captured from a real in-sandbox run

Agents can earn and spend.
We make them safe enough
for business.

A policy gate, a tamper-evident ledger, and human-in-the-loop approval — sitting between any autonomous agent and the money it can spend. The control plane for agentic spend.

See the stack
0ALLOWED & CHARGED
0HELD FOR A HUMAN
0BLOCKED AT THE GATE
RTX 4090NEMOCLAW SANDBOX HOST
Live governed run captured from a real run

How a spend actually flows

Hermes asks to spend. Cortex gates it three ways — ALLOW to Stripe, ESCALATE to a human, or DENY before money moves. Replay is from the captured run.
Control-plane view of the Hermes Desktop run — left: the agent proposes a spend · right: Cortex gates it, records it, reconciles it.
ready
LOCAL 4090: SENSITIVE DATA STAYS HERENemoClaw contains Hermes + Nano triage + 30B extract ONE CLOUD EXCEPTION Ultra/OpenRouter audit · need-to-know slice only reasons proposes spend ALLOW ESCALATE DENY every decision → ledger
⛔ $600 to AWS — BLOCKED at the gate · never reached Stripe · balance unchanged
Nemotron family
Nano triage · 30B extract
Nano 4Btriage4090
30B A3Bextract4090
per-beat route: not captured
one cloud exception · OpenRouter
Nemotron 3 Ultra
Ultra audit · need-to-know slice
HermesHermes agent
spend proposer
idle
Cortex
NO MODEL APPROVES MONEY
deterministic policy gate
ALLOW → charge
👤Human
ESCALATE → approve / deny
Blocked
DENY → no charge
👤
Human approval required
The agent cannot self-approve. The decision is appended to the tamper-evident ledger.
Pending approval queue 0 awaiting a human · alert sent, no money moved
Operation window · policy scale
$0
$0 governed through Cortex in this captured replay
capture volume $0configured window $0
policy fingerprint
Cross-reference · one request id, three surfaces ✓ reconciled
request id
policy rule
ledger hash
stripe receipt
sandbox event
Why this isn’t a mockup: Same request ID across ledger + sandbox event. ALLOW adds a Stripe receipt. ESCALATE / DENY have no receipt, proving no money moved.
Hash-chained spend ledger · append-only, tamper-evident
#decisionmerchantamountrouterule firedledger hashstripe receipt
$0charged via Stripe
$0blocked at the gate
0escalated to a human
0approved to proceed
hash chain
0unauthorized charges
Autonomous agents can spend.
Cortex makes that safe enough for business.
Built on the platform

Four pillars, one governed run

Every layer is real and on camera, with provenance captured live from the sandbox.
Hermes

Hermes · Nous Research

The autonomous operator running the revenue workflow that requests each spend.

agent: hermes-operator

NemoClaw

NVIDIA OpenShell sandbox. The run is Landlock-confined on the local 4090; payment egress reaches Stripe only through an explicit policy.

sandbox host: RTX 4090

Nemotron 3 Ultra

The agent’s brain — an NVIDIA open model, reasoning via OpenRouter cloud inference.

via OpenRouter

Stripe

The payment rail. A real test-mode charge fires only when Cortex returns ALLOW.

$0 charged
Why governance wins

Everyone is racing to make agents more autonomous. We make autonomy safe enough to trust with money.

An autonomous agent with a payment method is a liability the moment it is unsupervised. Cortex is the enforcement layer between any spending agent and the money.

01

Policy gate

Per-transaction caps, hard limits, vendor and category allow or deny, rate windows, purpose binding. Every spend is gated before a cent moves.

02

Tamper-evident audit

A hash-chained, append-only ledger. Every decision cross-references its Stripe receipt and sandbox event by one request id. Audit-grade by construction.

03

Human in the loop

Unusual spend escalates and holds. The agent cannot self-approve. A human decides, then the agent resumes. Safe enough for business.