Stop Runaway Agent Spend.
Policy controls and audit logs for every x402 payment your AI agents make.
AI agents are spending real USDC autonomously β making x402 payments to APIs, data feeds, and compute services with no guardrails.
GuardX402 sits between your agent and every x402 payment. Before any payment executes, GuardX402 checks it against your policy. Approved or blocked in under 200ms. Everything logged. Your team sees it all in real time.
Agent β POST /api/guard/check β Policy Check β Approved β OWS Signs β x402 Payment
β
Blocked β Agent Stops
1. Register your agent at guardx402.com β set a budget, per-call limit, and alert threshold.
2. Add one line to your agent code:
const check = await fetch('https://guardx402.com/api/guard/check', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': 'ng_your_key_here'
},
body: JSON.stringify({
endpoint: 'https://api.perplexity.ai/chat',
amount: 0.002,
chain: 'BASE'
})
});
const { approved, reason } = await check.json();
if (!approved) throw new Error(`Blocked: ${reason}`);
// proceed with x402 payment3. Done. GuardX402 tracks spend, enforces policy, and alerts your team.
curl -X POST https://guardx402.com/api/guard/check \
-H "Content-Type: application/json" \
-H "x-api-key: ng_demo_research_key" \
-d '{"endpoint":"https://api.perplexity.ai","amount":0.002,"chain":"BASE"}'Expected response:
{
"approved": true,
"budgetRemaining": 4.998,
"budgetLimit": 5.00,
"auditId": "audit-xyz789"
}GuardX402 is built on the Open Wallet Standard by MoonPay.
- OWS handles secure key storage and transaction signing β private keys never touch your agent code
- GuardX402 handles spend policy enforcement, budget tracking, and audit logging
import { createWallet, signMessage } from '@open-wallet-standard/core';
// Create encrypted agent wallet β keys stored at ~/.ows/
const wallet = createWallet('my-agent');
// GuardX402 checks policy β OWS signs if approved
const check = await fetch('https://guardx402.com/api/guard/check', {
method: 'POST',
headers: { 'x-api-key': 'ng_your_key_here' },
body: JSON.stringify({ endpoint, amount, chain: 'BASE', owsSigned: true })
});
const { approved, auditId } = await check.json();
if (!approved) throw new Error('Blocked by GuardX402');
const sig = await signMessage(wallet, 'evm', canonicalMessage);Check a payment against the agent's policy before executing.
| Field | Type | Description |
|---|---|---|
endpoint |
string | Full URL being paid |
amount |
number | USDC amount from 402 response |
chain |
SOL | BASE |
Chain for payment |
owsSigned |
boolean | Whether OWS will handle signing |
Block reasons:
| Reason | Description |
|---|---|
budget_exceeded |
Would exceed daily/weekly/monthly limit |
per_call_max |
Single call exceeds maximum |
domain_blocked |
Domain not in allowlist (Pro) |
velocity_exceeded |
Too many calls per hour (Pro) |
agent_paused |
Agent paused by team owner |
Log the on-chain transaction hash after payment settles.
{
"auditId": "audit-xyz789",
"txHash": "0xabc123...",
"owsSigned": true
}| Free | Premium | Pro | |
|---|---|---|---|
| Price | $0/mo | $15/mo | $35/mo |
| Agents | 1 | 5 | Unlimited |
| Checks/mo | 500 | 10,000 | 50,000 |
| Audit history | 7 days | 30 days | 90 days |
| Webhooks | β | β | β |
| CSV export | β | β | β |
| Velocity controls | β | β | β |
| Domain allowlist | β | β | β |
| Team seats | 1 | 3 | 10 |
| Layer | Technology |
|---|---|
| Framework | Next.js 16.2.2 App Router + TypeScript |
| Database | Supabase (PostgreSQL) + Drizzle ORM |
| Cache | Upstash Redis |
| Auth + Billing | Crossmint (embedded wallet + NFT subscriptions) |
| Wallet Signing | Open Wallet Standard v1.2.4 |
| Payment Protocol | x402 |
| Chains | Solana + Base |
| Styling | Tailwind CSS |
| GuardX402 | Enterprise alternatives | |
|---|---|---|
| Signup | Email, 2 minutes | Sales call required |
| Pricing | From $0/mo (Free plan) | Custom enterprise pricing |
| Setup | One line of code | Complex integration |
| Chains | Solana + Base | Usually EVM only |
| OWS support | β Native | β None |
| Open source | β MIT | β Closed source |
| Target | Solo devs to enterprise | Enterprise only |
git clone https://github.com/luacantu/guardx402.git
cd guardx402
npm installCopy .env.example to .env.local and fill in your keys:
cp .env.example .env.localRequired environment variables:
DATABASE_URL=
SUPABASE_URL=
SUPABASE_ANON_KEY=
UPSTASH_REDIS_REST_URL=
UPSTASH_REDIS_REST_TOKEN=
CROSSMINT_SERVER_API_KEY=
CROSSMINT_PRO_COLLECTION_ID=
NEXT_PUBLIC_CROSSMINT_PROJECT_ID=
NEXT_PUBLIC_CROSSMINT_PRO_COLLECTION_ID=
NEXT_PUBLIC_CROSSMINT_CLIENT_KEY=
NEXT_PUBLIC_CROSSMINT_ENVIRONMENT=staging
Run the development server:
npm run devPush the database schema:
npx drizzle-kit pushSeed demo data:
curl http://localhost:3000/api/seedGuardX402 was built for the Open Wallet Standard Hackathon β three rounds of building on the OWS protocol by MoonPay.
OWS + GuardX402 = complete agent payment safety stack.
OWS gives agents wallets. GuardX402 gives those wallets spending rules.
MIT Β© 2026 Luana Cantu
Built in Miami, FL π΄
