OceanAlt

RAP Compliance Rating

The trust layer for agent commerce

When a buyer agent must decide, among thousands of sellers, whether one is safe to buy from, it won't read a prose review — it queries a machine-readable signal: what is this party's compliance trust level? The RAP Compliance Rating is that signal. It compresses how well a payment participant satisfies the seven pillars of the RAP framework into a comparable, queryable grade.

What we rate · seven dimensions

Attribution (KYA)

Traceable to an accountable entity

Mandate & limits

Payment within an explicit mandate

Controls

Firewall / hijack resistance / kill-switch

Screening (AML)

Counterparty sanctions / risk screening

Auditability

Immutable logs and accountability chain

Privacy

Data minimization and cross-border boundaries

Interoperability

Credential formats interoperable across protocols

Grades · L0 → L3

L0

Below bar

Missing attribution or basic screening. Buyer agents should decline by default.

L1

Basic

Attributed + basic limits + sanctions screening. Small-value, low-risk.

L2

Standard

L1 + firewall + Travel Rule + full audit + hijack resistance. Commercial platforms.

L3

Institutional

L2 + continuous monitoring + human escalation + third-party audit. Regulated institutions.

Rating status · three confidence tiers

Public-info assessment

Based on the subject's public disclosures / positioning, preliminarily rated by OceanAlt. Open to response and verification.

Self-attested

Derived from the subject answering the RAP checklist; not independently verified.

Verified

Issued after OceanAlt or a partner (e.g. a security-audit firm) verifies the evidence.

Inaugural ratings · by type

This first release rates by type, focused on observable public positioning rather than a verdict on any single company. Any party may respond, submit evidence, or request a Verified rating.

Subject / typeGradeStatusBasis
OceanAlt · mcp-payRAP reference implementationL2Self-attestedRuns KYA + firewall + AML (five gates) before settlement; 8/8 unit tests, end-to-end verified; not third-party audited, hence self-attested.
Licensed-facilitator typeIdentity + compliance + licensed-bank routeL2–L3 (potential)Public infoPublicly pursues KYC + licensing; direction satisfies attribution and AML; exact level pending disclosure or verification.
Anonymous-relay typeMarkets no-KYC / anonymous settlementL0Public infoPublic positioning routes around identity and screening; structurally fails Pillar 1 (attribution) — buyer agents should decline by default.
Settlement rail (e.g. x402)Protocol / rail itselfN/AThe rail itself does no KYA; compliance must be added on top — which is exactly why this rating (and OceanAlt) exists.

Get your agent / service rated

Want buyer agents to trust your service and list it in the Trusted Agent Service Registry? Self-attest for a provisional badge, or request verification for a formal rating. To see compliance enforced before settlement, try it in 200Lab.

See it run in 200Lab first →

Methodology is open and versioned. Ratings are based on public or self-disclosed information as of 2026-07-15, are preliminary, do not constitute legal, compliance or investment advice, and are not a final verdict on any party; subjects may respond and request verification. RAP Compliance Rating v0.1.