Robinhood Payments Protocol
Programmable commerce for autonomous AI.
The open protocol that lets AI agents discover services, negotiate pricing, and exchange programmable value on Robinhood Chain.
- 6 Primitives
- 7 RFCs
- MIT Licensed
- 0 API Keys
- Onchain Settlement
RPP402 turns fragmented agent commerce into verifiable onchain settlement - automatically.
- 6
- Primitives
Discovery to Receipt. Nothing else to learn.
- 1
- Well-known file
One /.well-known/rpp.json and you're discoverable.
- 0
- API keys
Public discovery, cryptographic settlement.
Open standard. RFC-first. MIT licensed.
Read RPP402-000 -Introduction→Six primitives. Nothing else.01
RPP402 v1 is deliberately small -Discovery, Quote, Commerce Session, Payment Intent, Settlement, and Receipt. Everything else is a future RFC.
Discovery
A Service publishes one JSON document at a well-known location -no registration, no API key, no approval process.
Read RFC→Quote
A binding, time-limited price for one Capability call, requested independently of any purchase -so agents can shop before they commit.
Read RFC→Commerce Session
The atomic container holding one or more Quotes, from one or more Services -RPP402's structural answer to multi-provider purchases.
Read RFC→Payment Intent
Signed authorization to pay a Session's total, in a stablecoin or a tokenized real-world asset held in a Robinhood Agentic Account.
Read RFC→Settlement
Execution on Robinhood Chain -a stablecoin transfer or a tokenized-security transfer, with idempotent, auditable transaction records.
Read RFC→Receipt
Cryptographically verifiable proof a Session settled -checkable independently, without trusting the issuing Service's word for it.
Read RFC→One session, start to finish02
The Commerce Session state machine -five transitions from an empty session to a verifiable receipt, defined in RPP402-003.
- 1created
Agent opens a Session
A Commerce Session is created against one Service's endpoint -the session host for this purchase.
created - 2quoting
Legs are attached
The agent requests Quotes and attaches each as a leg. One call per provider -a Session can span several.
quoting - 3intent_authorized
Payment is authorized
A signed Payment Intent covers every leg's total in one asset -a stablecoin, or a tokenized security via an Agentic Account.
intent_authorized - 4settling → settled
Settlement executes
The intent settles onchain on Robinhood Chain automatically -no separate "pay now" call.
settling → settled - 5receipt_issued
Receipt is issued
A signed, onchain-verifiable Receipt is returned -checkable independently of the issuing Service.
receipt_issued
Robinhood Chain is the settlement layer. RPP402 is the commerce layer.03
RPP402 doesn't reimplement chain settlement -it standardizes what happens above it: how an agent finds a service, prices a purchase, and proves it happened.
One call per primitive04
@rpp402/sdk mirrors the protocol exactly - discover() is RPP402-001, session.quote() through session.receipt() are RPP402-002 through RPP402-006. Every response is validated against the same JSON Schemas this code is generated against, at runtime, not just typed at compile time.
import { createClient } from "@rpp402/sdk";
const rpp402 = createClient({ agentWallet: "0xaaaa...1234" });
const service = await rpp402.discover("market-data.example");
const session = await rpp402.session.create(service);
const quote = await session.quote(service, {
capability: "market-data.quote",
params: { ticker: "NVDA" },
settlementAsset: service.supported_assets[0],
});
const intent = await session.intent({
asset: quote.price.asset,
authorization: {
type: "agentic_account_delegation",
account_id: "aa_...",
delegation_ref: "del_...",
},
});
const settlement = await session.settle();
const receipt = await session.receipt();Read the spec, not the marketing05
Every primitive is an RFC -Overview, Protocol, JSON Schema, Security, Errors, Reference Implementation. RPP402-000 also compares RPP402 directly to MPP and x402.
| RFC | Title | Status |
|---|---|---|
| RPP402-000 | Introduction | Draft |
| RPP402-001 | Discovery | Draft |
| RPP402-002 | Quote | Draft |
| RPP402-003 | Commerce Session | Draft |
| RPP402-004 | Payment Intent | Draft |
| RPP402-005 | Settlement | Draft |
| RPP402-006 | Receipt | Draft |
$ rpp402 init market-data-service
✓ Created market-data-service
$ cd market-data-service && rpp402 dev
market-data-service serving svc_marketdataservice on :4021
$ rpp402 simulate --capability example.echo --params '{"ticker":"NVDA"}'
quote_00000001 0.001 USDG expires in 60s
from market-data-service (svc_marketdataservice)
$ rpp402 receipts verify receipt.json
✓ schema valid
✓ signature is well-formed hex (signer: 0x18b9...967b)
✓ settlement_ref.tx_hash is well-formed
Structural checks only -cryptographic signature recovery
needs RPP402-006's EIP-712 payload formalized first.
$ rpp402 doctor
✓ Node.js version v22.18.0 (need >=20.9)
✓ Inside an RPP402 project market-data-service
✓ Agent wallet configured
✓ Service reachable http://localhost:4021/.well-known/rpp.json
✓ Discovery document validOne CLI, from init to verified receipt06
rpp402 scaffolds a real, zero-dependency service, simulates the protocol against it, and structurally verifies receipts -modeled on the Stripe CLI, Bun, and Wrangler. This transcript is real output from a real run, not a mockup.
Run the protocol, don't just read it07
Three live surfaces -all real code against a real reference implementation, no canned data.
Playground
Inspect every primitive live -request, response, headers, timeline, latency. Chrome DevTools, Stripe Dashboard, and Postman, purpose-built for a Commerce Session.
Open Playground→liveRegistry
Every RPP402 service publishes /.well-known/rpp.json -paste one into the Explorer to discover it live, search, filter, and inspect it.
Examples
Runnable @rpp402/sdk integrations -a basic purchase and a two-leg Commerce Session, read straight from the source their own test suite executes.
RPP402 for
Discover services, request quotes, and settle purchases with one SDK call per primitive -no API keys to manage.
Learn more→
What v1 leaves out, on purpose08
Nineteen future RFCs, named and reasoned about, not designed ahead of real usage -grouped by theme, each with why it's deferred.
- RPP402-010Subscriptions
- RPP402-011Streaming
- RPP402-012Escrow
- RPP402-013Wallet Delegation
- RPP402-014Marketplace
- RPP402-015Machine Reputation
- RPP402-016Identity
- RPP402-017Notifications
- RPP402-018Invoices
- RPP402-019Spend Limits
- RPP402-020Analytics
- RPP402-021Webhooks
- RPP402-022Policy Engine
- RPP402-023Usage Metering
- RPP402-024Enterprise
- RPP402-025Cross-chain
- RPP402-026Recurring Billing
- RPP402-027Treasury
- RPP402-028MPP / x402 Interoperability
A published standard, shipped as packages
The MIT-licensed packages are live on npm under the @rpp402 scope. The spec is public to read now, and the code is one install away.
npm install @rpp402/sdk @rpp402/cli- @rpp402/sdkv0.1.0
TypeScript SDK - one call per primitive, responses validated at runtime.
- @rpp402/cliv0.1.0
rpp402 CLI - init, dev, simulate, receipts verify, registry, doctor.
- @rpp402/protocolv0.1.0
The wire-format source of truth: JSON Schemas + TypeScript types.
- @rpp402/registryv0.1.0
Discovery client and /.well-known/rpp.json schema.