Tempo's native Access Keys control How Much and To Whom. OnlyGate controls What and Why.

OnlyGate is an out-of-band, Human-in-the-Loop (HITL) authorization gateway designed specifically for the Machine Payments Protocol (MPP). It bridges the critical gap between autonomous AI spending and enterprise-grade accountability.

The Machine Payments Protocol (MPP) empowers AI to autonomously purchase APIs and data using HTTP 402 and stablecoins. To secure this, Tempo offers Access Keys (budget caps and allowed destinations). However, this creates a massive enterprise liability void.

The Scenario: An enterprise provisions an AI Agent with an Access Key capped at $100/day, restricted to a verified Market Data API. The agent suffers a Prompt Injection attack (or severe hallucination) and spends the entire $100 requesting 50 batches of completely useless, outdated 1990s market data.

• Tempo's Smart Contract: Sees a valid amount and a whitelisted destination. Perfectly executes and settles the transaction.
• The Enterprise CISO: Loses $100, receives garbage data, and the blockchain only shows Tx: 100 USDC to Vendor X. There is zero context on why the decision was made.

Tempo acts as a Financial Firewall. Enterprises desperately need a Decision Firewall.

OnlyGate is a Pre-Transaction Decision Gateway.

Crucially, OnlyGate does not use AI to parse the payload (which would expose the gateway itself to prompt injection). Instead, it enforces an Attribute-Based Access Control (ABAC) policy using objective transaction physics.

When an AI Agent attempts a paid HTTP request (tempo request):

1. Intercept & Extract: OnlyGate physically freezes the agent's thread and extracts the target URL, HTTP Method, and exact spending amount (via a background --dry-run).
2. Dynamic Policy Routing: - 🟢 Tier 1 (Micro-transactions & Whitelisted): e.g., Cost < $1.00. The gateway auto-approves the request but cryptographically logs the raw payload and intent. Zero friction, 100% audibility.
   • 🔴 Tier 2 (High-Risk / Anomaly): e.g., Cost > $1.00 or unknown endpoint. The system suspends execution and triggers a Human-in-the-Loop escalation.
3. Out-of-Band Escalation (HITL): OnlyGate pushes an unalterable context card to the enterprise manager's phone (via Telegram/Slack), displaying the exact URL, cost, and raw JSON payload for human review.
4. Execute or Kill: - If Approved, the gateway releases the thread, allowing native Tempo MPP settlement (~500ms).
   • If Rejected, the execution is killed, returning a compliance error to the agent.

[ AI Agent ] 
     │ (Executes `tempo request ...`)
     ▼
[ OnlyGate CLI Wrapper ] ──(1. Intercept & Extract Attributes)──┐
     │ (Thread Suspended)                                       │
     │                                                          ▼
     │                                               [ OnlyGate Policy Engine ]
     │                                                  │                   │
     │                              (Low Risk: Auto-Log)│                   │(High Risk: Escalate)
     │                                                  │                   ▼
     │                                                  │        📱 [ Human Manager (Telegram) ]
     │                                                  │                   │ (Clicks "Approve")
     │ ◀──(4. Release Signal)───────────────────────────┴───────────────────┘
     ▼
[ Native Tempo CLI / SDK ]
     │ (Handles 402 Challenge & Signs Transaction)
     ▼
[ Tempo Blockchain ] ──(5. ~500ms Settlement)

This repository contains the OnlyGate Tempo Wrapper proof-of-concept.

To demonstrate this architecture without forcing developers to rewrite their agents, we built a zero-integration CLI hijacker. The agent thinks it's executing the standard tempo request (per official SKILL.md instructions), but it is actually hitting the OnlyGate wrapper first.

Features in this Demo:

• Zero-Touch Integration: Works instantly with Claude Code, Amp, and Codex.
• Smart Pass-Through: Safe commands (tempo wallet, --dry-run) execute instantly without interception.
• Mobile-First HITL: Real-time push notifications and one-click approvals via Telegram.

This hackathon project is an extension of our core product vision. OnlyGate is an actively developed enterprise security layer designed to physically isolate an AI agent's execution capabilities from its decision-making logic.

Current Traction & Milestones:

• ✅ Architectural Validation: We have successfully built our core interception gateway for traditional SaaS APIs (e.g., blocking unauthorized Stripe refunds or Zendesk modifications).
• ✅ Market Validation (Round 1): We completed our first round of deep-dive interviews across two market extremes:
  • Insight 1 (Cloud-Native SaaS): Startups urgently want to grant agents write-access for efficiency, but are terrified of the PR and financial "blast radius." They demand frictionless accountability.
  • Insight 2 (Semiconductor Giants): Traditional enterprises operate on strict "zero data landing" policies. They will never route proprietary API payloads through a third-party cloud proxy.
  • The Architectural Pivot: We evolved OnlyGate into an Out-of-Band Control Plane. Proprietary payloads never leave the client's VPC; only the cryptographic intent is sent to OnlyGate’s vault to trigger human approval. This satisfies both SaaS speed and enterprise privacy.

• Actively seeking a Technical Co-Founder / Security Architect (Red Team/CISO background).
• Preparing for second round of interview.
• Go to silicon valley or silicon beach for more user research and get ready for pitch.

When we analyzed Tempo's MPP, we recognized it as the ultimate stress test for Agentic Commerce. If an AI can spend USDC in 500ms, a compromised agent doesn't just corrupt data—it drains treasury funds instantly. We built this wrapper to prove that OnlyGate’s Out-of-Band HITL architecture is the exact missing infrastructure required for Tempo to conquer the Fortune 500.