DEV Community

Alessandro Lombardo
Alessandro Lombardo

Posted on

Started giving my agents my credit card

#python #ai #programming

I built PayGraph, an open-source Python SDK and CLI that sits between AI agents and payment rails.

Every payment tool call runs through a policy (daily budgets, transaction cap, vendor allowlist) making autonomous payments safe for AI agents.

I built it because I kept writing the same wrapper around payment tools in every agent I shipped.

It works with x402, Stripe Issuing and Stripe Shared Payment Tokens and integrates with LangGraph and CrewAI. There is a mock gateway so you can try it without spending real money.

pip install paygraph
Enter fullscreen mode Exit fullscreen mode

Here's what a minimal integration looks like:

from paygraph import AgentWallet, SpendPolicy, MockGateway

wallet = AgentWallet(
    gateway=MockGateway(auto_approve=True),
    policy=SpendPolicy(
        max_transaction=25.0,
        daily_budget=100.0,
        allowed_vendors=["anthropic", "stripe"],
        require_human_approval_above=20.0,
    ),
)

result = wallet.request_spend(
    amount=4.20,
    vendor="Anthropic API",
    justification="Claude credits for document summarization.",
)
Enter fullscreen mode Exit fullscreen mode

Repo: github.com/paygraph-ai/paygraph

Its early (first commit wasn't even one month ago) and I'm unsure about the following (would appreciate your take in the comments):

  • Daily budget race. Two concurrent requests can both pass the check before either commits, and nothing stops you from going over. Which becomes a serious problem for a multi-agent fleet. Not sure if I should move the budget into a shared ledger with CAS, or if there's a lighter primitive I'm missing.

  • Idempotency on retries. If the LLM retries mint_virtual_card with the same args (which happens when the harness loses a response) the gateway mints a second card. I haven't added a dedup key because I can't decide where it should live: the agent framework, the wallet, or the gateway. Each has its own tradeoffs.

  • x402 and reorgs. x402 payments return as soon as the facilitator confirms the HTTP 402 settlement, but on-chain the tx isn't final for several blocks. The audit log writes approved on the HTTP 200 — there's no pending → confirmed state, so a reorg would silently invalidate the trail. Not sure whether to block until finality or return optimistically and reconcile later.

If you're running agents that spend money, what's your setup? I keep finding everyone is rolling their own wrapper.

Top comments (0)