The spend firewall for autonomous AI agents — approve, block, or flag every transaction before a dollar moves.
Project description
sipi.bot — the spend firewall for autonomous AI agents
You gave an autonomous agent your credit card and no spending limit. sipi.bot is the firewall that approves, blocks, or flags every transaction against your rules — before a single dollar moves.
One capability, three surfaces:
- MCP tool — Claude Code / Cursor / Hermes call
evaluate_spendnatively. - HTTP API — any agent
POST /v1/transactions/evaluate. - CLI — verify without an agent.
10-second test
pip install sipi-bot
sipi-bot eval --amount 6200 --merchant unknown-gpu.ru --category compute
# -> {"decision": "BLOCKED", "reason": "Transaction $6,200.00 exceeds per-transaction limit $500.00."}
sipi-bot serve --port 8080 # landing + dashboard + API
Or from source:
python3.11 -m spendfirewall.cli eval --amount 6200 --merchant unknown-gpu.ru --category compute
Then open http://localhost:8080 (landing), http://localhost:8080/dashboard (control room), http://localhost:8080/pricing (Team $99 / Business $499).
Hosted: sipi.bot · dashboard · get an API key →
The core call an agent makes before spending
curl -X POST https://sipi.bot/v1/transactions/evaluate \
-H "Authorization: Bearer sk_live_..." \
-d '{"amount": 6200, "merchant": "unknown-gpu.ru", "category": "compute"}'
Returns one of: APPROVED (go), BLOCKED (do not spend), FLAGGED (human must approve).
Rule types
per_transaction, daily_total, velocity (runaway protection), merchant_block,
merchant_allow (allowlist), category_limit, time_window, approval_threshold.
First BLOCKED wins. FLAGGED is non-blocking (queued for human approval).
Eval gym (the guarantee + the sales asset)
python3.11 -m spendfirewall.eval.run_eval # 53 scenarios -> eval_report.json + .md
53/53 passing. Served live at /eval. This is what backs the guarantee:
if the firewall green-lights a spend that breaks your rule, that month is free.
MCP config
{ "mcpServers": { "sipi-bot": { "command": "python", "args": ["-m", "spendfirewall.mcp_server"] } } }
Framework integrations
Drop-in "spend guardrails" recipes — each verified live against https://sipi.bot:
- LangChain & CrewAI —
@tool/BaseToolwrappers + zero-depsipi_guard.pyclient - OpenAI Agents SDK —
@function_toolguard - Vercel AI SDK —
tool({execute})guard +sipiGuard.tsclient
The core call is always the same: evaluate(amount, merchant, category) → APPROVED / BLOCKED / FLAGGED.
Deploy (Fly.io)
flyctl launch --no-deploy --copy-config --name sipi-bot-firewall
flyctl volumes create sf_data --size 1 --region iad --yes
flyctl deploy
flyctl certs add sipi.bot
Stdlib-only (http.server, sqlite3). No framework, trivial deploy. pip install mcp only for the MCP surface.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sipi_bot-0.1.0.tar.gz.
File metadata
- Download URL: sipi_bot-0.1.0.tar.gz
- Upload date:
- Size: 39.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
efb7edc080b3ef8470c834052aa308b60517828f6bacb1d484513fc6ee46690f
|
|
| MD5 |
3faae9429ceeeb5e7bb39727f10c31df
|
|
| BLAKE2b-256 |
059d5410cb651f2791027f6a9501da49ab72666c0ecf138df906d0c9e0724a23
|
Provenance
The following attestation bundles were made for sipi_bot-0.1.0.tar.gz:
Publisher:
publish.yml on kindrat86/sipi-bot
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sipi_bot-0.1.0.tar.gz -
Subject digest:
efb7edc080b3ef8470c834052aa308b60517828f6bacb1d484513fc6ee46690f - Sigstore transparency entry: 2194463221
- Sigstore integration time:
-
Permalink:
kindrat86/sipi-bot@eac259c6cf87e14a72fbe6725b2d5bd2af7636eb -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/kindrat86
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@eac259c6cf87e14a72fbe6725b2d5bd2af7636eb -
Trigger Event:
push
-
Statement type:
File details
Details for the file sipi_bot-0.1.0-py3-none-any.whl.
File metadata
- Download URL: sipi_bot-0.1.0-py3-none-any.whl
- Upload date:
- Size: 44.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6d76fd9563b9a1755377202ad1ed8ed1d05e83d9cf22f97c5585decc017da1d2
|
|
| MD5 |
cfd27f145a09ae4d3ef0e22dceff8a63
|
|
| BLAKE2b-256 |
abf0a40c36a0985eab028170692bbbcaeba8e3d1ce5ea6b9a9d6d93c0ad8966e
|
Provenance
The following attestation bundles were made for sipi_bot-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on kindrat86/sipi-bot
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sipi_bot-0.1.0-py3-none-any.whl -
Subject digest:
6d76fd9563b9a1755377202ad1ed8ed1d05e83d9cf22f97c5585decc017da1d2 - Sigstore transparency entry: 2194463225
- Sigstore integration time:
-
Permalink:
kindrat86/sipi-bot@eac259c6cf87e14a72fbe6725b2d5bd2af7636eb -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/kindrat86
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@eac259c6cf87e14a72fbe6725b2d5bd2af7636eb -
Trigger Event:
push
-
Statement type: