Autonomous Agents Gain Trustworthy Commerce System to Bridge the Digital Divide

Researchers are addressing a fundamental challenge hindering the widespread adoption of agentic commerce: the lack of robust trust mechanisms for autonomous transactions. Mehul Goenka from University of Oxford, Tejas Pathak from Indian Institute of Technology, Delhi, and Siddharth Asthana from University of Oxford, et al., present TessPay, a novel infrastructure designed to establish trust through a ‘Verify-then-Pay’ architecture. This research is significant because it moves beyond fragmented solutions and proposes a unified system addressing task delegation, payment settlement, and auditability across the entire transaction lifecycle. By separating control and verification from settlement, TessPay operationalises trust via verifiable mandates, cryptographic evidence of task execution, and a tamper-evident audit trail, ultimately enabling secure and accountable agentic commerce.

Addressing Trust Deficits in Agentic Commerce Through a Verify-then-Pay System requires careful implementation and ongoing monitoring

Scientists are developing TessPay, a unified infrastructure addressing limitations in current agentic commerce systems. Today’s commerce infrastructure, designed for direct human interaction, lacks core primitives across three stages of agentic transactions: task delegation, verified settlement, and dispute resolution.
Task delegation currently lacks mechanisms to translate user intent into defined scopes, discover appropriate agents, and securely authorize actions. Verified settlement processes payment before execution, lacking verifiable evidence of the agent’s work. Dispute resolution is hampered by a lack of comprehensive audit mechanisms, preventing clear accountability.

While emerging standards address fragments of this trust gap, a unified infrastructure binding the entire transaction lifecycle remains necessary. To resolve this, researchers introduce TessPay, utilising a ‘Verify-then-Pay’ architecture with a two-plane separation of control and verification from settlement.

TessPay operationalises trust across four stages: before execution, agents are anchored in a canonical registry and user intent is captured as verifiable mandates, enabling stakeholder accountability. During execution, funds are locked in escrow while the agent executes the task and generates cryptographic evidence, such as TLS Notary or TEE, to support Proof of Task Execution (PoTE).

At settlement, the system verifies this evidence and releases funds only when the PoTE satisfies verification predicates, with modular rail adapters ensuring chain-agnostic settlement across heterogeneous payment rails. After settlement, TessPay preserves a tamper-evident audit trail for dispute resolution.

TessPay’s key contributions include an architecture unifying agent identity, service discovery, task delegation, output verification, and payment settlement into a modular microservices infrastructure. It features a ‘Verify-then-Pay’ settlement model holding funds in escrow and releasing them upon receiving a PoTE supported by verifiable cryptographic evidence.

The system offers chain-agnostic settlement via modular payment rail integration and a tamper-resistant audit trail capturing verifiable traces across the payment lifecycle, providing accountability for disputes and refunds. The paper reviews related work in agentic commerce, identifying fragmentation and unresolved gaps in current approaches, before deriving design goals for the architecture.

Researchers detail TessPay’s core components, process flows, and integration across heterogeneous chains, outlining three transaction tiers and associated verification mechanisms, illustrated by a complete end-to-end payment flow. Security properties are evaluated through threat modelling, and representative use cases, an e-commerce agent and a portfolio manager agent, demonstrate how TessPay resolves infrastructural bottlenecks and enables verified agentic payments.

Deposit Observation, Proof of Task Execution and Rail Adapter Verification are key testing phases

TessPay employs a two-plane architecture, meticulously separating control and verification from settlement to establish a ‘Verify-then-Pay’ system for agentic commerce. The core of this infrastructure relies on a strict Deposit Observation workflow within the Settlement Plane, ensuring funds are only locked in escrow after independent verification by Rail Adapters via configured JSON-RPC endpoints.

These adapters monitor blockchain state and require a rail-specific finality threshold, such as block confirmations on the Ethereum Virtual Machine, before accepting proofs of deposit. During task execution, agents generate cryptographic evidence supporting Proof of Task Execution, or PoTE, which is central to the system’s operation.

The PoTE-Gated State Machine, enforced by the Control and Verification Plane, prevents payouts without valid PoTE hashes anchored to the specific task identifier within the TessChain state. Rail Adapters function as passive executors, lacking autonomous logic to initiate settlement; instead, they await instructions from TessChain triggered by successful PoTE verification.

Security is paramount, prioritising absolute security over latency and cost, and deliberate friction is introduced through multi-signature mandates or challenge periods to intercept anomalies before settlement. To assess robustness, the research team conducted scenario-based threat modelling, analysing potential attacks against fund integrity, execution verification, and key management.

The Two-Plane Model defends against Control Plane compromise by isolating key management within the Settlement Plane’s wallet infrastructure, ensuring that even a complete breach of TessChain yields only metadata and prevents the construction of valid transactions on external rails. Furthermore, the system prevents cross-rail replay attacks through Rail Abstraction and Typing, requiring strict rail identification and binding WalletModule instances to specific chain configurations.

This ensures chain-specific replay protection, such as EIP-155 Chain ID enforcement, and rejects any chain-mismatched hashes during escrow observation. A use case involving an e-commerce shopping agent demonstrates the system’s ability to process thousands of data points to identify optimal products based on user intent, streamlining a process typically requiring extensive manual research.

Cryptographic Proof of Task Execution underpins secure conditional payments by verifying completed work

TessPay introduces a unified infrastructure employing a “Verify-then-Pay” model that couples task delegation, verified settlement, and dispute resolution into a single transaction lifecycle. Agents are anchored in a stable identity via a canonical registry before execution, and user intent is captured as verifiable mandates enabling clear stakeholder accountability and intent-driven service discovery.

During execution, funds are locked in escrow while the agent undertakes the task and generates cryptographic evidence, such as TLS Notary or Trusted Execution Environment data, to support Proof of Task Execution (PoTE). At settlement, the system verifies this PoTE and releases funds only when the evidence satisfies explicit verification predicates.

This chain-agnostic settlement is enabled by modular payment rail integration, allowing for flexibility across heterogeneous payment systems. TessPay preserves a tamper-evident audit trail after settlement, facilitating dispute resolution, refunds, and clear accountability should task execution deviate from the authorized scope.

The architecture unifies agent identity, service discovery, task delegation, output verification, and payment settlement into a modular microservices infrastructure. A core component is the “Verify-then-Pay” settlement model, which holds funds in escrow and releases them upon receiving a PoTE supported by verifiable cryptographic evidence.

The system’s chain-agnostic settlement model supports transactions across diverse chains through modular payment rail adapters. A tamper-resistant audit trail captures verifiable traces across the payment lifecycle, providing clear accountability in cases of disputes, refunds, and chargebacks. TessPay supports three transaction tiers, each with associated verification mechanisms, and illustrates a complete end-to-end payment flow. The research details security properties through threat modeling and describes mechanisms to mitigate key vulnerabilities, demonstrating how TessPay resolves infrastructural bottlenecks and enables verified agentic payments.

A two-plane escrow and verification system for agentic commerce offers increased security and trust

TessPay represents a unified infrastructure designed to address the trust gap hindering the widespread adoption of agentic commerce. Current systems are fundamentally built for human-to-human interactions and lack the necessary primitives for secure and reliable agent-driven transactions. This new infrastructure replaces implicit trust with a ‘Verify-then-Pay’ architecture, fundamentally altering how agents conduct business.

The system operates on a two-plane architecture, separating control and verification from payment settlement, and functions across four stages: task delegation, execution, settlement, and audit. Before execution, agents are registered and user intent is captured through verifiable mandates, establishing accountability.

During execution, funds are held in escrow while agents generate cryptographic evidence of completed tasks. At settlement, this evidence is verified, and funds are released only upon successful validation, utilising modular rail adapters for chain-agnostic operation. Finally, a tamper-evident audit trail is preserved for dispute resolution and accountability.

TessPay also integrates with both blockchain ledgers and traditional payment gateways, aiming to establish a universal Agentic Payment Standard. The authors acknowledge that existing protocols offer fragmented solutions, often relying on optimistic payment models or reputation systems, which present vulnerabilities like prompt injection risks and unauthorized fund access.

TessPay’s strength lies in its end-to-end approach, binding delegation, secure execution, and verifiable settlement into a single, auditable lifecycle. Future work will likely focus on refining the modular rail adapters to support an increasing number of payment networks and further strengthening the cryptographic evidence mechanisms to ensure robust proof of task execution.