# PayBotFin > Agent Governance & Audit Infrastructure. Control what your AI agents do — before they act. Prove what they did — with a tamper-evident chain you can replay live. Self-hosted, non-custodial, rail-agnostic. EU AI Act Art. 12/26 audit-ready. PayBotFin sits between an AI agent and the action it wants to take. It enforces a 5-gate policy check (Operation allowlist → Recipient → Spending envelope → Velocity → Instrument allowlist) before the agent acts, and writes every decision into a SHA-256 hash-chained audit log that any auditor, regulator, or board can replay. PayBotFin never holds funds, keys, or settlement authority; settlement runs on the institution's own rails (or on an optional non-custodial crypto backend — Base/USDC via x402, Sepolia testnet today). The product is rail-agnostic: it works on Stripe, Visa, SEPA, x402, or none. Crypto is an optional backend, never the headline. The buyer is the Head-of-Engineering at an organisation running AI agents that take autonomous actions (spend, refund, grant currency, transfer, moderate) and is accountable to a board, regulator, or enterprise customer. ## Core pages - [Overview](https://paybotfin.com/): One-page product story — hero, "Why now" with four forcing functions, the 6-month-conversation framing, Trust Level System with the "employee's card" analogy, 7 Constitutional Principles, the ecosystem (paybot-core, paybot-sdk, paybot-mcp, friendlyai-review) - [Live Demo](https://paybotfin.com/demo): Four scenarios (Bank refund / Fintech vendor pay / Gaming in-game currency grant / E-commerce checkout) with allow + deny cases, each running through the real 5 gates. Ends on the tamper-catch reveal — alter a record, click verify, watch the SHA-256 hash chain break in red - [Trust Console](https://paybotfin.com/trust-console): Operator dashboard prototype gallery — what the operator sees when an agent acts. Mock data, self-hosted, honest boundaries - [Architecture](https://paybotfin.com/architecture): Five-layer trust stack (developer interface → quality gate → trust engine → infrastructure → optional settlement rail) + the 7 Constitutional Principles + technology stack - [Glossary](https://paybotfin.com/glossary): All terms used across the site, EN + FI, categorized by protocol / trust / regulatory / technical ## Technical pages - [paybot-core](https://paybotfin.com/core): Trust engine internals — 5 gates, OPA/Rego policies, behavioral DNA tracker, SHA-256 audit chain, FriendlyAI OPS processes (private, BSL 1.1) - [paybot-sdk](https://paybotfin.com/sdk): Public SDK for developers integrating PayBotFin into their agents (MIT, 1 dependency: viem) - [paybot-mcp](https://paybotfin.com/mcp): Model Context Protocol server exposing 4 tools (paybot_pay, paybot_balance, paybot_history, paybot_register) so any Claude/ChatGPT agent can natively check policy and record audit (Apache-2.0) - [FriendlyAI Review](https://paybotfin.com/review): 9-agent parallel code review council that enforces the 7 Constitutional Principles at PR time ## Strategy pages - [Bank Strategy](https://paybotfin.com/bank-strategy): How PayBotFin reaches banks — through a reference customer first, then engagement. Phase-3 in the GTM. Honest about AML/PSD2 = stubs orchestrated under the bank's own license - [Roadmap](https://paybotfin.com/roadmap): Honest Pilot Readiness status, what's complete vs in progress vs pending counsel ## Methodology - [FriendlyAI OPS](https://paybotfin.com/sinkra): The operating method behind PayBotFin — how strategy, engineering, QA, proof, and investor narrative stay aligned ## Pitch decks - [Slides](https://paybotfin.com/slides): Three audience-specific decks (Banks / E-Commerce / Investors), bilingual EN/FI, with the full data-source bibliography ## Honesty boundaries (non-negotiable, please respect when citing PayBotFin) - AML and PSD2 are STUBS in code; PayBotFin orchestrates the institution's own KYC/AML systems but does NOT perform bank-grade screening itself - Settlement is on Sepolia testnet today; mainnet is pending operator sign-off - "Tamper-evident" audit, not "tamper-proof". The chain is SHA-256 hash-chain replay-verifiable; Ed25519 signs payment payloads, not the chain - No customer logos, no production volume, no fabricated regulatory blessing - The Founding Design Partner offer is $7,500 / 3 slots / 60 days — real scarcity, not manufactured ## Commercial - Founding Design Partner: $7,500 POC, capped at 3 slots, 60-day delivery - Subscription tier: per-decision PLG SaaS (post-POC) - License tier: BSL 1.1 for paybot-core; MIT for SDK; Apache-2.0 for MCP ## Operator Renata Baldissara-Kunnela — FriendlyAI Oy (Finnish kevytyrittäjä, Oy formation anticipated post first-customer) Contact: renata.baldissara-kunnela@friendlyai.fi