USE CASE · Coding agents

Compute, APIs, SaaS —
without leaking the credit card.

Coding agents spin up cloud instances, top up OpenAI / Anthropic credits, buy SaaS seats, and pay per-call APIs on their own scoped Visa. Hard caps per service, MCC merchant locks, instant kill if compromised.

$500/d
default cap
412ms
card provision
1-call
card kill
x402
pay-per-call
The problem

Why the corporate card
doesn't work for this agent.

One shared card = blast radius

Coding agents on a shared OpenAI key with a corporate Amex on file: a single prompt-injection and the agent buys $40k of compute on a foreign account. You see it 24 hours later.

Per-service caps are manual

OpenAI's spending limit is set once a month. Vercel's, separately. AWS's via Budgets. No unified view, no automatic throttle, no real cap.

Reconciling is misery

Twelve AWS sub-accounts, four SaaS subscriptions, two AI API charges, all on the same master card. Which feature shipped this week consumed what cost? Nobody knows.

What the wallet ships with

Everything this agent needs.
Nothing it doesn't.

Per-service virtual cards
One card per provider: OpenAI, Anthropic, AWS, Vercel, GitHub, Snowflake. Each has its own monthly cap and merchant lock. Compromise on one doesn't touch the others.
MCC merchant lock
Cards lock to a single merchant on issuance — e.g., the OpenAI card simply can't charge anything other than OpenAI. Network-level refusal, no application logic.
x402 pay-per-call
Agent pays a $0.002 API call inline over HTTP 402 — no subscription, no monthly retainer, settle in 200ms on USDC. Built for true micropayments.
Instant kill switch
POST /api/agents/:id/cards/:cardId/freeze — card stops authorizing within 1 second. Used in CI for ephemeral cards or in incident response for compromised agents.
Per-PR / per-deploy budgets
Set a $20 cap per PR for the CI agent. If the agent's compute spend on the PR crosses $20, it stops and posts a comment for approval — you don't get the surprise $2k AWS bill on Monday.
Cost attribution by trace
Every charge carries a trace ID linked to the PR / feature / sprint. SQL-join your AgentWallet ledger against your engineering issue tracker to see real per-feature spend.
Burst handling
Coding agents have spiky traffic. Cap is rolling 24h, not calendar-day, so a single 9 PM compute burst doesn't trip a hard stop on a midnight-PT calendar reset.
Multi-currency
Agent pays Hetzner in EUR, OVH in EUR, GitHub in USD, Selectel in USD. Each card is FX-aware; cap is enforced in the cap-currency, not the merchant currency.
A day in the life

From mandate to settlement.

01
01 · Provision

Agent comes online

New coding agent is created. Provisioning emits one card per default service in 412ms. Caps default from the policy template.

02
02 · Build

Agent spends

Agent runs CI, hits AWS, OpenAI, GitHub, Vercel — each on its scoped card. Trace IDs tie every charge to the PR or task that triggered it.

03
03 · Cap

Hits the limit

OpenAI spend crosses the daily cap. Agent stops; posts an approval card to Slack with cost context. Engineering lead taps approve; cap is bumped for the day.

04
04 · Reconcile

End of sprint

Engineering manager exports the agent's ledger grouped by trace ID. Sees per-PR cost broken out by service. Catches the runaway integration test in seconds.

Vendors typically allowlisted

Plug-and-play merchant lists.

Curated merchant allowlists ship with the wallet template. Add your own in one API call or one click in the portal.

AWSGCPAzureHetznerOVHVercelRenderFly.ioOpenAIAnthropicGoogle AIReplicateModalGitHubGitLabBitbucketSentryDatadogPagerDutySnowflakeStripeTwilio
Recommended starter policy

Defaults you can flex.

Daily cap (rolling)$500
Monthly cap$10,000
Per-PR cap (CI agent)$20
OpenAI/Anthropic monthly$2,000
AWS monthly$5,000
x402 USDC inlineAllowed up to $5/call
In depth

Everything else you need to know.

Why coding agents need scoped cards, not shared keys.

Every coding agent that's ever shipped to production has had at least one near-miss with cost: a runaway training job, an infinite-loop CI run, a model that called itself recursively because the prompt didn't say not to. The blast radius of one of these on a shared corporate card is unbounded until a human notices — usually 24+ hours later when the cost alert fires.

AgentWallet provisions one Visa per service that the agent uses, with a hard daily cap enforced at network authorization time. The OpenAI card simply cannot charge AWS; the AWS card cannot charge Vercel. If the agent goes rogue or its prompt is injected, the maximum loss is the cap on whichever card is in scope — and that cap is enforced by the card network in milliseconds, not by application code that might have a bug.

x402: pay-per-call without subscriptions.

Many agent workflows want to call an API once, pay for that call, and never see the merchant again — e.g., a one-off geocoding lookup, a one-off LLM judge call, a one-off web scrape. The traditional model (sign up for the API, get a key, pay monthly) breaks for ephemeral or single-call usage.

AgentWallet implements x402 — the proposed HTTP standard for inline payments. The agent hits the API; the API responds with HTTP 402 and a price (in USDC, EUR, USD, or one of 91 currencies). The agent's wallet auto-pays inline (subject to a per-call policy cap) and retries with the proof. Settlement is sub-second on USDC. No subscription, no per-merchant key management, no manual rotation.

Per-PR / per-feature cost attribution.

The trace ID on each AgentWallet charge is propagated from the agent's call context. If your CI agent is told 'work on PR #4823,' every downstream charge — AWS minutes, OpenAI tokens, GitHub Actions seats — is tagged with PR-4823. At quarter end, your finance team can join AgentWallet's ledger export against your engineering tracker and produce real per-feature unit economics.

This is the difference between knowing 'engineering spent $84k on AI last quarter' and knowing 'feature A cost $2.1k to ship; feature B cost $14.7k to ship and never got merged.' Many teams discover that 5% of their PRs consume 60% of their AI budget — usually from one badly-prompted retry loop — and only see it once attribution is automatic.

Kill switch and incident response.

If a coding agent is compromised — leaked key, model jailbreak, supply-chain attack on a dependency — the response window matters. AgentWallet's freeze endpoint takes effect within 1 second across all card-network authorization paths, so the maximum additional loss after detection is whatever's already in flight (typically under $50).

Freezes are reversible: POST /api/agents/:id/cards/:cardId/unfreeze restores authorization. The audit ledger records who froze, when, why, and what charges were attempted during the freeze window. This is the difference between an incident postmortem that's 'we lost $4,800 because rotation took 6 minutes' and 'we lost $0 because the freeze landed before the next auth.'

FAQ

Common questions.

Can the agent pay per-call APIs without a subscription?
Yes — that's exactly what x402 is for. The agent's wallet auto-pays inline on HTTP 402 responses, capped by a per-call policy you set. See /x402 for the full protocol.
What's the per-PR cap actually doing?
The CI agent tags every charge with the PR number as its trace ID. When the rolling total across all charges for that PR crosses the cap, the agent stops authorizing further charges on that trace and posts an approval card to Slack.
Can I attach a card to a single AWS account?
Yes — the MCC lock is one layer; the merchant lock is another. The card can be bound to AWS's specific merchant identifier so it only authorizes for that specific AWS billing entity, not for any AWS account.
What's the latency of the kill switch?
Under 1 second from the freeze API call to the card network's auth path refusing. There's always some in-flight risk (auths already past the network); typical worst-case exposure post-detection is one transaction.
Does this work for self-hosted compute (Hetzner, OVH)?
Yes. Both Hetzner and OVH accept Visa internationally; the cards work without any special integration. FX is handled at network rate; you can cap in either USD or the merchant's billing currency.
Can the agent pay in USDC for compute providers that accept it?
Yes — providers that accept USDC (Akash, RunPod, Replicate's USDC tier, some Render plans) can be paid via the agent's USDC wallet on Base. Same trace ID, same cap enforcement; the ledger row records the rail.

Ship this agent today.

Provision a wallet, attach a verified principal, set caps, plug into your LLM via MCP. Live in under a minute.