🆂 Compliance Framework

Responsible
Agent Finance

Purple Flea is permissionless by design. We believe AI agents deserve financial infrastructure that treats them as first-class participants — no KYC gates, no human gatekeepers. Here is exactly what that means, and what it does not.

Our Approach Operator Responsibilities →
Our Approach

Permissionless by design

Purple Flea is infrastructure. Like HTTP, we do not decide who uses it. But like a well-run exchange, we apply technical controls that keep the system honest.

🅋

No identity gatekeeping

AI agents do not have passports. We do not require human identity verification because most of our users are not human. An agent wallet address is sufficient identity.

📊

Technical sybil resistance

Rather than KYC, we apply on-chain wallet age checks, bet velocity limits, and faucet cooldowns to prevent abuse. Controls are technical, not bureaucratic.

🛠

Provably fair outcomes

Every casino result includes a cryptographic proof. Any agent or operator can independently verify fairness without trusting Purple Flea's word.

🔎

Transparent fee structure

1% escrow fee on release, 15% referral on fees. No hidden charges, no withdrawal fees, no spread manipulation. All costs are documented and deterministic.

🔓

Operator sovereignty

Operators who build on Purple Flea set their own rules for their users. They may add KYC, geofencing, or sector-specific compliance layers without Purple Flea's involvement.

📚

Public research commitment

We publish research on agent financial infrastructure through open academic channels. Our approach is documented at doi.org/10.5281/zenodo.18808440.

What We Do

Controls we apply at the protocol level

Purple Flea implements technical controls to keep the platform functioning fairly. These are not compliance measures — they are engineering decisions to prevent abuse.

Rate limiting and velocity controls

Each agent ID is subject to per-endpoint rate limits. These prevent single agents from monopolizing resources and create a fair environment for all participants.

  • Casino bets are capped at 500 per agent per 24-hour window
  • Escrow creation is limited to 100 concurrent open positions per agent
  • Faucet claims are restricted to one per wallet address per 7 days
  • Trading orders are throttled to 60 per minute per agent ID
  • Wallet sends are limited to 200 USDC per transaction for new agents

Sybil resistance mechanisms

We cannot stop a determined actor from creating many wallets, but we make abuse economically unattractive by requiring on-chain wallet age for full service access.

  • Faucet requires wallet to have at least one prior on-chain transaction
  • Escrow as payee requires agent ID with at least 24-hour registration age
  • Large bet limits unlock progressively with verified transaction history
  • Referral fees require escrow completion, not just referral registration
  • API abuse detection triggers temporary agent-level throttling automatically

Provably fair casino implementation

verify-fairness.py
import hashlib
import hmac
import json

def verify_casino_result(bet_response: dict) -> bool:
    """
    Verify a Purple Flea casino result is provably fair.
    Every bet response includes server_seed_hash, client_seed,
    nonce, and proof_hash. This function recomputes and checks.
    """

    server_seed_hash = bet_response['serverSeedHash']
    client_seed      = bet_response['clientSeed']
    nonce            = bet_response['nonce']
    proof_hash       = bet_response['proofHash']
    result           = bet_response['result']

    # Reconstruct the HMAC-SHA256 proof
    message = json.dumps({
        'serverSeedHash': server_seed_hash,
        'clientSeed':     client_seed,
        'nonce':          nonce,
        'result':         result,
    }, separators=(',', ':'), sort_keys=True)

    # Compute expected proof using public verification key
    expected = hmac.new(
        key=b'purple-flea-public-verify-v1',
        msg=message.encode(),
        digestmod=hashlib.sha256
    ).hexdigest()

    is_valid = hmac.compare_digest(expected, proof_hash)
    print(f"Proof {'VALID' if is_valid else 'INVALID'}: {proof_hash[:16]}...")
    return is_valid


# Example: verify a bet result from the casino API
bet_result = {
    "game":           "dice",
    "result":         "72",
    "won":            True,
    "payout":         1.96,
    "serverSeedHash": "a1b2c3d4e5f6...",
    "clientSeed":     "agent_seed_xyz",
    "nonce":          1042,
    "proofHash":      "7f8e9d0a1b2c...",
}

verify_casino_result(bet_result)
# => Proof VALID: 7f8e9d0a1b2c...
What We Don't Do

What Purple Flea explicitly does not do

Clarity matters. Here is a precise list of compliance activities Purple Flea does not perform, and why.

✓ Purple Flea handles
Rate limiting — per agent ID, enforced server-side at all endpoints
Provably fair games — cryptographic proofs included with every casino result
Fee transparency — all fees documented, deterministic, and publicly disclosed
Escrow security — funds locked until explicit release conditions are met by payer
Wallet age checks — basic sybil deterrence without collecting personal information
Abuse throttling — automated detection of anomalous API usage patterns
Transparent pricing — no hidden spreads, no dynamic fee manipulation, ever
× Purple Flea does not handle
×
KYC / AML verification — we do not collect, store, or verify human identity
×
Suspicious activity reporting — we do not file SARs with any financial regulator
×
Sanctions screening — we do not screen wallets against OFAC or equivalent lists
×
Geofencing — we do not restrict access by IP address or jurisdiction
×
Chargeback or dispute handling — crypto transactions are final; no reversals
×
Tax reporting — we do not generate 1099s, W-8s, or equivalent filings
×
Regulated money transmission — Purple Flea is not a licensed money services business

Legal Notice

Purple Flea operates as an AI agent infrastructure provider, not as a regulated financial institution. We do not hold money transmission licenses, gambling licenses, or securities licenses in any jurisdiction. If your deployment requires compliance with applicable gambling, financial services, or money transmission regulation, that compliance obligation rests entirely with the operator.

By accessing Purple Flea services, you represent that you are authorized to do so under the laws of your jurisdiction and that you accept full responsibility for your compliance obligations.

Operator Responsibility

What operators are responsible for

If you build a product on top of Purple Flea that serves human end-users or operates within regulated industries, the compliance burden for those use cases is yours.

ActivityOwnerNotes
Rate limiting per agent IDPurple FleaEnforced server-side, not configurable per operator
Provably fair game resultsPurple FleaCryptographic proofs on all casino outcomes
Escrow fund securityPurple FleaFunds locked on-chain until explicit release
KYC of end usersOperatorRequired if you offer gambling to humans in licensed jurisdictions
AML / SAR filingsOperatorApplies if your business is subject to BSA/AML obligations
Geofencing / jurisdiction blockingOperatorUS, UK, and other regulated jurisdictions for gambling products
Tax reporting to usersOperator1099s, etc. if your platform provides fiat on/off ramps
Responsible gambling toolsOperatorSelf-exclusion, spend limits if regulated gambling license applies
Data protection (GDPR/CCPA)BothOperators collect user data; Purple Flea only sees wallet addresses
Terms of service displayBothPurple Flea publishes its terms; operators must publish their own

Adding your own compliance layer

Operators can wrap Purple Flea APIs in their own compliance middleware. The pattern below shows how to add KYC verification and geofencing before forwarding requests to Purple Flea.

operator-compliance-middleware.py
import httpx
from fastapi import FastAPI, HTTPException, Request
from pydantic import BaseModel
from typing import Optional

app = FastAPI(title="Operator Compliance Proxy")

PURPLE_FLEA_CASINO = "https://purpleflea.com/casino-api"
PURPLE_FLEA_ESCROW = "https://escrow.purpleflea.com"

# ---- Your compliance checks ----

async def check_kyc(wallet: str) -> bool:
    """Check your KYC database. Return True if verified."""
    # Integrate your KYC provider (Persona, Jumio, Onfido, etc.)
    kyc_result = await your_kyc_provider.check(wallet)
    return kyc_result.status == "approved"

async def check_jurisdiction(ip_address: str) -> bool:
    """Block restricted jurisdictions. Return True if allowed."""
    # Use MaxMind or similar for IP geolocation
    country = await geoip.lookup(ip_address)
    blocked = ["US", "GB", "AU"]  # your blocked list
    return country not in blocked

async def check_spend_limit(wallet: str, amount: float) -> bool:
    """Responsible gambling: daily spend limit check."""
    daily_spent = await db.get_daily_spend(wallet)
    limit = await db.get_user_limit(wallet, default=100.0)
    return (daily_spent + amount) <= limit


# ---- Compliant casino proxy endpoint ----

class BetRequest(BaseModel):
    wallet:     str
    game:       str
    amount:     float
    prediction: Optional[str] = None

@app.post("/casino/bet")
async def compliant_bet(bet: BetRequest, request: Request):
    # 1. Check KYC status
    if not await check_kyc(bet.wallet):
        raise HTTPException(403, "KYC verification required")

    # 2. Check jurisdiction
    client_ip = request.client.host
    if not await check_jurisdiction(client_ip):
        raise HTTPException(451, "Service unavailable in your region")

    # 3. Check responsible gambling limits
    if not await check_spend_limit(bet.wallet, bet.amount):
        raise HTTPException(422, "Daily spend limit reached")

    # 4. Forward to Purple Flea (compliance passed)
    async with httpx.AsyncClient() as client:
        resp = await client.post(
            f"{PURPLE_FLEA_CASINO}/bet",
            json=bet.dict()
        )
        resp.raise_for_status()

    # 5. Log for AML audit trail
    await audit_log.record({
        "type":   "casino_bet",
        "wallet": bet.wallet,
        "amount": bet.amount,
        "result": resp.json(),
    })

    return resp.json()

Tip: If you are building on Purple Flea for a regulated market (licensed gambling, money services, etc.), route your API calls through a proxy like the one above. Purple Flea never sees your users' personal information, and you maintain full audit logs for regulators.

Terms of Use

Platform terms and conditions

By accessing Purple Flea services you agree to the following. These terms apply to direct API access, MCP tool integration, and any operator-built product using our infrastructure.

Full Legal Disclaimer

Purple Flea is a technology infrastructure provider. It is not a licensed gambling operator, financial institution, money transmitter, broker-dealer, investment advisor, or exchange in any jurisdiction. Nothing on this site constitutes financial, legal, tax, or investment advice.

USDC transactions facilitated through Purple Flea are final and irreversible. Casino games involve risk of loss. Trading involves risk of loss. Escrow funds are released by the payer agent — Purple Flea cannot intervene in disputed escrow situations.

If you are in a jurisdiction where online gambling, cryptocurrency services, or autonomous agent finance is prohibited or regulated, you are responsible for ensuring your use of Purple Flea is lawful. Purple Flea disclaims all liability arising from unlawful use of its infrastructure.

Build compliant agent finance

Start with the faucet, add your own compliance layer, and deploy a regulated agent product on Purple Flea infrastructure. The technical primitives are ready.

🆕 Get Free USDC White Label →

Questions? Contact us at purpleflea.com