Run AI without holding the keys.
x402 pays. Trust402 attaches who, by what authority, and up to how much — as proof — and stops out-of-scope payments before they're sent.
Proof of authority, on every payment.
Per-call delegated authority for agent payments. Attach who, by what authority, and up to what amount — as ZK proofs. Out of scope, it never runs.
You're here → trust402 · sellSell your data to agents, provably yours.
Attach cryptographic provenance to what you publish. Agents verify it's authentic, then pay over x402. You keep selling it — Lemma is the tool, not the store.
See Trust402 · Sell →Attach trust to the payment.
x402 settles the money. Trust402 adds provable authority, identity, and scope on top — recording who paid on behalf of whom, within what bounds, against what data.
An agent holding your keys can't be stopped.
An agent with an uncapped API key keeps paying — when it runs away, when prompt injection tricks it, when it misreads an instruction. The incident reaches your logs only after the money is gone.
● The more resources charge over x402, the more the paying side needs control.
Out of scope, it never runs.
Your agent runs only within the authority you delegate. Out of scope, it stops before the call is sent — no hand-rolled guardrails.
Stopped before it's sent.
Calls that fail proof verification stop before they're sent (fail-closed).
fail-closedAuthority is declared, not coded.
Declare role, limits and scope as a proof — no authorization branches in your code.
scope: payments:autonomousEvery stop leaves a trail.
Every allow and every stop lands in an independently verifiable audit trail.
audit trail · verifiableOne middleware, over your existing x402 flow.
The standard stays intact. Trust402 sits as a ZK verification layer.
Present delegation proof
The agent presents the authority you delegated.
Trust402 verifies via ZK
Identity, role and limits checked cryptographically.
Settle on x402
Cleared requests settle over the untouched standard.
On-chain anchor
Every allow and stop is anchored, tamper-evident.
● 4-step flow · one middleware line (wrapFetchWithProof), done · View on GitHub →
How we prove a file is really yours.
Provenance is Lemma's core craft — not detecting fakes after the fact, but carving in authenticity the moment something is published. Three things get attached to whatever you publish.
who made it
A signature proving you're the publisher — reveal only the parts you want.
BBS+ over BLS12-381not changed
A fingerprint that breaks if even one byte is altered.
Poseidon over BN254which version
So an agent always cites the exact version you meant.
● Data is copied. Provenance is carved. · Verifiable Origin — how Lemma does it →
Verification is always free. You pay to issue proofs and settle.
Being trusted costs nothing. Pay and Sell share one issuance allowance — every plan covers both.
- Practice proof issuance & listing on testnet
- By form or by API — both
- No production proof issuance (zero cost)
- Ready for real, production listings (testnet practice is Explorer)
- Each listing issues its provenance proof, settled via x402 — no listing, no cost
- Publish freely, within fair use
- Provenance with proof of authenticity, persisted on-chain
- Reliable operation & priority support (SLA)
- Institution verification (registry + domain) + attribute attestation
- Members publish free — vouched by the institution's roster
- Bulk enrollment (CSV / API) & revocation management
- Affiliation-lookup service (planned)
Normal publishing stays within fair use at no extra cost. Only high-volume automated issuance (e.g. via API) is metered — 0.005 USDC per proof, settled per issuance via x402. Set a spend cap and it stops automatically at your ceiling. Prices exclude tax.
Ready to open up the agent economy?
Keys let an agent pay. Trusting it takes proof.