For builders

Build agent-native products on Accords.

CLP, AccordsVault, and AccordsConnectors are open source. Apache 2.0. Clone the repo, run locally, ship in weeks.

The governance layer for agent commerce can't be owned by one company. That's the point.

ART. IQuickstart

Three commands.

Local dev runs on Node 20+. No external dependencies. No managed service required for the core protocol.
01Clone
git clone https://github.com/accordsai/contractlane
cd contractlane
02Install
npm install
03Run
npm run dev
ART. IIWhat you get

Three primitives, one system.

THE ARTIFACT

Every action ends in one of these.

A receipt binds what was asked, what policy allowed, what credential was granted, and what actually ran — into one content-addressed bundle a third party can check without trusting your logs. The hash on this specimen is real; compute it yourself.

ACTION RECEIPTSPECIMEN
ACTION
Book SFO→JFK Mar 15 morning, under $400
POLICY
Travel policy: $400 cap, preferred carriers
GRANT
Releasing scoped payment credential
OUTCOME
Confirmed UA1438 · 9:42am · $389 · Receipt filed
BUNDLEsha256:fdc9b568d6ce5a3c3b093aec46d5e53d26d588dc96c1043058df425799075954
SIGed25519 · — placeholder · specimen carries no signature

Illustrative specimen of an Accords action receipt. The bundle hash is the real SHA-256 of this specimen’s fields — verify it yourself. Signed, verifiable receipts are what the runtime emits; this page only claims the shape.

ART. IIIExample products

Reference implementation, coming soon.

A consumer AI product running on the Accords stack. Every action goes through CLP and AccordsVault — typed surfaces, signed receipts, revocable credentials.
The flagshipComing soon

When it ships, its Accords integration will live in the same repos — so builders can see a real product using every primitive end to end.

ART. IVFAQ

Questions builders ask.

§ 01What is Accords?

Accords governs what agents do on the open internet. It is the permission layer and runtime for AI agents acting across organizations — agents receive scoped, time-boxed authorization instead of raw credentials, every action is checked against policy before it runs, and every action emits a signed receipt.

§ 02What is the Contract Lane Protocol (CLP)?

CLP is the open wire protocol underneath the stack: JSON schemas for agent actions, typed connectors, and signed receipts that bind signatures, authorization, and payment events into portable, content-addressed proof bundles. Apache 2.0, with SDKs in Go, Python, and TypeScript.

§ 03What is a deterministic execution boundary?

A layer between the agent and every privileged system. The agent submits a typed intent; policy is evaluated in code — amount ceilings, counterparty allowlists, cumulative limits, approval thresholds — before anything executes. Deterministic means the check cannot be argued with: an out-of-policy request is not refused politely, it does not execute.

§ 04How is this different from a secrets manager?

A secrets manager stores credentials and hands them to whatever is authorized to fetch them — so your agent still ends up holding the secret, and anything that compromises the agent holds it too. Accords never gives the agent the credential: the agent gets permission for one action at a time, the runtime executes with a short-lived scoped credential, and the secret never enters the model's context.

§ 05How is this different from an API gateway?

A gateway filters traffic in-line — it sees requests, not authority. It can rate-limit and inspect, but it cannot tell an authorized action from an authorized credential being misused. Accords decides whether each action is permitted before it exists, and proves what ran afterward with a signed receipt.

§ 06Does Accords replace OAuth?

No — it composes with it. OAuth scopes grant access to a resource surface; Accords governs actions within it: which operation, what amount, how often, approved by whom. Scopes answer what a credential can reach. Accords answers what an agent may do, right now, within what limits.

§ 07What exists today?

The CLP spec (v1.0.0, Apache 2.0) with Go, Python, and TypeScript SDKs, and the AccordsVault MCP server (Go) with connector, plan, and approval tools — all public on GitHub. Duffel is in integration today.

§ 08How do agents prove what they did?

Every action emits a receipt: signed, content-addressed, binding the policy reference, the authorization grant, and the execution outcome. A third party — an auditor, a counterparty — can verify it offline, without trusting anyone's logs.

ART. VCommunity

Build with us, in the open.