Compute, APIs, SaaS —
without leaking the credit card.
Coding agents spin up cloud instances, top up OpenAI / Anthropic credits, buy SaaS seats, and pay per-call APIs on their own scoped Visa. Hard caps per service, MCC merchant locks, instant kill if compromised.
Why the corporate card
doesn't work for this agent.
One shared card = blast radius
Coding agents on a shared OpenAI key with a corporate Amex on file: a single prompt-injection and the agent buys $40k of compute on a foreign account. You see it 24 hours later.
Per-service caps are manual
OpenAI's spending limit is set once a month. Vercel's, separately. AWS's via Budgets. No unified view, no automatic throttle, no real cap.
Reconciling is misery
Twelve AWS sub-accounts, four SaaS subscriptions, two AI API charges, all on the same master card. Which feature shipped this week consumed what cost? Nobody knows.
Everything this agent needs.
Nothing it doesn't.
From mandate to settlement.
Agent comes online
New coding agent is created. Provisioning emits one card per default service in 412ms. Caps default from the policy template.
Agent spends
Agent runs CI, hits AWS, OpenAI, GitHub, Vercel — each on its scoped card. Trace IDs tie every charge to the PR or task that triggered it.
Hits the limit
OpenAI spend crosses the daily cap. Agent stops; posts an approval card to Slack with cost context. Engineering lead taps approve; cap is bumped for the day.
End of sprint
Engineering manager exports the agent's ledger grouped by trace ID. Sees per-PR cost broken out by service. Catches the runaway integration test in seconds.
Plug-and-play merchant lists.
Curated merchant allowlists ship with the wallet template. Add your own in one API call or one click in the portal.
Defaults you can flex.
| Daily cap (rolling) | $500 |
| Monthly cap | $10,000 |
| Per-PR cap (CI agent) | $20 |
| OpenAI/Anthropic monthly | $2,000 |
| AWS monthly | $5,000 |
| x402 USDC inline | Allowed up to $5/call |
Everything else you need to know.
x402: pay-per-call without subscriptions.
Many agent workflows want to call an API once, pay for that call, and never see the merchant again — e.g., a one-off geocoding lookup, a one-off LLM judge call, a one-off web scrape. The traditional model (sign up for the API, get a key, pay monthly) breaks for ephemeral or single-call usage.
AgentWallet implements x402 — the proposed HTTP standard for inline payments. The agent hits the API; the API responds with HTTP 402 and a price (in USDC, EUR, USD, or one of 91 currencies). The agent's wallet auto-pays inline (subject to a per-call policy cap) and retries with the proof. Settlement is sub-second on USDC. No subscription, no per-merchant key management, no manual rotation.
Per-PR / per-feature cost attribution.
The trace ID on each AgentWallet charge is propagated from the agent's call context. If your CI agent is told 'work on PR #4823,' every downstream charge — AWS minutes, OpenAI tokens, GitHub Actions seats — is tagged with PR-4823. At quarter end, your finance team can join AgentWallet's ledger export against your engineering tracker and produce real per-feature unit economics.
This is the difference between knowing 'engineering spent $84k on AI last quarter' and knowing 'feature A cost $2.1k to ship; feature B cost $14.7k to ship and never got merged.' Many teams discover that 5% of their PRs consume 60% of their AI budget — usually from one badly-prompted retry loop — and only see it once attribution is automatic.
Kill switch and incident response.
If a coding agent is compromised — leaked key, model jailbreak, supply-chain attack on a dependency — the response window matters. AgentWallet's freeze endpoint takes effect within 1 second across all card-network authorization paths, so the maximum additional loss after detection is whatever's already in flight (typically under $50).
Freezes are reversible: POST /api/agents/:id/cards/:cardId/unfreeze restores authorization. The audit ledger records who froze, when, why, and what charges were attempted during the freeze window. This is the difference between an incident postmortem that's 'we lost $4,800 because rotation took 6 minutes' and 'we lost $0 because the freeze landed before the next auth.'
Common questions.
- Can the agent pay per-call APIs without a subscription?
- Yes — that's exactly what x402 is for. The agent's wallet auto-pays inline on HTTP 402 responses, capped by a per-call policy you set. See /x402 for the full protocol.
- What's the per-PR cap actually doing?
- The CI agent tags every charge with the PR number as its trace ID. When the rolling total across all charges for that PR crosses the cap, the agent stops authorizing further charges on that trace and posts an approval card to Slack.
- Can I attach a card to a single AWS account?
- Yes — the MCC lock is one layer; the merchant lock is another. The card can be bound to AWS's specific merchant identifier so it only authorizes for that specific AWS billing entity, not for any AWS account.
- What's the latency of the kill switch?
- Under 1 second from the freeze API call to the card network's auth path refusing. There's always some in-flight risk (auths already past the network); typical worst-case exposure post-detection is one transaction.
- Does this work for self-hosted compute (Hetzner, OVH)?
- Yes. Both Hetzner and OVH accept Visa internationally; the cards work without any special integration. FX is handled at network rate; you can cap in either USD or the merchant's billing currency.
- Can the agent pay in USDC for compute providers that accept it?
- Yes — providers that accept USDC (Akash, RunPod, Replicate's USDC tier, some Render plans) can be paid via the agent's USDC wallet on Base. Same trace ID, same cap enforcement; the ledger row records the rail.
Ship this agent today.
Provision a wallet, attach a verified principal, set caps, plug into your LLM via MCP. Live in under a minute.