BUDGENT[ ] NON-CUSTODIAL WALLET FOR AI AGENTS ·$BDGT ·SOLANA ·USDC EDITION 2026.06.23

Budget for your agent,
not keys to your wallet.

A private key gives an agent all your funds. Budgent gives it a budget the chain enforces — per-tx caps, daily limits, a recipient allowlist, an owner co-sign threshold. Break a rule and the network reverts the transfer, not us.

  • [ On-chain enforced ]
  • [ REST, not x402 ]
  • [ Context-tagged ]
Open the console ↓ How it works Spend dashboard Integrations
DISPATCH gpu.inference.io · 18.00 USDC · SETTLED

[ ] HOW IT WORKS

From a funded vault to autonomous, bounded spend — in four steps.

  1. 01

    Fund the vault

    Top up a Vault PDA — a program-derived account on Solana with no private key. Your master authority never leaves your wallet.

  2. 02

    Write the budget

    Set a per-tx cap, a daily limit, a recipient allowlist, and a co-sign threshold. The agent gets a delegate key — never your keys.

  3. 03

    The agent pays

    Explicit REST calls: create intent → policy check → on-chain → receipt. The program checks every rule; break one and the transfer is reverted.

  4. 04

    You read it by context

    Every payment is tagged with domain, resource, and task — spend grouped by where it went. Revoke the delegate any time, instantly.

[ ] THE AUTHORITY CONSOLE

This is exactly what the program does on Solana — the same budget rules it enforces in consensus on every transfer. Set a budget, run the agent, and watch each payment settle, get reverted by the rules, or be held for co-sign. Tighten the budget, re-run the same task, and watch strictly more transfers get reverted.

[ Program H9nJ…V7yM · verified on Solana mainnet ] · see a real on-chain transfer ↗

budgent ~ policyd // budgent ~ policyd · solana mainnet
[ VAULT 500.00 ] [ DAILY 0/120 (this run) ] [ PER-TX 50 ] [ DELEGATE ACTIVE ] [ CO-SIGN ≥40 ]

// You are the OWNER (master authority). Press Run — these are the program's real on-chain checks; break a rule and the network reverts the transfer.

01 · WRITE THE BUDGET

Recipient allowlist
Empty allowlist = allow any domain not blocklisted.
Recipient blocklist
Blocklist always wins, even over the allowlist.
Delegate
// live policy object — changed field pulses

          
// edits apply to future intents only — settled rows never change

        

      


      
      

        
02 · AGENT RUN


        

          

          

            
            
          


          

            

              
              
            

            

              
              
            

          

        


        
        

        
        

          
          

            

              [ CREATE INTENT ]
              [ POLICY CHECK ]
              [ EXECUTE ON-CHAIN ]
              [ RECEIPT ]
            

            

              
delegate_active

              
recipient_check

              
per_tx_limit

              
daily_window

              
balance

              
cosign_threshold

            

          

          
          

          
          
        


        
        

          
DAILY ALLOWANCE

          
          
[ 0.00 / 120.00 ]

          

        


        
        

          
CO-SIGN QUEUE — awaiting owner

          

        

      


      
      

        

          
03 · THE LEDGER

          

            

              
              
            

            

              
              
            

          

        


        

          
          
        


        

      

    


    
    

      

        
        
      

    

  


  
  






  

    
[ ] WHAT THE CHAIN ENFORCES

    
The rules live in an Anchor program — not on our server.

    
Off-chain code can't spend more than the program permits. Each rule maps to a concrete on-chain consequence — checked on every transfer, in consensus.

  

  

    
    
      
  • delegate revokedREVERTED
    • 
      
  • recipient blocklisted / off-allowlistREVERTED
    • 
      
  • over per-transaction limitREVERTED
    • 
      
  • over daily limitREVERTED
    • 
      
  • over vault balanceREVERTED
    • 
      
  • at / over co-sign thresholdHELD for owner
    • 
    

    
  







  

    
[ ] INTEGRATIONS

    
Drop Budgent into your agent stack — one tool, on-chain budget.

    
Your agent calls a single budgent_pay capability; the on-chain program enforces the per-tx cap, daily limit, allow/block lists and co-sign. The SDK and every adapter are single-file and zero-dependency — drop them in from the repo today. Pick your framework:

  


  

    

      
      
      
      
      
    


    

      
agent.tsnpm i budgent-sdk

      
import { BudgentClient } from "budgent-sdk";

const budgent = new BudgentClient({
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
});

// the agent spends — the chain decides
const r = await budgent.pay({
  amount: 0.01,
  domain: "gpu.inference.io",
  resource: "spot GPU · 1h",
  taskId: "run-42",
});
console.log(r.status, r.signature); // SETTLED | REVERTED | HELD

    


    

      
agent.pycp sdk/python/budgent.py .

      
# budgent.py is stdlib-only (hmac + urllib) — just drop it next to your code.
from budgent import Budgent

budgent = Budgent(
    base_url="https://budgent.money",
    key_id=KEY_ID,
    hmac_secret=HMAC_SECRET,
)

r = budgent.pay(
    amount=0.01,
    domain="gpu.inference.io",
    resource="spot GPU · 1h",
    task_id="run-42",
)
print(r["status"], r.get("signature"))  # enforced on-chain

    


    

      
langchain.tsnpm i budgent-sdk @langchain/core zod

      
// Copy sdk/integrations/langchain/budgent_langchain.ts into your project.
import { budgentPayTool, budgentBalanceTool } from "./budgent_langchain";

const cfg = {
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
};

const tools = [budgentPayTool(cfg), budgentBalanceTool(cfg)];
// model.bindTools(tools) — the agent pays only within the on-chain budget
// (Python: sdk/integrations/langchain/budgent_langchain.py)

    


    

      
openai_agent.tsnpm i budgent-sdk @openai/agents zod

      
// Copy sdk/integrations/openai-agents/budgent_tool.ts into your project.
import { Agent } from "@openai/agents";
import { budgentTools } from "./budgent_tool";

const { budgentPay, budgentBalance } = budgentTools({
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
});

const agent = new Agent({
  name: "spender",
  tools: [budgentPay, budgentBalance],
});
// (Python: sdk/integrations/openai-agents/budgent_tool.py — make_budgent_tools)

    


    

      
claude_desktop_config.jsonnpx -y budgent-mcp

      
// Published stdio MCP server. Point any MCP host — e.g. Claude Desktop — at it:
{
  "mcpServers": {
    "budgent": {
      "command": "npx",
      "args": ["-y", "budgent-mcp"],
      "env": {
        "BUDGENT_BASE_URL": "https://budgent.money",
        "BUDGENT_KEY_ID": "your-key-id",
        "BUDGENT_HMAC_SECRET": "your-hmac-secret"
      }
    }
  }
}

    

  


  
Every path hits the same audited endpoint — POST /v1/payments, HMAC-signed over ${ts}.${method}.${path}.${body} — and settles through the verified program H9nJ…eV7yM. Keys are scoped and revocable; funds stay fully withdrawable by the owner. The TS SDK (budgent-sdk) and MCP server (budgent-mcp) are live on npm; the Python SDK is a stdlib-only drop-in (PyPI at launch).







  

    
[ ] SPEND DASHBOARD

    
Where the money actually went — read straight from the chain.

    
Live analytics from the on-chain ledger: totals, status mix, and spend by domain. Export for reconciliation.

  


  
// loading the live vault…


  

    

      
SPEND BY DOMAIN

      

    

  


  

    

      
FUNDING · deposits (money in)