersign/sdkGuard & freeze
One policy compiles to every backend's native controls. Ask before a spend; freeze everything in one call.
import { CountersignClient } from "@countersign/sdk";
const cs = new CountersignClient({ baseUrl, apiKey });
// may this spend happen?
await cs.evaluate({ agentId, amount, asset, venue });
// kill switch — every wallet, < 1s
await cs.freeze();
Drop it into your agent (MCP)
Add Countersign as MCP tools in Claude, Cursor, or any MCP client — the kill switch + spend guard, one line.
$ npx @countersign/mcpOr run the full demo locally: pnpm demo — 3 agents, 3 backends, one freeze <1s.
Build the layer above the wallets.
① One unified policy
Per-tx caps, rolling daily caps, allow/deny lists, human-approval thresholds, freeze. Written once.
② Compiled to each rail
The compiler lowers it to every backend's native controls — so a compromised agent can't exceed the cap, not just a polite request.
③ One freeze, fully audited
A single action stops every backend concurrently in <1s, fail-closed — and every attempt lands in a signed, append-only ledger.
See exactly where every control binds.
A security control whose binding you can't see isn't one. Countersign publishes, per rail and per policy field, whether it's enforced natively — inside the vendor's MPC, enclave, or on-chain, where a compromised agent can't bypass it — or at Countersign's own pre-flight layer. The freeze is native on every rail. What varies is fine-grained policy, and we never hide which is which.
| Rail | Freeze | Per-tx cap | Daily cap | Approval |
|---|---|---|---|---|
| Coinbase | native | native | native | layer |
| Turnkey | native | native | layer | native |
| Openfort | native | layer | native | layer |
| Lithic · Visa | native | native | layer | layer |
Computed live per rail from the policy compiler — the current matrix is served at
GET /enforcement and rendered in the live dashboard.
Every guarded spend makes the network safer.
Countersign is distributed primarily over MCP — so any agent in Claude, Cursor, or your own stack picks up a spend guard and a kill switch. Each spend that flows through it strengthens a cross-rail safety layer no single wallet vendor can match — because each vendor only governs its own rail. That's the flywheel.
An agent asks countersign_request_spend before it moves money. Allowed, denied, or held for a human — fail-closed.
Operators add the one-line MCP server to their other agents and their team. The kill switch now spans every rail at once.
More agents under one policy + one freeze = a cross-vendor safety net that grows more valuable the more of the agent economy joins it.
Truthful by design: propagation is always a value-adding, opt-in surface. Countersign never makes an agent post, DM, or recruit on its own — a denied spend or a freeze simply offers peers the same protection, which a human or agent can choose to share.
Add the badge. Bring your other agents and your team.
If Countersign guards your agent, say so — it signals to users (and other agents) that spending is governed, and it points the next operator to the same kill switch. Drop the badge in your README or app footer.
Markdown badge
For your README
[](https://countersign.network)
HTML badge
For your app or site footer
<a href="https://countersign.network">🛡️ Spending governed by Countersign</a>
Bring your other agents
One line — any MCP client
npx @countersign/mcp
Same policy, same freeze, across your whole fleet. Onboarding a teammate? Send them app.countersign.network/start for an instant key.
The questions a team asks before agents touch money.
These are the recurring asks Countersign is built to answer — not customer quotes. It's testnet-only today; mainnet follows a third-party audit.
“If an agent goes rogue at 2am, can I stop all of them — not just the ones on one wallet?”
— the cross-vendor freeze, proven across four rails in ~432ms
“Can I prove, after the fact, exactly what every agent tried to spend?”
— the append-only, hash-chained, tamper-evident ledger
“Can I write one spending policy instead of N vendor consoles?”
— one unified policy compiled to each backend's native controls
The networks your agents already use.
Countersign governs them through one policy, one freeze, and one tamper-evident ledger — across every rail at once. No single vendor can do that, because each only governs its own.
Rails + toolkit.
Countersign governs the wallets & cards you already use — the rails — and ships the toolkit your agents build with.
MPC wallets · native per-tx cap pushed into CDP policy.
LIVE
In-enclave CEL policy · native human-approval consensus.
LIVEBackend smart accounts · custody-level hard freeze.
LIVEVirtual Visa card · real-time ASA approve/decline.
LIVEMCP server
npx @countersign/mcp — kill switch + spend guard inside any MCP client.
SDK
@countersign/sdk · @countersign/api-contract — typed client + live ledger.
x402
Govern the HTTP-402 machine-payment standard before it pays.
LIVEAP2
Guard an Agent Payments Protocol mandate before the agent signs & pays.
LIVEOpen core
Front-door packages under Apache-2.0. Audit it yourself.
APACHE-2.0Coming soon.
Native-enforcement parity
Close the remaining layer cells in the matrix — reversible on-chain KeysManager freeze, native consensus approvals, card ASA on every issuer — so each guarantee is backend-enforced end to end.
SOONDurable, HA kill switch
Multi-instance & KMS-signed, with the ledger anchored to a public transparency log — so the freeze survives any single failure and anyone can verify history independently.
SOONMainnet & more rails
Real-value operation after an independent security audit — plus Stripe, Airwallex & more wallet and card networks graduating from built to live.
SOON