AgentSpendGuard

Agent SpendGuard 是一个面向 AI Agent 的链上支出控制层。

当 AI Agent 开始自主调用付费 API、购买数据、运行高级模型或支付执行服务时，用户不应该把私钥、无限 ERC-20 授权或不透明的后端扣费能力交给 Agent。Agent SpendGuard 通过把“Agent 的消费意图”和“真实支付权限”分离，提供了一种更安全的支付模式。

用户通过 MetaMask 连接钱包，并批准一个有范围的 Advanced Permission，例如 Base Sepolia 上 1.00 USDC / 24h 的支出预算。当 Agent 想调用付费 API 时，它必须先生成一份支出决策，说明为什么要花钱、预计成本是多少、支付后预算会如何变化。SpendGuard 随后在结算前检查预算、endpoint、token、network、payTo 地址、权限状态、ERC-7710 payload 和 caveats。

项目使用 x402 作为 HTTP 付费发现和 paid request 标准，使用 ERC-7710 实现 delegated payment execution。每次付费调用都会生成新的 child delegation，并留下 payload context hash、交易 hash、服务价格、relay fee、剩余额度和失败阻断记录。

一句话总结：AI 决定何时值得花钱，SpendGuard 决定这笔钱能不能花，x402 + ERC-7710 证明它到底怎么花的。

Agent SpendGuard is an onchain spending-control layer for AI agents.

As AI agents begin to call paid APIs, buy data, run premium models, and pay for execution services, users need a safer alternative to giving agents private keys, unlimited ERC-20 approvals, or opaque backend billing access. Agent SpendGuard separates agent intent from payment authority.

A user connects MetaMask and approves a scoped Advanced Permission, such as a 1.00 USDC / 24h spending budget on Base Sepolia. When the agent wants to call a paid API, it first creates a spend decision explaining why the payment is needed, how much it expects to spend, and how the budget will change. SpendGuard then checks the request before settlement, including budget, endpoint, token, network, payTo address, permission status, ERC-7710 payload, and caveats.

The project uses x402 for HTTP payment discovery and paid requests, and ERC-7710 for delegated payment execution. Each paid call creates a fresh child delegation and leaves behind a payload context hash, transaction hash, service price, relay fee, remaining budget, and blocked-attempt evidence.

In short: AI decides when to spend. SpendGuard decides whether it may spend. x402 + ERC-7710 proves how it spent.

在本次黑客松期间，我们完成了 Agent SpendGuard 的核心 MVP，并聚焦 Best x402 + ERC-7710 赛道。

我们实现了真实 MetaMask 钱包连接和 Base Sepolia 网络约束。用户可以通过 MetaMask Advanced Permissions 批准一个 Base Sepolia USDC 的 ERC-20 periodic permission，例如 1.00 USDC / 24h，而不是给 Agent 无限 allowance 或私钥。

我们实现了 Agent spend decision layer。Agent 在付款前会生成支出理由、预计成本、预算变化和 confidence。SpendGuard 不直接相信模型判断，而是在进入 paid request 前重新执行硬策略校验，包括预算、权限状态、endpoint、method、token、network、payTo 地址和历史账本支出。

我们实现了 x402 protected seller endpoint。该接口会返回 402 Payment Required challenge，并声明 scheme=exact、assetTransferMethod=erc7710、Base Sepolia USDC、价格和收款地址。客户端随后基于已保存的 MetaMask Advanced Permission 构造 ERC-7710 payment payload。

我们完成了 ERC-7710 child delegation caveat 加固。每次 paid call 都会生成新的 payload，并包含 limitedCalls、valueLte、allowedTargets、allowedMethods、timestamp、erc20TransferAmount 等 caveats。服务端会在 settlement 前校验 payload、caveats 和 payload context hash，防止重放或不匹配支付。

我们还完成了 1Shot-supported settlement path、Dashboard 证据展示、支出账本、多次付费调用复用同一授权、超预算请求付款前阻断，以及本地验证脚本。

目前已经验证同一个 MetaMask Advanced Permission grant 支撑三次真实 Base Sepolia paid calls，每次都有独立交易 hash 和 payload context hash。超预算请求会在 paid header 和 settlement 前被阻断，不会产生钱包扣款。

During the hackathon, we built the core Agent SpendGuard MVP and focused on the Best x402 + ERC-7710 track.

We implemented real MetaMask wallet connection and Base Sepolia network enforcement. Users can approve a scoped ERC-20 periodic permission for Base Sepolia USDC through MetaMask Advanced Permissions, such as 1.00 USDC / 24h, instead of giving the agent an unlimited allowance or private key access.

We built an agent spend decision layer. Before payment, the agent generates a reason, estimated cost, projected budget impact, and confidence level. SpendGuard does not blindly trust the model. Before any paid request is submitted, it runs hard policy checks for budget, permission status, endpoint, method, token, network, payTo address, and prior ledger spend.

We implemented an x402 protected seller endpoint. The endpoint returns a 402 Payment Required challenge with scheme=exact, assetTransferMethod=erc7710, Base Sepolia USDC, price, and payTo address. The client then uses the stored MetaMask Advanced Permission to construct an ERC-7710 payment payload.

We hardened the ERC-7710 child delegation flow. Every paid call generates a fresh payload with caveats such as limitedCalls, valueLte, allowedTargets, allowedMethods, timestamp, and erc20TransferAmount. The server verifies the payload, caveats, and payload context hash before settlement to prevent replay or mismatched payments.

We also completed the 1Shot-supported settlement path, dashboard evidence rails, spend ledger, multi-call reuse from the same permission, pre-payment blocking for oversized requests, and local verification scripts.

We have verified that one MetaMask Advanced Permission grant can support three real Base Sepolia paid calls, each with its own transaction hash and payload context hash. Oversized requests are blocked before the paid header and before settlement, with no wallet debit.

Agent SpendGuard 目前是黑客松 MVP，暂未正式融资。

当前阶段的重点是验证核心技术假设：AI Agent 可以自主发起付费 API 调用，但不应该拥有无限钱包权限。我们已经通过 MetaMask Advanced Permissions、x402、ERC-7710 delegated payment payload、策略校验、链上交易证据和支出账本证明了这个方向的可行性。

项目目前以 bootstrapped 方式推进。我们对生态 grants、协议合作、钱包基础设施合作、agent payment 场景合作保持开放，尤其是与 x402、ERC-7710、account abstraction、MetaMask Smart Accounts、AI Agent 安全和链上支付相关的团队。

下一阶段计划包括：生产级权限存储与撤销体验、更多 Agent 支出策略模板、更多付费 API provider 支持、更完整的审计日志、外部验证工具、线上部署，以及面向开发者的 SpendGuard SDK。

短期优先级不是传统融资，而是完成技术验证、获得生态反馈，并把 Agent 支付安全这条链路打磨成可复用基础设施。

Agent SpendGuard is currently a hackathon MVP and is not actively fundraising.

The current focus is validating the core technical thesis: AI agents should be able to initiate paid API calls without receiving unlimited wallet authority. We have demonstrated this through MetaMask Advanced Permissions, x402, ERC-7710 delegated payment payloads, policy checks, onchain transaction evidence, and a spend ledger.

The project is currently bootstrapped. We are open to ecosystem grants, protocol partnerships, wallet infrastructure collaborations, and agent payment partnerships, especially with teams working on x402, ERC-7710, account abstraction, MetaMask Smart Accounts, AI agent safety, and onchain payments.

Next milestones include production-grade permission storage and revocation UX, more agent spending policy templates, support for more paid API providers, richer audit logs, external verification tools, hosted deployment, and a developer SDK for integrating SpendGuard into other agent workflows.

Our short-term priority is not traditional fundraising, but technical validation, ecosystem feedback, and turning agent payment safety into reusable infrastructure.