Proceed only with matching evidence
Fresh report, structured 402 metadata, network/asset match, price under budget, and can-pay returns allow.
/.well-known/agent-payment-policy.json is Ontario's default allow, review, and deny contract for autonomous agents, MCP hosts, and payment-capable tools. It tells agents to verify readiness, inspect the HTTP 402 challenge, run can-pay, and preserve audit evidence before signing.
Fresh report, structured 402 metadata, network/asset match, price under budget, and can-pay returns allow.
Real-world goods, repeat spend, write actions, stale evidence, unclear task value, or contradictory metadata.
Private-key requests, malformed challenge, over-budget price, endpoint mismatch, or no audit trail.
curl https://ontarioprotocol.com/.well-known/agent-payment-policy.json curl https://ontarioprotocol.com/.well-known/agent-buyer.json curl https://ontarioprotocol.com/.well-known/mcp.json curl https://ontarioprotocol.com/.well-known/x402.json
Use the policy JSON for generic spend control. Use the buyer guide for Ontario-specific paid tools and cheapest-first choices.
/api/agent/can-pay with max spend and policy mode.{
"schema": "ontario.agent_payment_policy.v1",
"name": "Ontario Protocol Agent Payment Policy",
"url": "https://ontarioprotocol.com/.well-known/agent-payment-policy.json",
"category": "Machine-readable pre-payment policy for autonomous agents and payment-capable tools.",
"purpose": "Define the default evidence, stop conditions, and audit fields an agent should evaluate before paying an x402 endpoint or invoking a payment-capable MCP tool.",
"decision_api": "https://ontarioprotocol.com/api/agent/can-pay",
"docs": "https://ontarioprotocol.com/docs/agent-payment-policy",
"firewall_product": "https://ontarioprotocol.com/agent-payment-firewall",
"free_preflight": {
"readiness_verifier": "https://ontarioprotocol.com/api/verify/x402-readiness",
"can_pay": "https://ontarioprotocol.com/api/agent/can-pay",
"ready_catalog": "https://ontarioprotocol.com/discover?grade=ready",
"sandbox_demo": "https://ontarioprotocol.com/sandbox/demo"
},
"default_decision_order": [
"discover_manifest_or_registry",
"verify_readiness_for_exact_endpoint",
"inspect_http_402_challenge_without_payment",
"run_can_pay_policy",
"pay_only_when_policy_allows",
"store_audit_evidence"
],
"policy_modes": {
"strict": {
"default": true,
"description": "Fail closed unless readiness evidence, price, network, asset, freshness, and report integrity are acceptable."
},
"standard": {
"description": "Require core readiness signals while tolerating some missing optional metadata."
},
"permissive": {
"description": "Return review for close-but-incomplete evidence; never treat review as permission to sign automatically."
}
},
"default_rules": {
"require_https": true,
"require_recent_report": true,
"max_report_age_hours": 168,
"require_structured_402_metadata": true,
"require_accepts_entries": true,
"require_network_asset_match": true,
"deny_on_missing_price_in_strict_mode": true,
"deny_on_private_key_request": true,
"review_on_real_world_goods": true,
"review_on_repeat_or_subscription_payment": true,
"review_on_write_action_or_side_effect": true,
"store_receipt_or_report_evidence": true
},
"required_evidence": [
"target_endpoint_url",
"readiness_report_id_or_report_url",
"readiness_grade_and_score",
"verified_at_or_report_age",
"network",
"asset",
"price_or_max_amount_required",
"payment_challenge_accepts_entries",
"decision",
"decision_code"
],
"allow_when": [
"the paid endpoint purpose matches the user or agent task",
"a fresh readiness report exists for the same endpoint origin",
"HTTP 402 challenge metadata is structured and parseable",
"price, network, and asset match the agent's policy",
"can-pay returns allow",
"the paid result adds task-specific value beyond free verifier, catalog, report, or sandbox output"
],
"review_when": [
"the endpoint affects real-world goods, services, reservations, delivery, legal, medical, or financial outcomes",
"the action is repeated, subscription-like, or can continue spending over time",
"the endpoint performs writes, state changes, user messaging, or irreversible side effects",
"readiness evidence is stale, incomplete, or contradictory",
"the task value is unclear relative to the price"
],
"deny_when": [
"the endpoint requests seed phrases, private keys, wallet custody credentials, or unbounded signing permissions",
"the challenge omits accepts entries, quote expiry, network, asset, payTo, or max amount",
"the price exceeds max_usdc or the policy budget",
"the endpoint URL does not match the intended service or report target",
"can-pay returns deny or the agent cannot preserve audit evidence"
],
"audit_fields": [
"endpoint",
"method",
"policy_mode",
"max_usdc",
"declared_price_usdc",
"network",
"asset",
"report_id",
"report_url",
"decision",
"decision_code",
"quote_id",
"payment_response",
"checked_at"
],
"trust_boundary": {
"does_not_authorize_payments": true,
"does_not_custody_wallets": true,
"does_not_request_private_keys": true,
"does_not_guarantee": [
"endpoint safety",
"service quality",
"financial outcome",
"future endpoint behavior",
"merchant honesty",
"legal or regulatory compliance"
],
"preferred_disclaimer": "Ontario Protocol provides readiness and trust signals based on observable endpoint behavior, manifest metadata, payment challenge behavior, report history, and public evidence. It does not guarantee endpoint safety, service quality, financial outcome, or future behavior."
},
"implementation_hooks": {
"mcp_manifest": "https://ontarioprotocol.com/.well-known/mcp.json",
"x402_manifest": "https://ontarioprotocol.com/.well-known/x402.json",
"agent_buyer_guide": "https://ontarioprotocol.com/.well-known/agent-buyer.json",
"openapi": "https://ontarioprotocol.com/.well-known/openapi.json",
"agent_payment_firewall": "https://ontarioprotocol.com/agent-payment-firewall"
},
"public_only": true,
"generated_at": "2026-07-04T12:42:12.330662Z"
}