Shelfie - Accountable Agent Commerce
Janelle tamayo
Shelfie
Shelfie is verifiable, accountable autonomy for agent commerce.
TL;DR
Agent commerce today is either fragile screen-scraping or API keys that grant unlimited authority. I designed and built Shelfie: a two-repo agent + merchant pair that buys event tickets through a wire protocol with on-chain signed payments, per-passport caps, and a principal-confirm gate. Cross-domain inventory sync in four seconds, end to end. Also a UX exploration of how blockchain becomes legible to people who didn’t show up wanting to learn it.
Walkthrough
I wanted to see an agent autonomously do something with real stakes.
The hackathon brief was "agents that act on behalf of users on Kite." I was interested in the structural question of how to let an agent spend money without it being a babysitting exercise or a security disaster. Tickets came after ideation, because I wanted to see autonomous action rather than just queue something up for later.
Agent commerce today has three paths, and all three are broken.
Browser automation breaks when the merchant changes their checkout.
API wrappers need a custom adapter per merchant, with plenary keys that grant unlimited authority if stolen.
Payment shims rely on card networks to detect bad spend after the fact. None of the three answers who is acting, with what authority, and how the merchant verifies it.
The new ticket economy isn't humans vs bots. It's accountable agents vs anonymous scripts.
The traditional anti-bot framing is a losing battle even Ticketmaster can't win. The move is to make every agent's actions durable, bounded, and traceable. A bad actor can still buy a ticket, but the action is signed by their identity, recorded on-chain, and visible to every merchant. Misbehaviour is durable rather than anonymous.
The protocol is the auth, not API keys plus allowlists.
API keys are like giving someone a copy of your debit card. The protocol-is-auth model is like writing a specific cheque, for a specific amount, payable to a specific shop, dated for one day. The Kite Passport identifies who is acting, the signed session policy declares the authority, and the EIP-3009 signature constrains the transfer.
EIP-3009 makes each authorization a single-shot, time-bound, replay-protected payment.
EIP-3009 narrows the agent's authority from "spend up to X over time" to "this one transfer, full stop." Each signature is single-shot, time-bound, and replay-protected by a nonce. A compromised key can sign more authorizations, but each one is fully specified.
Per-passport caps and principal-confirm gates make policy enforceable at the merchant boundary.
Per-passport caps limit each Kite Passport to four tickets per event, enforced at three independent points: order creation, x402 settlement, and chain-match confirmation. The principal-confirm gate adds policy enforcement: agents declare a session policy in a header, and orders above the threshold require the principal to release a single-use token before settlement.
Pressed on detecting bad agents, the honest answer was that cryptographically, you can't.
We don't claim to detect bad agents. Both a Shelfie agent and a malicious agent look identical at the cryptographic layer, both are keys signing payments. What we claim is durable accountability. That concession is what produced the principal-confirm gate as a shipped primitive instead of a future-code promise.
A clock-drift bug in EIP-3009 taught me to test against the chain's view of time.
The gasless settlement path signs each EIP-3009 authorization with a validAfter timestamp set in the past for drift. It failed intermittently because Kite testnet's block timestamp ran more than five seconds behind mine. Widening the backdate fixed it. When you sign time-bound authorizations, the relevant clock is the chain's, not the client's.
Cross-domain inventory sync in about four seconds, end-to-end.
A buyer signs an EIP-3009 authorization with a declared session policy, Kite's gasless relayer submits it on-chain, and the merchant's chain watcher validates the per-passport cap and mints the ticket. The loop runs in roughly four seconds across two independent codebases with no shared API or memory. That is the agent-commerce thesis at human-perceptible latency.
I shipped the honest-scorecard slide because hackathon overclaim is detectable in five minutes.
Hackathon overclaim is detectable in five minutes by anyone who knows the stack. Being concrete about which lines were crossed earns trust on the lines you did. The scorecard slide commits to six shipped layers and four roadmap layers, in that order. Honest scoping is the only way the accountable-autonomy claim stays credible.
Verified end-to-end
EIP-3009 payment authorization
x402 protocol integration
Drop-time gating
Tier counters
Per-passport caps
Principal-confirm gate
Acknowledged limitations
Rate limiting, not yet implemented
KYC'd Passports, out of scope for the hackathon
Hardware-attested keys, roadmap
Cross-merchant reputation, roadmap
Three plausible futures for agent commerce, and a few reflections.
Shelfie is also a UX exploration. The default blockchain interface still assumes you know what a nonce is, why you are signing a transaction, or what "gasless" means. Most of the design work on this page (the cheque analogy, the accountable-autonomy framing, the glossary at the bottom, the language that hides the crypto when it adds no information) is an attempt to make an early category legible to people who did not show up wanting to learn it.
Traditional ticketing tries to prevent automation and silently fails. We make automation accountable.
(G) - GLOSSARY
EIP-3009
An Ethereum payment standard where each signed authorization is single-shot, time-bound, and locked to one specific transfer. Like writing a specific cheque rather than handing over a debit card.
EOA
Externally Owned Account. A blockchain account controlled by a private key, as opposed to a smart contract account. The agent acts from an EOA.
Gasless relayer
A service that pays the blockchain transaction fee on behalf of the user, so the agent can act without holding crypto for fees.
Kite
The blockchain network Shelfie runs on. Kite Passport is its identity layer.
Kite Passport
An on-chain identity that uniquely names an agent. Every Shelfie action is signed by a Passport, so misbehaviour is permanently traceable to its source.
KYC
Know Your Customer. The regulated process of verifying that a real human is behind an account.
Nonce
A single-use number attached to each signed payment. Prevents the same authorization from being reused.
On-chain
Recorded on a public blockchain. Anyone can verify the transaction happened and who authorized it.
Per-passport cap
A limit on how many actions a single Kite Passport can perform. Stops one bad actor from buying out a whole event.
Principal
The human or organization an agent acts on behalf of. The principal sets the rules; the agent must stay inside them.
Principal-confirm gate
A check where the agent must get explicit approval from the principal before completing a high-stakes action.
PYUSD
A US-dollar-pegged stablecoin used as the payment token on Kite testnet for Shelfie. One PYUSD is meant to equal one US dollar.
Replay protection
A cryptographic guarantee that a signed payment cannot be used twice.
Session policy
A signed declaration of what an agent is allowed to do in this session: which merchant, how much, what time window.
Signature
Cryptographic proof that a specific identity authorized a specific action. Cannot be forged or transferred.
Smoke test
A small set of end-to-end tests that prove the basic loop works. "26/26" means 26 scenarios, all passing.
viem
A TypeScript library for interacting with Ethereum-style blockchains. Shelfie uses it to sign and submit transactions.
Wire protocol
The shared message format two independent systems use to communicate. Shelfie's wire protocol is what lets the agent and merchant verify each other without sharing memory or APIs.
x402
An HTTP standard for payments. The merchant can demand payment at the HTTP layer; the agent fulfills it before getting the response.
NEXT CASE STUDY
Like this project
Posted Jun 5, 2026
Developed Shelfie, a protocol for accountable agent commerce for seamless event ticketing.
Likes
0
Views
0
