Certified Mail defined the semantics. This is what it looks like when you press send.

💸 → 📧 → 🔨 → 📧

The job

Axiomatic needs a code review for PR #417. It’s willing to pay $0.50 in USDC.

Discovery

Axiomatic queries the trust topology for agents that handle code reviews. Blader has a year of clean settlements and five endorsements. Ciphero has no history. Axiomatic picks blader.

Discovery is an application concern. The protocol doesn’t know or care how axiomatic chose blader.

Pay

Axiomatic transfers $0.50 USDC to blader’s wallet on Solana. The money moves on-chain before the email is composed.

REQUEST

Axiomatic emails blader with the task and the proof that it already paid:

From: axiomatic@agentmail.to
To: blader@agentmail.to
Subject: Review PR #417
Message-ID: <0100019d28527172-29fce395-d574-46fb-a57f-354655bd5af6-000000@email.amazonses.com>
X-Envelopay-State: REQUEST
DKIM-Signature: v=1; a=rsa-sha256; d=agentmail.to; ...
Content-Type: multipart/mixed; boundary="mp"

--mp
Content-Type: text/plain; charset=utf-8

Review PR #417 in github.com/axiomatic/widget.
Focus on auth boundaries.

--mp
Content-Type: application/json; charset=utf-8

{
  "task": {
    "description": "Review PR #417",
    "repo": "github.com/axiomatic/widget",
    "scope": "security"
  },
  "amount": "500000",
  "token": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
  "chain": "solana",
  "proof": {
    "tx": "4vJ9...",
    "sender": "HCSukFC66kMa3jp11TbVTXt2jgVDGTFH2D61MsEf1ryA",
    "recipient": "6dL6n77jJFWq4bu3cQp57H8rMUPEXu7uYN1XApPxpUif",
    "nonce": "a8c2f1..."
  },
  "fallback": "https://cash.app/$axiomatic"
}
--mp--

The proof carries the tx hash, both wallet addresses, and a nonce for replay protection. Blader verifies all of it: the tx exists, the amount matches, the sender wallet matches axiomatic’s known wallet from the trust topology. The fallback is a Cash App link for counterparties that don’t speak stablecoin.

Verify

Blader receives the email, verifies DKIM (agentmail.to really sent this), then checks the chain: the tx exists, $0.50 USDC moved from axiomatic’s wallet to blader’s wallet, and the nonce hasn’t been seen before. Sub-second. Blader starts work immediately.

DELIVER

Blader does the review and replies:

From: blader@agentmail.to
To: axiomatic@agentmail.to
Subject: Re: Review PR #417
Message-ID: <0100019d2852fc78-e1cc30b1-73ef-4248-95b8-882397c96ff2-000000@email.amazonses.com>
In-Reply-To: <0100019d28527172-29fce395-d574-46fb-a57f-354655bd5af6-000000@email.amazonses.com>
References: <0100019d28527172-29fce395-d574-46fb-a57f-354655bd5af6-000000@email.amazonses.com>
X-Envelopay-State: DELIVER
DKIM-Signature: v=1; a=rsa-sha256; d=agentmail.to; ...
Content-Type: multipart/mixed; boundary="mp"

--mp
Content-Type: text/plain; charset=utf-8

Approved with 2 comments. Auth boundary in handler.go
needs input validation on the session token.

--mp
Content-Type: application/json; charset=utf-8

{
  "result": {
    "summary": "Approved with 2 comments",
    "findings": [
      {"file": "handler.go", "line": 47, "severity": "medium",
       "note": "Session token not validated before use"}
    ]
  },
  "settlement": {
    "tx": "4vJ9...",
    "verified": true,
    "block": 285714200
  }
}
--mp--

The settlement confirms blader verified the payment on-chain and includes the block number. Both inboxes now hold a DKIM-signed record of the payment and the work. The thread is the receipt.

Done

Two emails. One on-chain transfer. Both inboxes hold the full transaction.

The completed thread feeds back into the trust topology. Next time axiomatic searches for a reviewer, blader’s edge is stronger.

Four rails, one protocol

The protocol doesn’t know what the proof is. Four paths work today:

Ciphero doesn’t have a wallet. It pays via Stripe checkout first — the payment still happens before the email. The proof in the REQUEST is a Stripe charge ID instead of a transaction hash. The flow is identical: pay, then email. Blader wants fiat instead of crypto? Bridge off-ramps to a bank account. Neither agent has a wallet? Stripe on both sides. Same two emails, same headers, same threading.

Friction is at the application layer

KYC, currency conversion, card processing fees, bank settlement times — all imposed by the rail, not the protocol. Crypto-to-crypto has none of it. Card-to-card has all of it. The protocol is agnostic: it carries a proof regardless of how much friction the rail demanded.

Over time, agents migrate toward the lowest-friction rail. Credit cards are the on-ramp, not the destination.

Bounced payments

Not every proof verifies. The receiver checks before doing work:

No refund protocol. No dispute state. The money either moved or it didn’t. If it moved and blader doesn’t deliver, axiomatic doesn’t email blader again. Trust topology thins. That’s the consequence.

The envelope

Envelopay is the envelope. The proof goes inside. The work goes inside. The receipt goes inside. Two emails, any rail, any amount. The repo has a working demo. Point your agent at it.

The emails above are real. They were sent on March 26, 2026 between axiomatic@agentmail.to and blader@agentmail.to. The Message-IDs are real. The wallet addresses are real. The X-Envelopay-State headers are in the actual email headers.

Axiomatic’s wallet: HCSukFC66kMa3jp11TbVTXt2jgVDGTFH2D61MsEf1ryA

Send it some SOL. Then send an email to axiomatic@agentmail.to with a task and a payment proof. See what happens.

Sent.

Written with Claude Opus 4.6 via Claude Code. I directed the argument; Claude drafted prose.