What Untch defends against on the agent payment path.
Threat model
Payment path
| Risk | Mitigation |
|---|---|
| Agent signs a swapped 402 challenge | Mode B CBC: exact match of recipient, token, amount, resource, endpoint, method, hashes |
| Replay of an old authorization | Nonce and expiry binding; replay rule when challenge inject present |
| Overspend / runaway agent | Daily budget, per-call cap, rate limit, escalate-above |
| Duplicate payment | Duplicate rule on task + endpoint + params within TTL |
| Forged chat approval | Bound handle, single-use code, ownership check on dashboard, dual-channel when configured |
| Silent undelivered escalation | Fail-closed timeout defaults to deny |
What Untch does not claim
- Stopping an agent that never calls preflight or Guard (Mode A only)
- Full Mode D broker mediation (roadmap)
- Instant mainnet receipt writes during UntchReceipts writer timelock windows