agentguard-spend 0.4.2

Local-runtime spend caps and capability-gated model routing for AI agents. Prompts, API keys, and signing keys stay inside the customer runtime. Zero data plane involvement.

agentguard-spend

AgentGuard proves what your AI agent attempted, who authorized it, what it cost, and whether it succeeded.

Local-runtime spend caps, capability-gated model routing, and Ed25519-signed receipts for AI agents.

Also available in: Español (LATAM) · Português (BR)

Every policy decision runs inside your process. Prompts, completions, provider API keys, signing keys, policies, and cost overrides never go to AgentGuard infrastructure. OpenRouter calls go directly from your runtime to openrouter.ai with your key.

Quickstart in 90 seconds

pip install agentguard-spend
agentguard auth openrouter
agentguard wizard

The wizard writes:

• ~/.agentguard/policy.yaml
• ~/.agentguard/quickstart.ts
• ~/.agentguard/quickstart.py

It also prints the snippet to paste into your app:

const response = await guardedClient.chat.completions.create({
  model: 'openai/gpt-4o-mini',
  messages: [{ role: 'user', content: 'Run the governed task.' }],
});

Then run your agent. AgentGuard decides locally before any provider call starts, signs the receipt, and applies allow, downgrade, shadow, or block.

Need help configuring? Run agentguard advisor

agentguard advisor uses your OpenRouter key, or any OpenAI-compatible endpoint you pass with --base-url, to run a local setup dialogue in your terminal. AgentGuard infrastructure never sees the prompts, completions, keys, policy details, or session log.

agentguard advisor

Advisor writes ~/.agentguard/policy.yaml, a language-aware quickstart file, projected savings math, and a local JSONL session log under ~/.agentguard/advisor-sessions/.

Governance Posture

Advisor asks for one operating-style input and uses it to shape the generated policy.

• velocity: high-ship software and AI teams. Starts in shadow, uses permissive capability tiers, and downgrades aggressively to cheaper models.
• standard: most SaaS, e-commerce, real estate, agencies, local services, and startups. Starts in enforce, uses balanced capability tiers, and keeps 90 days of audit retention.
• compliance: law, healthcare, dental, accounting, SOX, fintech, and regulated workflows. Starts in canary, requires stricter capability tiers, blocks regulated overflow instead of downgrading, and keeps 7 years of audit retention.

Override the suggestion when you already know how the team operates:

agentguard advisor --posture velocity
agentguard advisor --posture compliance

custom posture is reserved for the Solo tier Outcome Builder.

Why OpenRouter?

One OpenRouter key gives your team access to hundreds of models across many providers. Your CFO sees one invoice. AgentGuard enforces who uses what, which task tiers can reach which models, and what each call can spend. The OpenRouter key can live in OPENROUTER_API_KEY or ~/.agentguard/openrouter-key with mode 600.

Sync pricing when you want local cost math refreshed:

agentguard models --sync-pricing
agentguard models --task payment-approval
agentguard models --search gpt-4o --json

Pricing overrides are stored locally in ~/.agentguard/cost-overrides.json.

Verify any receipt

Share https://agentguard.run/verify with an auditor or reviewer. Paste a receipt and public key in the browser to verify the Ed25519 signature, entry hash, and chain link. The receipt never leaves the page.

CLI verification is still local:

agentguard demo
agentguard verify --trace latest

Task templates

agentguard wizard ships templates for:

• risk-review: read-only review with a $0.50 per-call cap
• payment-approval: payment initiation review with a $5.00 per-call cap
• chargeback-evidence: evidence assembly with a $1.00 per-call cap
• agent-support: data-write support workflow with a $0.25 per-call cap
• code-scan: long-context read-only scan with a $0.10 per-call cap

Each template sets recommended OpenRouter model assignments, capability tier, fallback model, caps, and system instructions.

Provider bindings

TypeScript includes native OpenAI, Anthropic, and Bedrock bindings. Streaming usage is settled from provider usage events when available, with local token-estimator fallback when usage is missing. Settlement entries are signed into the same hash chain as enforcement decisions.

Python includes OpenAI, Anthropic, Bedrock, LangChain, CrewAI, and LlamaIndex integration helpers.

No proxy

AgentGuard Spend is a library, not a gateway. It does not proxy traffic, store prompts, hold provider keys, or host policy state. The signed log lives in your storage.

Telemetry

Telemetry is opt-in. Set AGENTGUARD_TELEMETRY=1 or run agentguard telemetry enable. The beacon sends only SDK version, runtime, OS family, anonymous install ID, CI flag, TTY flag, and event name. No prompts, completions, provider keys, signing keys, policy details, or cost overrides are sent.

License and usage thresholds

The SDK is free for evaluation, prototyping, non-commercial development, and production deployments processing up to 10,000 enforcement calls per calendar month. Commercial use above that threshold requires a paid license from Dunecrest Ventures Inc. Full terms are in LICENSE.

Patent notice

Protected by U.S. patent-pending technology (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; 64/071,781; 64/071,789). 35 U.S.C. § 287 constructive notice. Additional patents pending.