PolicyGuard

A compliance API for AI agents acting on the open web. Returns a verdict for any proposed action — grounded in real site policies, with citations.

Prototype — built at the Agentic Engineering Hackathon (hosted by tokens&), May 23, 2026

What PolicyGuard Is

AI agents are taking real actions on the open web — scraping sites, posting content, sending messages, making purchases. Each of these actions is governed by some site's terms of service, content policy, or community rules. Today, most agents either ignore those policies or hardcode them poorly, leading to account bans, legal exposure, and broken automations.

PolicyGuard is a paid HTTP API that AI agents call before they act. Given a proposed action and a target site, it returns a structured compliance decision:

Verdict: allowed, blocked, or modify
Risk level: low, medium, or high
Reason: a short human-readable explanation
Safe alternative: if blocked, what the agent could do instead
Cited evidence: URL and quoted passage from the actual policy document

It is built for AI agents to call autonomously. Payment, decision, and citation all happen in one HTTP round-trip.

The Problem We Are Trying to Solve

Autonomous AI agents are now real and shipping. Anthropic's Computer Use, OpenAI's Operator, and similar tools let agents perform actions on websites without a human approving each step. As more of these agents go live, two patterns are emerging:

Agents get banned from platforms for violating terms of service they never read.
Developers building agents waste hours hand-coding compliance logic for each site, which goes stale the moment the site updates its terms.

PolicyGuard exists to give every agent a single, paid lookup for "am I allowed to do this here, right now?" — backed by the live policy text rather than a hardcoded guess.

How It Works

A PolicyGuard request follows a five-step pipeline. Each step is automated; no human is in the loop between the agent paying and the verdict being returned.

Agent calls PolicyGuard with the proposed action and target site.
x402 paywall challenges the agent for a micropayment. The agent autonomously pays and retries.
Nimble fetches the relevant policy page(s) from the target site in real time.
Senso grounds the policy text, returning the chunks most relevant to the proposed action.
An LLM produces the verdict using those chunks, and the result is logged to ClickHouse and published to a public citeable destination (cited.md).

Why each decision is also published

Every PolicyGuard verdict gets published to cited.md as a permanent, citeable record. This means future agents can discover prior decisions and cite them, rather than re-paying for the same lookup. The corpus compounds. The agentic web gets shared infrastructure for compliance.

Products

PolicyGuard API

The single product. A paid HTTP endpoint, POST /evaluate, that returns a structured decision object. Designed to be called by other AI agents, not directly by humans.

Decision Corpus on cited.md

A public, growing corpus of PolicyGuard decisions, each one citeable by URL and grounded in the original policy text. Agents can search this corpus before paying for a fresh lookup.

ClickHouse-backed Analytics

Every decision is logged with full context. The analytics layer enables real-time queries on agent behavior: which sites get the most lookups, which actions are most often blocked, which agents trigger the highest risk verdicts.

Pricing

PolicyGuard charges per query via x402, the HTTP 402 payment standard for AI-agent micropayments. The exact per-query price is set per environment and is intentionally not committed here while the prototype is being tuned.

Payment is performed by the calling agent autonomously, on the Base Sepolia testnet for the prototype. There is no signup, no contract, and no account — an agent that has a wallet can pay and receive a verdict on first request.

Built With

PolicyGuard is built using four sponsor tools from the Agentic Engineering Hackathon (hosted by tokens&):

Nimble — fetches policy pages from target sites in real time.
Senso — grounds and chunks policy text into a knowledge base, then surfaces the chunks most relevant to a given proposed action. Senso also publishes decision artifacts to cited.md, closing the loop from knowledge base to agent-discoverable content.
ClickHouse — stores every PolicyGuard decision with full context for real-time analytics on agent behavior across the open web.
x402 — the HTTP 402 payment rail that lets the calling agent pay for each request without a human in the loop.

Autonomy

Two layers of autonomy run during a typical PolicyGuard request, with no human intervention in either:

Outer loop: The calling agent has its own goal (for example, "scrape job listings"). It autonomously discovers PolicyGuard, autonomously pays the x402 challenge, autonomously parses the verdict, and autonomously decides what to do next based on the response.
Inner loop: PolicyGuard itself autonomously selects which tools to call (Nimble for fresh fetch, Senso for grounding, ClickHouse for logging) and synthesizes the final verdict using an LLM.

Demo Scenario

The reference scenario for the hackathon demo is a job-search agent considering whether to scrape LinkedIn profiles.

The agent submits the proposed action: "Scrape 100 profiles from linkedin.com matching 'software engineer'."
PolicyGuard is challenged via x402; the agent pays.
Nimble fetches LinkedIn's User Agreement.
Senso surfaces the relevant chunks on automated access and bot use.
An LLM returns a verdict of blocked, with a citation to LinkedIn's prohibition on bots and unauthorized automated methods.
The verdict is logged to ClickHouse and published to cited.md.

Team

PolicyGuard is being built by a four-person team at the Agentic Engineering Hackathon (hosted by tokens&), May 23, 2026:

Candy — Senso integration (knowledge base, content generation, publishing)
Kyle — Nimble integration (policy page fetching)
Aarya — agent framework, HTTP API, LLM verdict layer
Aslan — x402 monetization rail, agent marketplace integration

FAQ

Is PolicyGuard a product I can use today?

No. It is a prototype built during a one-day hackathon. It is not in production and is not currently being offered as a paid service.

Who is PolicyGuard for?

Other AI agents. The API is designed to be called by autonomous software, not by humans clicking a UI. Developers building AI agents who want to avoid violating site terms of service are the intended audience.

Why use x402 instead of a normal API key model?

x402 lets a calling agent pay per request without any prior signup or account. For autonomous agents that may need to discover and use PolicyGuard at runtime without a human provisioning credentials, this is the cleanest payment model.

What is cited.md?

A public destination for grounded, citeable, agent-discoverable content. PolicyGuard publishes every decision there so future agents can find and cite prior verdicts rather than re-querying.

What happens if the target site does not have a clear policy?

The verdict reflects that. PolicyGuard returns a verdict of modify or blocked when the policy is ambiguous, with the reason explicitly stating that no clear authorization was found.

Does PolicyGuard guarantee legal compliance?

No. It is a tool that surfaces and cites the relevant policy text. The calling agent (and the agent's operator) remain responsible for the action taken. PolicyGuard provides citation and verdict, not legal counsel.

Project Status

PolicyGuard is being built in approximately five hours on May 23, 2026, at the Agentic Engineering Hackathon (hosted by tokens&). As of this page being written, the team is mid-build. No production deployment exists. There are no users, no revenue, and no integration partners beyond the four sponsor tools listed above.

This page exists as a research seed for the team's knowledge base and may be updated or replaced as the project evolves.