Payment control plane for AI agents.
An open-source Rust framework that sits between AI agents and payment providers — governing every transaction through policy enforcement, intelligent routing, and an immutable audit ledger. Exposed as both REST and MCP: one API surface for cards, cross-border transfers, and stablecoin micropayments. Every payment requires structured justification before money moves.
Every payment states why it should happen, then passes eight hard gates and a policy engine before a single cent moves.
The optimal rail is chosen per transaction across cost, latency, and health — with automatic failover the moment a provider degrades.
Every step is written to an append-only ledger the database physically refuses to alter. Nothing is updated. Nothing is deleted.
Eight gates. Twelve rule types. Every payment justified, routed, and recorded before money moves — and written down forever after.
Every payment request passes through an eight-stage pipeline before money moves: schema validation, agent identity resolution, justification evaluation, policy engine, routing engine, provider execution, settlement confirmation, and immutable audit write. Each stage is a hard gate — fail any one and the transaction is rejected with a structured explanation. Sub-300ms for approved autonomous transactions.
Twelve built-in rule types — amount caps, velocity limits, geographic restrictions, category blocks, duplicate detection, cooldown windows — evaluated as a declarative rule set before every transaction. Rules compose: an operator defines the policy once, and every agent inherits the constraints. Human-in-the-loop escalation is a policy rule, not an afterthought.
The routing engine scores every available provider across cost, latency, health, and corridor availability — then selects the optimal rail for each transaction. Circuit breakers detect degraded providers and failover automatically. Cross-provider idempotency via Redis distributed locks prevents double-payments during failovers. Trait boundaries everywhere — swap provider implementations without touching core logic.
Every step of every payment — from initial request through settlement — is written to an append-only audit log. The database physically blocks updates and deletes. Every payment request includes a machine-structured justification from the agent, creating an audit trail that explains not just what happened, but why the agent believed it should. MCP-native integration for Claude, GPT-4, LangChain, and LangGraph.
Yes. C.R.E.A.M. is an open-source Rust framework licensed under Apache 2.0, with source at github.com/kaminocorp/cream.
C.R.E.A.M. is a payment control plane for AI agents: it sits between agents and payment providers, governing every transaction through policy enforcement, intelligent routing, and an immutable audit ledger.
C.R.E.A.M. is built in Rust on the async Axum framework, using PostgreSQL (via SQLx) for storage and Redis for caching and distributed locks.
Yes. C.R.E.A.M. is exposed as both REST and MCP, with a native TypeScript MCP server and MCP-native integration for Claude, GPT-4, LangChain, and LangGraph.
C.R.E.A.M. routes across Stripe, Airwallex, and Coinbase, selecting the optimal rail per transaction by cost, latency, and health, with automatic failover when a provider degrades.
C.R.E.A.M. is listed with In Development status; it targets sub-300ms approval for autonomous transactions and records every step to an append-only ledger the database physically refuses to alter.