Untch docs

What Untch defends against on the agent payment path.

Threat model

Payment path

RiskMitigation
Agent signs a swapped 402 challengeMode B CBC: exact match of recipient, token, amount, resource, endpoint, method, hashes
Replay of an old authorizationNonce and expiry binding; replay rule when challenge inject present
Overspend / runaway agentDaily budget, per-call cap, rate limit, escalate-above
Duplicate paymentDuplicate rule on task + endpoint + params within TTL
Forged chat approvalBound handle, single-use code, ownership check on dashboard, dual-channel when configured
Silent undelivered escalationFail-closed timeout defaults to deny

What Untch does not claim

  • Stopping an agent that never calls preflight or Guard (Mode A only)
  • Full Mode D broker mediation (roadmap)
  • Instant mainnet receipt writes during UntchReceipts writer timelock windows

Related