Compliance evidence for agent-driven digital asset transactions.

What does CLARITY Act compliance look like for agent-driven transactions?

The House-passed text of HR 3633 modernizes recordkeeping requirements for digital commodity intermediaries. Section 305 lets SEC-registered brokers, dealers, and exchanges satisfy Securities Exchange Act books-and-records rules using blockchain records, with the SEC directed to issue or revise rules within 180 days of enactment. Title II and Title III layer on trade monitoring, customer-asset segregation, and third-party security audit disclosures.

None of that text mentions AI agents. The compliance question agentic teams have to answer anyway: when an agent submitted the order, can the intermediary produce a record that ties the action to a delegated authority and a defined scope?

Why is the Senate Banking markup the moment to think about agentic finance?

The bill text is the floor. Once Senate Banking finishes markup and the framework moves toward enactment, intermediaries onboarding agent-driven flows will be writing exam binders against rules that exist on paper but were drafted before agentic commerce shipped at hyperscaler scale. Coinbase's Chief Legal Officer urged banks at Consensus 2026 not to "snatch defeat from the jaws of victory" and to accept the bipartisan compromise.

Teams building on those rails have a window: ship the auditable evidence layer before the rules land, not after.

What can L3 governance show a regulator about an agent transaction?

Modern infrastructure already produces a lot of L3 evidence. AWS CloudTrail records every IAM-authenticated call. AWS AgentCore Payments, which shipped in preview on May 7, 2026, gives merchants per-session spending caps and observability hooks. Stripe scoped tokens cap spend per agent per period. Cloudflare-Stripe Projects bind a payment token to a specific agent identity at a specific provisioning surface.

That is governance evidence. A regulator reading a CloudTrail export can confirm the agent paid, what it paid for, and that the spend stayed under the cap. Those answers are real, and an examiner is right to expect them.

What does L3 governance leave unanswered?

Three questions an examiner is likely to ask, and CloudTrail-style logs cannot answer.

• What scope did the agent commit to before the transaction series began? CloudTrail records the call, not the consent.
• Did the action sequence stay inside that scope? Spending caps see total dollars; they don't see whether the agent crossed a merchant whitelist or a venue restriction.
• Can a third party verify the answer without trusting the operator's logs? Internal audit trails ride on the operator's word that the export is complete and unaltered.

Those are the gaps a behavioral attestation closes.

What is a Behavioral Compliance Credential, and what does it commit to?

A Behavioral Compliance Credential is a W3C-verifiable credential issued at the start of an agent session under the BCC-Claims profile, signed with eddsa-jcs-2022, anchored at the issuer DID did:web:agentlair.dev. The credential commits the agent to a defined scope before any transaction lands: a price cap, a merchant or venue whitelist, a time window, the principal who delegated the authority.

The endpoint that issues it is POST /v1/bcc/issue. The endpoint that verifies it without calling AgentLair's API is GET /v1/bcc/:id/verify. Any examiner can pull the credential and check the signature against the published JWKS.

How does a hash-chained audit log fit into a CLARITY recordkeeping regime?

Section 305 lets intermediaries satisfy books-and-records requirements using blockchain records. The deeper requirement underneath that is integrity: the record produced has to be tamper-evident, ordered, and reconstructable on demand.

AgentLair's POST /v1/audit/log writes signed envelopes carrying a timestamp, a category, an action, a JTI, and a prev_hash that anchors each entry to the previous one. Every tool call inside an agent session lands in the chain. An examiner can replay the sequence, verify the signature on every envelope, and recompute the prev_hash to confirm no entry was inserted, removed, or rewritten.

What do SCITT receipts add that an internal log cannot?

An internal hash-chained log proves consistency to the party that holds it. A regulator reviewing it has to take the operator at their word that the chain is the chain. SCITT, the IETF Supply Chain Integrity, Transparency, and Trust framework, layers a transparency service over signed statements so a third party can confirm a specific receipt was registered without revealing any state the operator has not chosen to publish.

AgentLair issues SCITT receipts at /v1/scitt/verify with a public verifier UI at /verify-receipt. A counterparty, an issuer, or an examiner verifies the receipt without a callback to the agent operator. The audit chain stops being self-attested.

A worked example: tokenized treasury rebalancing under Section 305

A treasury team delegates an agent to rebalance a tokenized asset position once per business day, under a 200,000 USD daily volume cap, restricted to two venues, between 08:00 and 16:00 New York time. Before any order, the agent issues a BCC committing to that scope. Every venue call, quote request, and order lands in the audit chain, anchored to the BCC's session id. At end of day, the team produces a SCITT receipt for the day's chain.

When the examiner asks how the team shows the agent stayed inside the delegated authority, the team produces three artifacts. The BCC for the scope. The audit chain for the actions. The SCITT receipt for verifiability. Same shape as the dispute resolution flow, applied to a recordkeeping question instead of a chargeback.