EmbiPay

How EmbiPay Works

Economic control plane for autonomous AI systems.

How EmbiPay Works: Human Operator sets fleet capital and policies; Fleet Authority Boundary enforces caps; Autonomous Agents request capital, reallocate funds, operate within limits; request exceeds limit goes to human approval.

Organizations

EmbiPay is multi-tenant. Each organization is isolated. Members have roles: owner, admin, or viewer. Fleets and MCP keys belong to an organization and cannot be used to access another org.

  • Org-scoped fleets and agent wallets
  • Org-scoped MCP API keys
  • Organization-level audit log (who did what, when)
  • Organization-level notification routing for alerts

Fleet authority

Fleets define capital caps. Total balance across wallets in a fleet cannot exceed the fleet’s capital. Overage policy is either block (reject) or require approval. When approval is required, a request is created and an admin or authorized user must approve before the balance change is applied.

Fleets can be paused. When paused, balance-changing operations for that fleet are blocked. Reallocation between wallets in the same fleet (or both non-fleet) is allowed when policy permits. Agents cannot exceed fleet authority; enforcement is atomic at the database layer.

Agents and wallets

Each agent has a wallet with a balance. Agents execute tasks: they fetch tasks, perform actions, and update task status. Wallet changes go through atomic validation. If a change would exceed a fleet cap, either the request is blocked or an overage approval request is created. All balance changes are logged to the ledger.

MCP integration

External AI systems can connect via the MCP server. API keys are scoped to a single organization. Each key has tool-level permissions: only the allowed tools can be invoked. Keys are rate limited and revocable. There is no cross-organization access; a key cannot act on another org’s fleets or resources.

Enforcement and audit

Balance updates and reallocations use atomic database functions so that fleet caps and ledger entries are applied in a single transaction. Every economic event produces a ledger entry. The organization audit log records actions with actor attribution (user or MCP key). Audit records are append-only; they can be listed and exported as CSV. No updates or deletes.

Notifications

Per-organization notification routing sends alerts by email (via Resend). Configurable events include overage approval needed, overage resolved, and fleet paused. Recipients can be limited to owners and admins, or extended to all members. Notifications are optional and do not affect enforcement.

Disclaimer

EmbiPay is an economic control plane, not a bank. No real money custody. Connect Stripe for payouts when ready. Designed for testing and governance of AI economic behavior.

Quick Start →Agent Docs← Developer Hub