x402-Guardrails

x402-Guard enables safe, autonomous AI agent payments through programmable spending controls and seamless cross-chain transactions. Users set daily limits, per-transaction caps, and approval thresholds to prevent runaway AI spending. The system whitelists specific API endpoints, ensuring agents can only make payments to approved services like data providers, decentralized storage, custom agent-to-agent micropayments, or other APIs.

Built on Base with USDC, x402-Guard features intelligent cross-chain routing—agents pay with Base USDC, which automatically bridges to Polygon, Arbitrum, or other networks as needed. This eliminates the complexity of managing multiple chains while maintaining security.

The dashboard provides real-time monitoring of AI spending with easily readable transaction history, daily spend tracking and whitelisted endpoints enabling use by non-technical people.

x402-Guard is built with Next.js, TypeScript, Viem v2, and Privy authentication. The core innovation is layering spending controls on top of the x402 HTTP payment protocol with automatic cross-chain bridging.

Payment Flow: We wrap Next.js route handlers with withX402 from x402-next, creating a payment verification layer. When an AI agent calls an API, our proxy fetches the target to extract payment details from the 402 response, then uses Circle's Bridge Kit SDK to automatically bridge USDC from Base to the required chain (Polygon, Arbitrum, etc.).

The Hacky Part: Handler caching was crucial—we cache withX402 wrappers by target URL and price to maintain payment session state across the multi-step bridge operation. Without this, the payment verification would fail after bridging completed.

Bridge Implementation: Using @circle-fin/adapter-viem-v2 and @circle-fin/bridge-kit, we detect the target chain from 402 responses, bridge USDC via Circle's CCTP, wait for confirmation, then make the payment on the destination chain using x402-fetch's wrapFetchWithPayment.

Guard Controls: All spending policies (daily limits, per-tx caps, approval thresholds) and endpoint whitelists persist in browser IndexedDB. No backend, no database server—everything runs client-side with Privy-authenticated wallet sessions.

Chain Support: Dynamic chain mapping supports 12 networks (6 mainnet + 6 testnet) using viem's chain objects for type-safe RPC configuration.