Four rails frozen in ~432ms — proven on testnet

The kill switch for AI agents that spend money.

Countersign is a neutral, cross-vendor control plane: one policy, one freeze, and one tamper-evident audit ledger — across every agent-wallet backend at once. The one thing no single wallet vendor can do, because each only governs its own rail.

Get your key → $ npm i @countersign/sdk ★ Star on GitHub

4 rails live — Coinbase · Turnkey · Openfort · Visa card <1s cross-vendor freeze Apache-2.0 open core Ed25519-signed append-only ledger

Get started

From install to a working kill switch in minutes.

Pick your entry point — each is one copy-paste away from value. Free, testnet, no account required.

Install the SDK

The typed client agents and operators use to wire in the cross-vendor freeze, spend guard, and live ledger. Browser + Node.

$ npm i @countersign/sdk

Guard & freeze

One policy compiles to every backend's native controls. Ask before a spend; freeze everything in one call.

import { CountersignClient } from "@countersign/sdk";
const cs = new CountersignClient({ baseUrl, apiKey });

// may this spend happen?
await cs.evaluate({ agentId, amount, asset, venue });
// kill switch — every wallet, < 1s
await cs.freeze();

Drop it into your agent (MCP)

Add Countersign as MCP tools in Claude, Cursor, or any MCP client — the kill switch + spend guard, one line.

$ npx @countersign/mcp

Or run the full demo locally: pnpm demo — 3 agents, 3 backends, one freeze <1s.

How it works

Build the layer above the wallets.

① One unified policy

Per-tx caps, rolling daily caps, allow/deny lists, human-approval thresholds, freeze. Written once.

② Compiled to each rail

The compiler lowers it to every backend's native controls — so a compromised agent can't exceed the cap, not just a polite request.

③ One freeze, fully audited

A single action stops every backend concurrently in <1s, fail-closed — and every attempt lands in a signed, append-only ledger.

The network effect

Every guarded spend makes the network safer.

Countersign is distributed primarily over MCP — so any agent in Claude, Cursor, or your own stack picks up a spend guard and a kill switch. Each spend that flows through it strengthens a cross-rail safety layer no single wallet vendor can match — because each vendor only governs its own rail. That's the flywheel.

1 · Guard

An agent asks countersign_request_spend before it moves money. Allowed, denied, or held for a human — fail-closed.

→

2 · Adopt

Operators add the one-line MCP server to their other agents and their team. The kill switch now spans every rail at once.

→

3 · Strengthen

More agents under one policy + one freeze = a cross-vendor safety net that grows more valuable the more of the agent economy joins it.

Truthful by design: propagation is always a value-adding, opt-in surface. Countersign never makes an agent post, DM, or recruit on its own — a denied spend or a freeze simply offers peers the same protection, which a human or agent can choose to share.

Spread the safety net

Add the badge. Bring your other agents and your team.

If Countersign guards your agent, say so — it signals to users (and other agents) that spending is governed, and it points the next operator to the same kill switch. Drop the badge in your README or app footer.

Spending governed by Countersign ← live preview of the badge

Markdown badge

For your README

[![Spending governed by Countersign](https://img.shields.io/badge/spending%20governed%20by-Countersign-58e6a8?labelColor=0b1020)](https://countersign.network)

HTML badge

For your app or site footer

<a href="https://countersign.network">🛡️ Spending governed by Countersign</a>

Bring your other agents

One line — any MCP client

npx @countersign/mcp

Same policy, same freeze, across your whole fleet. Onboarding a teammate? Send them app.countersign.network/start for an instant key.

Why operators reach for it

The questions a team asks before agents touch money.

These are the recurring asks Countersign is built to answer — not customer quotes. It's testnet-only today; mainnet follows a third-party audit.

“If an agent goes rogue at 2am, can I stop all of them — not just the ones on one wallet?”

— the cross-vendor freeze, proven across four rails in ~432ms

“Can I prove, after the fact, exactly what every agent tried to spend?”

— the append-only, hash-chained, tamper-evident ledger

“Can I write one spending policy instead of N vendor consoles?”

— one unified policy compiled to each backend's native controls

Ecosystem

Rails + toolkit.

Countersign governs the wallets & cards you already use — the rails — and ships the toolkit your agents build with.

Rails — what Countersign governs

Coinbase

MPC wallets · native per-tx cap pushed into CDP policy.

LIVE

Turnkey

In-enclave CEL policy · native human-approval consensus.

LIVE

Openfort

Backend smart accounts · custody-level hard freeze.

LIVE

Lithic

Virtual Visa card · real-time ASA approve/decline.

LIVE

Toolkit — what you build with

MCP server

npx @countersign/mcp — kill switch + spend guard inside any MCP client.

PUBLISHED

SDK

@countersign/sdk · @countersign/api-contract — typed client + live ledger.

PUBLISHED

x402

Govern the HTTP-402 machine-payment standard before it pays.

LIVE

Open core

Front-door packages under Apache-2.0. Audit it yourself.

APACHE-2.0

Roadmap

Coming soon.

Native-enforcement parity

On-chain KeysManager guards + per-rail native caps everywhere — bypass-proof on every backend.

SOON

Hosted control plane

Managed dashboard, alerting & team RBAC at app.countersign.network — private beta.

BETA

Mainnet & more rails

Real-value operation after a third-party audit, plus more wallet & card networks.

SOON