open source · x402 / AP2
A spending limit for
autonomous agents.
Zaalto SpendGuard is an open-source proxy between your AI agent and the x402 rail. Every payment passes a policy check — allow, block, or escalate — and lands in a signed log.
Apache-2.0 · Rust · runs local
deny $48.00 · cap exceeded · logged
the gap
Agentic payment standards settled how agents pay. None of them settled what stops an agent from draining a wallet. SpendGuard is the control layer that was left out.
how it works
Four steps in the payment path.
Your agent routes its x402 calls through SpendGuard. No code change — point the client at the proxy.
Each payment is checked against your cap and policy at the moment of spend.
Under the limit, the payment passes. Over it, the payment is blocked before it settles.
Every allow and block is written to an append-only log — what was paid, what wasn't, and why.
principles
Built like infrastructure that touches money.
If SpendGuard can't reach a decision, the payment does not happen. A control that fails open is not a control.
Amounts are tracked in the asset's smallest unit. No floating-point math on money, ever.
Every decision is signed and append-only — a record your auditor can verify, not just trust.
The enforcement engine is Apache-2.0. Run it yourself, read every line, fork it if you want.
get started
Set a cap. Point your agent at it.
# global cap, in USDC base units
listen = "127.0.0.1:7402"
asset = "USDC"
cap = 25_000_000 # $25.00
log = "./decisions.jsonl"allow {"amount":40000,"total":160000,"cap":25000000}
deny {"amount":48000000,"reason":"cap_exceeded"}what's next
Today SpendGuard enforces a cap and logs every decision. Next: step-up approvals, velocity and allowlists, and a console that turns the audit stream into oversight your finance team can sign off on.