BUDGENT[ ] NON-CUSTODIAL WALLET FOR AI AGENTS ·$BDGT ·SOLANA ·USDC EDITION 2026.06.23

Budget for your agent,
not keys to your wallet.

A private key gives an agent all your funds. Budgent gives it a budget the chain enforces — per-tx caps, daily limits, a recipient allowlist, an owner co-sign threshold. Break a rule and the network reverts the transfer, not us.

  • [ On-chain enforced ]
  • [ REST, not x402 ]
  • [ Context-tagged ]
Open the console ↓ How it works Security Agent-to-agent Spend dashboard Integrations
DISPATCH gpu.inference.io · 18.00 USDC · SETTLED

[ ] HOW IT WORKS

From a funded vault to autonomous, bounded spend — in four steps.

  1. 01

    Fund the vault

    Top up a Vault PDA — a program-derived account on Solana with no private key. Your master authority never leaves your wallet.

  2. 02

    Write the budget

    Set a per-tx cap, a daily limit, a recipient allowlist, and a co-sign threshold. The agent gets a delegate key — never your keys.

  3. 03

    The agent pays

    Explicit REST calls: create intent → policy check → on-chain → receipt. The program checks every rule; break one and the transfer is reverted.

  4. 04

    You read it by context

    Every payment is tagged with domain, resource, and task — spend grouped by where it went. Revoke the delegate any time, instantly.

[ ] THE AUTHORITY CONSOLE

This is exactly what the program does on Solana — the same budget rules it enforces in consensus on every transfer. Set a budget, run the agent, and watch each payment settle, get reverted by the rules, or be held for co-sign. Tighten the budget, re-run the same task, and watch strictly more transfers get reverted.

[ Program H9nJ…V7yM · verified on Solana mainnet ] · see a real on-chain transfer ↗

budgent ~ policyd // budgent ~ policyd · solana mainnet
[ VAULT 500.00 ] [ DAILY 0/120 (this run) ] [ PER-TX 50 ] [ DELEGATE ACTIVE ] [ CO-SIGN ≥40 ]

// You are the OWNER (master authority). Press Run — these are the program's real on-chain checks; break a rule and the network reverts the transfer.

01 · WRITE THE BUDGET

Recipient allowlist
Empty allowlist = allow any domain not blocklisted.
Recipient blocklist
Blocklist always wins, even over the allowlist.
Delegate
// live policy object — changed field pulses

          
// edits apply to future intents only — settled rows never change

        

      


      
      

        
02 · AGENT RUN


        

          

          

            
            
          


          

            

              
              
            

            

              
              
            

          

        


        
        

        
        

          
          

            

              [ CREATE INTENT ]
              [ POLICY CHECK ]
              [ EXECUTE ON-CHAIN ]
              [ RECEIPT ]
            

            

              
delegate_active

              
recipient_check

              
per_tx_limit

              
daily_window

              
balance

              
cosign_threshold

            

          

          
          

          
          
        


        
        

          
DAILY ALLOWANCE

          
          
[ 0.00 / 120.00 ]

          

        


        
        

          
CO-SIGN QUEUE — awaiting owner

          

        

      


      
      

        

          
03 · THE LEDGER

          

            

              
              
            

            

              
              
            

          

        


        

          
          
        


        

      

    


    
    

      

        
        
      

    

  


  
  






  

    
[ ] WHAT THE CHAIN ENFORCES

    
The rules live in an Anchor program — not on our server.

    
Off-chain code can't spend more than the program permits. Each rule maps to a concrete on-chain consequence — checked on every transfer, in consensus.

  

  

    
    
      
  • delegate revokedREVERTED
    • 
      
  • recipient blocklisted / off-allowlistREVERTED
    • 
      
  • over per-transaction limitREVERTED
    • 
      
  • over daily limitREVERTED
    • 
      
  • over vault balanceREVERTED
    • 
      
  • at / over co-sign thresholdHELD for owner
    • 
    

    
  







  

    
[ ] INTEGRATIONS

    
Drop Budgent into your agent stack — one tool, on-chain budget.

    
Your agent calls a single budgent_pay capability; the on-chain program enforces the per-tx cap, daily limit, allow/block lists and co-sign. The SDK and every adapter are single-file and zero-dependency — drop them in from the repo today. Pick your framework:

  


  

    

      
      
      
      
      
      
      
    


    

      
agent.tsnpm i budgent-sdk

      
import { BudgentClient } from "budgent-sdk";

const budgent = new BudgentClient({
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
});

// the agent spends — the chain decides
const r = await budgent.pay({
  amount: 0.01,
  domain: "gpu.inference.io",
  resource: "spot GPU · 1h",
  taskId: "run-42",
});
console.log(r.status, r.signature); // SETTLED | REVERTED | HELD

    


    

      
agent.pycp sdk/python/budgent.py .

      
# budgent.py is stdlib-only (hmac + urllib) — just drop it next to your code.
from budgent import Budgent

budgent = Budgent(
    base_url="https://budgent.money",
    key_id=KEY_ID,
    hmac_secret=HMAC_SECRET,
)

r = budgent.pay(
    amount=0.01,
    domain="gpu.inference.io",
    resource="spot GPU · 1h",
    task_id="run-42",
)
print(r["status"], r.get("signature"))  # enforced on-chain

    


    

      
langchain.tsnpm i budgent-sdk @langchain/core zod

      
// Copy sdk/integrations/langchain/budgent_langchain.ts into your project.
import { budgentPayTool, budgentBalanceTool } from "./budgent_langchain";

const cfg = {
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
};

const tools = [budgentPayTool(cfg), budgentBalanceTool(cfg)];
// model.bindTools(tools) — the agent pays only within the on-chain budget
// (Python: sdk/integrations/langchain/budgent_langchain.py)

    


    

      
openai_agent.tsnpm i budgent-sdk @openai/agents zod

      
// Copy sdk/integrations/openai-agents/budgent_tool.ts into your project.
import { Agent } from "@openai/agents";
import { budgentTools } from "./budgent_tool";

const { budgentPay, budgentBalance } = budgentTools({
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
});

const agent = new Agent({
  name: "spender",
  tools: [budgentPay, budgentBalance],
});
// (Python: sdk/integrations/openai-agents/budgent_tool.py — make_budgent_tools)

    


    

      
crew.pypip install crewai · budgent.py drop-in

      
# Copy sdk/integrations/crewai/budgent_crewai.py into your project.
from crewai import Agent
from budgent_crewai import budgent_tools

tools = budgent_tools(
    base_url="https://budgent.money",
    key_id=KEY_ID,
    hmac_secret=HMAC_SECRET,
)

spender = Agent(
    role="spender",
    goal="buy compute within budget",
    tools=tools,
)
# the crew member can pay — the chain enforces the budget

    


    

      
route.tsnpm i budgent-sdk ai zod

      
// Copy sdk/integrations/vercel-ai/budgent_vercel.ts into your project.
import { generateText } from "ai";
import { openai } from "@ai-sdk/openai";
import { budgentTools } from "./budgent_vercel";

const tools = budgentTools({
  baseUrl: "https://budgent.money",
  keyId: process.env.BUDGENT_KEY_ID,
  hmacSecret: process.env.BUDGENT_HMAC_SECRET,
});

await generateText({ model: openai("gpt-4o"), tools, prompt: "rent a GPU for an hour" });
// the model calls budgent_pay — the program enforces the budget

    


    

      
claude_desktop_config.jsonnpx -y budgent-mcp

      
// Published stdio MCP server. Point any MCP host — e.g. Claude Desktop — at it:
{
  "mcpServers": {
    "budgent": {
      "command": "npx",
      "args": ["-y", "budgent-mcp"],
      "env": {
        "BUDGENT_BASE_URL": "https://budgent.money",
        "BUDGENT_KEY_ID": "your-key-id",
        "BUDGENT_HMAC_SECRET": "your-hmac-secret"
      }
    }
  }
}

    

  


  
Every path hits the same audited endpoint — POST /v1/payments, HMAC-signed over ${ts}.${method}.${path}.${body} — and settles through the verified program H9nJ…eV7yM. Keys are scoped and revocable; funds stay fully withdrawable by the owner. The TS SDK (budgent-sdk) and MCP server (budgent-mcp) are live on npm; the Python SDK is a stdlib-only drop-in (PyPI at launch).







  

    
[ ] SPEND DASHBOARD

    
Where the money actually went — read straight from the chain.

    
Live analytics from the on-chain ledger: totals, status mix, and spend by domain. Export for reconciliation.

  


  
// loading the live vault…


  

    

      
SPEND BY DOMAIN

      

    

  


  

    

      
SPEND BY CATEGORY

      

    

  


  

    

      
FUNDING · deposits (money in)

      

    

  


  

    
    
  









  

    
[ ] AGENT-TO-AGENT

    
One agent pays another — budget and context across the hop.

    
An agent can pay another agent for a sub-task. The payer's budget is enforced on-chain; the payee receives; the context ties the spend to the task — so a chain of agents stays traceable. Same pay capability, a recipient that happens to be another agent.

  


  

    

      
AGENT A

      
budget enforced on-chain

    

    

      pays 0.02 SOL
      ───────▶
      context carries · task #run-42
    

    

      
AGENT B

      
receives · own budget

    

  


  

    
agent_a.ts

    
// Agent A pays Agent B for a sub-task — B's address, A's budget, context carries.
const r = await budgentA.pay({
  amount: 0.02,
  recipient: AGENT_B_PAYOUT,                  // another agent's payout address
  resource: "summarize-10-docs",
  taskId: "run-42",
  metadata: { from: "agent-A", hop: 1 },      // chains the context across the hop
});
// A's on-chain budget is enforced · B receives · the spend stays tied to the task
// (Agent B can then pay Agent C the same way — hop: 2 — and the trail holds.)

  


  
Built on the same verified program: the payer is bounded by its own per-tx cap, daily limit, allow/block lists and co-sign — paying another agent is just another recipient, with context that survives every hop.







  

    
[ ] SECURITY

    
Non-custodial by design — verifiable, not just claimed.

    
The core works today: funds you can always pull back, a program anyone can re-verify, every rule enforced on-chain. The next step is an independent audit — marked below as planned, not done.

  


  

    

      
LIVE

      
Non-custodial

      
The owner can always withdraw the full balance or close the vault and sweep it. No code path can strand your funds — the first hard rule.

    

    

      
LIVE

      
Verified program

      
Deterministic build; the on-chain bytecode hash matches the published source. Anyone can re-verify H9nJ…eV7yM against this repo.

    

    

      
LIVE

      
Enforced on-chain

      
Per-tx cap, daily limit, allow/block lists, co-sign threshold and the delegate kill-switch are enforced by the program — not a server that can be flipped.

    

    

      
LIVE

      
Scoped, revocable keys

      
Agents get an HMAC key, never your wallet. Revoke any key instantly; flip the delegate kill-switch and every transfer stops at once.

    

    

      
PLANNED

      
External audit

      
An independent, third-party audit of the program before any larger value flows through it. Planned — not yet done, stated plainly. Until then, treat amounts conservatively.

    

  


  
Re-verify it yourself against the on-chain program id, and read the threat model + responsible-disclosure contact in SECURITY.md. Two rules never bend: funds stay fully withdrawable by the owner, and the program stays verifiable.