tate@programs ~/services/agent-spend-guard caps / retries / bills / paid tools

agent spend guard / may 2026

Before agents run longer, set the hard stop.

Coding agents, managed agents, browser agents, and paid API calls can now run in loops across files, tools, payments, and background jobs. This review maps the spend blast radius and the controls that stop a small task from becoming a real bill.

request scope pay $199 after scope build payment policy payment launch review

entry: $99 quick map
full review: $199
delivery: 48h

spend.guard

$ map --agent-costs
inputs: model, tools, paid APIs, workers
caps: per-call, per-task, per-day, per-user
loop-risk: retries, queues, cron, webhooks
evidence: usage log, denial log, receipt log
output: stop rules + patch order

why now

Agent infrastructure moved faster than most billing controls.

source trail

Long-running jobs

Remote and managed agents can keep working after the first prompt. The review checks where the system stops by policy, not by trust.

Tool fleets

One task may call browsers, file tools, paid APIs, search, model endpoints, webhooks, and queues. The map shows every spend path.

Retry storms

Failed jobs, partial payments, transient 500s, and invalid tool output can multiply cost unless retries have budgets and idempotency.

review checklist

What gets checked.

The review stays inside the authorized project, docs, logs, repo, or sandbox you provide. It does not place trades, move funds, create accounts, bypass limits, or trigger paid calls unless you provide a written test scope.

Spend inventory

Models, paid APIs, x402 routes, browser actions, job queues, scheduled runs, hosted tools, storage, and webhook fanout.

Hard caps

Per-call, per-task, per-user, per-session, per-day, and per-provider limits enforced outside prompt text.

Retry budget

Duplicate request ids, exponential backoff, max retries, paid-but-denied recovery, queue poison messages, and cron re-entry.

Approval gates

Thresholds where the agent must stop for human approval before spend, account changes, deployments, or external publication.

Usage evidence

Usage logs, denial logs, payment receipts, provider bills, trace ids, and reconciliation fields that prove the cap actually worked.

Kill switch

Immediate stop path for one user, one project, one key, one provider, or the whole agent fleet without waiting on code deploys.

deliverable

A short private patch order, not a giant audit.

send scope

map Cost surface diagram.

Every route from user action to model/tool/API spend.

caps Hard-stop table.

Where caps live, what they block, and what evidence proves it.

patch Smallest next fixes.

Prioritized by real billing blast radius and implementation effort.

source trail

Why this service exists now.

Google I/O

Managed agents and Antigravity

Google's 2026 developer announcements moved agent infrastructure closer to managed, production-facing workflows.

developer keynote notes

OpenAI

Codex-style work is operational

Agent work increasingly spans files, tools, review loops, and remote execution, which makes cost boundaries part of launch readiness.

Codex app

Stainless

SDK and MCP plumbing shifted

The Anthropic/Stainless acquisition made generated clients and tool interfaces a board-level infrastructure topic.

TechCrunch report

Cost signal

Runaway usage is visible

Large public agent-runtime bills made token and tool spend governance an urgent product concern, not a theoretical one.

usage story

Start here

Send the repo, docs, usage concern, and the places an agent can spend.

Request review