In the race to govern AI agents, Microsoft's Agent Governance Toolkit (AGT) has become a popular choice. It integrates with Azure, supports OPA/Rego policies, and offers a 4‑tier sandbox ring.
But there's a critical gap. And it's been sitting in their GitHub issues for over a year.
Issue #42: Stateful budget policies.
Without stateful budgets, your agents can spend unlimited resources over time. Here's why that matters—and how ORBIT solves it.
🔴 The Problem: Stateless Budgets Are a Leaky Sieve
Microsoft AGT enforces per‑task budgets. Each tool invocation is checked against a fixed limit. If the task costs $0.50 and the limit is $1.00, it passes.
But what happens when an agent runs 100 tasks in a day? Or 10,000?
Nothing. There is no cumulative tracking. A malicious or runaway agent can exhaust your API credits, compute resources, or cloud budget in hours.
This is not theoretical. Langflow CVE‑2026‑33017 showed how fast ungoverned agents can cause damage. Budget exhaustion is the next frontier.
🛡️ How ORBIT Enforces Stateful Budgets
ORBIT tracks cumulative spend across three time windows:
- 24 hours
- 7 days
- 30 days
Every tool invocation is logged to budget_history.jsonl with a timestamp, agent ID, and cost. The policy engine (OPA/Rego) checks cumulative limits before allowing execution.
python
# ORBIT budget check (simplified)
spent_24h = get_spend_last_24h(agent_id)
if spent_24h + cost > max_24h:
return False # ❌ Blocked
Demo: In our 90‑second walkthrough, we pre‑load $1.50 of usage, then run an echo command that costs $0.50. The first call passes (total $2.00 = limit). The second call is blocked with:
BLOCKED: 24h budget exceeded: spent $2.00, limit $2.00
📊 The Competitive Landscape
Feature ORBIT Microsoft AGT Claude Managed
Per‑task budget ✅ ✅ ❌
24h cumulative budget ✅ ❌ ❌
7d / 30d cumulative budget ✅ ❌ ❌
Self‑hosted ✅ ✅ ❌
Microsoft's own issue thread acknowledges the gap. As of April 2026, Issue #42 remains open with no ETA.
🤔 Why Microsoft Hasn't Fixed This (Speculation)
Stateful budgets require persistent state—a database that tracks every transaction across agent sessions. This conflicts with AGT's "stateless by design" philosophy. Adding state introduces complexity they've been unwilling to tackle.
ORBIT was built from day one with stateful enforcement. Our budget engine is a core pillar, not an afterthought.
🚀 Get Started
ORBIT is open‑source and runs entirely on your hardware. No Azure subscription required.
👉 GitHub: highriseliving777/orbit
🎥 Demo (90 sec): Watch on YouTube
Don't let your agents spend you into the ground. Govern them with ORBIT.
Previously: How ORBIT Solves the Langflow CVE‑2026‑33017 Vulnerability. Next up: "The Lovable Data Exposure – A Case Study in Agent Governance."
Top comments (0)