Started giving my agents my credit card

Alessandro Lombardo — Fri, 24 Apr 2026 12:52:44 +0000

I built PayGraph, an open-source Python SDK and CLI that sits between AI agents and payment rails.

Every payment tool call runs through a policy (daily budgets, transaction cap, vendor allowlist) making autonomous payments safe for AI agents.

I built it because I kept writing the same wrapper around payment tools in every agent I shipped.

It works with x402, Stripe Issuing and Stripe Shared Payment Tokens and integrates with LangGraph and CrewAI. There is a mock gateway so you can try it without spending real money.

pip install paygraph

Here's what a minimal integration looks like:

from paygraph import AgentWallet, SpendPolicy, MockGateway

wallet = AgentWallet(
    gateway=MockGateway(auto_approve=True),
    policy=SpendPolicy(
        max_transaction=25.0,
        daily_budget=100.0,
        allowed_vendors=["anthropic", "stripe"],
        require_human_approval_above=20.0,
    ),
)

result = wallet.request_spend(
    amount=4.20,
    vendor="Anthropic API",
    justification="Claude credits for document summarization.",
)

Repo: github.com/paygraph-ai/paygraph

Its early (first commit wasn't even one month ago) and I'm unsure about the following (would appreciate your take in the comments):

Daily budget race. Two concurrent requests can both pass the check before either commits, and nothing stops you from going over. Which becomes a serious problem for a multi-agent fleet. Not sure if I should move the budget into a shared ledger with CAS, or if there's a lighter primitive I'm missing.
Idempotency on retries. If the LLM retries mint_virtual_card with the same args (which happens when the harness loses a response) the gateway mints a second card. I haven't added a dedup key because I can't decide where it should live: the agent framework, the wallet, or the gateway. Each has its own tradeoffs.
x402 and reorgs. x402 payments return as soon as the facilitator confirms the HTTP 402 settlement, but on-chain the tx isn't final for several blocks. The audit log writes approved on the HTTP 200 — there's no pending → confirmed state, so a reorg would silently invalidate the trail. Not sure whether to block until finality or return optimistically and reconcile later.

If you're running agents that spend money, what's your setup? I keep finding everyone is rolling their own wrapper.

DEV Community: Alessandro Lombardo

Started giving my agents my credit card