Back to Blog
use-caseagentsproduct

How to Give an AI Agent a Budget It Can't Exceed

Wallgent Team4 min read

The most common approach to AI agent expense management: put the budget in the system prompt.

"You have a $500 monthly budget for API calls. Do not exceed it."

This doesn't work. Not because the agent ignores the instruction, but because the agent can't enforce it. It has no access to its actual spending history. It can't check whether the next $20 API call would push it over the limit. It's operating on estimates and good intentions, not real-time financial data.

The solution isn't better instructions. It's infrastructure — a wallet with a programmable balance, enforced spending rules, and transaction history the agent can query.

The Architecture

Three components work together:

  1. An agent wallet — a programmable account backed by a double-entry ledger
  2. A policy — spending rules enforced at transaction time, not after
  3. MCP tools — 46 tools the agent can call to check balances, make payments, and query history

The agent doesn't need to reason about its budget. It tries to spend, and the policy either allows or denies it. The agent can query its balance before spending if it wants, but it doesn't have to — the policy is the safety net.

Setting Up a Budgeted Agent Wallet

import Wallgent from '@wallgent/sdk'

const wg = new Wallgent({ apiKey: process.env.WALLGENT_API_KEY })

// Create a wallet for the marketing content agent
const wallet = await wg.wallets.create({
  name: 'marketing-content-agent',
  environment: 'PRODUCTION',
  metadata: { agent: 'content-generator', team: 'marketing' }
})

// Fund it for the month
await wg.transfers.create({
  fromWalletId: 'wal_marketing_budget',  // department budget wallet
  toWalletId: wallet.id,
  amount: '500.00',
  currency: 'USD',
  memo: 'March content budget'
})

// Attach a policy that enforces the limits
const policy = await wg.policies.create({
  walletId: wallet.id,
  name: 'Content Agent Monthly Budget',
  rules: [
    { type: 'MONTHLY_LIMIT', value: '500.00' },
    { type: 'DAILY_LIMIT', value: '75.00' },
    { type: 'MAX_AMOUNT', value: '50.00' },
    {
      type: 'VENDOR_ALLOWLIST',
      vendors: ['openai.com', 'anthropic.com', 'pexels.com', 'unsplash.com', 'freepik.com']
    },
  ],
})

The agent now has a $500 monthly budget, $75 daily cap, $50 per-transaction maximum, and can only spend with approved vendors. These rules are enforced by the ledger — not by the agent's judgment.

The Agent's View via MCP

When this agent runs inside Claude or another MCP-compatible system, it sees Wallgent as a set of native tools. It can check its balance before a large purchase:

Agent: check_balance(wallet_id="wal_marketing_content")
→ { available: "312.50", pending: "0.00", currency: "USD" }

Agent: I have $312.50 available. The image generation will cost approximately $45.
       Proceeding with the purchase.

Agent: create_payment(wallet_id="wal_marketing_content", vendor="pexels.com",
                       amount="44.80", description="Stock images for Q1 campaign")
→ { transaction_id: "txn_01HPKX...", status: "COMPLETED" }

The agent checked its balance, made a decision, and executed the payment in one workflow. No human involvement. The payment went through because it passed all four policy rules.

Now try a payment outside the allowlist:

Agent: create_payment(wallet_id="wal_marketing_content", vendor="shutterstock.com",
                       amount="29.99", description="Extended license image")
→ Error: POLICY_DENIED — vendor 'shutterstock.com' not in allowlist

The agent knows exactly why it was denied. It can log the error, try an alternative vendor, or escalate to a human. The policy enforced the business rule without anyone having to monitor the agent's behavior in real-time.

Querying Transaction History

The agent can also query its own spending history — useful for tasks that require knowing what's already been purchased:

const history = await wg.transactions.list({
  walletId: 'wal_marketing_content',
  startDate: '2026-03-01',
  limit: 50
})

// history.data contains all transactions with amounts, vendors, timestamps
const totalSpent = history.data.reduce((sum, txn) => sum + parseFloat(txn.amount), 0)
console.log(`Spent ${totalSpent} of 500 this month`)

Because the ledger is immutable and exact, this history is authoritative. The agent isn't estimating — it's reading the actual record.

Handling Approval Workflows

Some purchases warrant human review before proceeding. The HUMAN_IN_THE_LOOP rule handles this without stopping the agent entirely:

// Add human approval for large purchases to the existing policy
await wg.policies.update(policy.id, {
  rules: [
    { type: 'MONTHLY_LIMIT', value: '500.00' },
    { type: 'DAILY_LIMIT', value: '75.00' },
    { type: 'MAX_AMOUNT', value: '50.00' },
    { type: 'VENDOR_ALLOWLIST', vendors: ['openai.com', 'anthropic.com', 'pexels.com'] },
    { type: 'HUMAN_IN_THE_LOOP', threshold: '40.00' },  // review anything over $40
  ],
})

Now any transaction over $40 creates an approval request. The agent receives APPROVAL_REQUIRED with an approval ID. Your system sends the notification to a reviewer. The agent can continue other tasks while waiting.

When the reviewer approves:

// Reviewer approves via API or dashboard
await wg.approvals.approve(approvalId, {
  reviewedBy: 'sarah@company.com',
  note: 'Approved — Q1 campaign materials'
})
// The original transaction executes automatically

The agent gets a webhook notification that the transaction completed. The full approval chain is logged to the audit trail: who approved, when, and what they said.

What This Replaces

The alternative to infrastructure-enforced budgets: checking spend at the end of each run, sending alerts when limits are approached, writing custom validation logic for each agent.

All of that logic runs at the wrong time (after the fact), lives in application code (not the infrastructure), and requires ongoing maintenance as agents evolve.

Wallet-level policies run at transaction time, live in the financial layer, and apply to every agent on the wallet regardless of how the agent is implemented. Change a policy rule and the new behavior takes effect on the next transaction — no redeployment, no code change.

The marketing content agent from the example above can be upgraded, swapped for a different model, or given completely different instructions. As long as it uses the same wallet, the same spending controls apply.

That's the point of infrastructure over instructions: the rules persist even when everything else changes.

W

Wallgent Team

Building financial infrastructure for AI agents at Wallgent

Share:

Related Articles

productpolicy-enginetechnical

The Policy Engine: Spending Rules That Actually Work

Most spending controls fail the same way: they're enforced after the fact, not at transaction time. Wallgent's policy engine evaluates rules in milliseconds before a single dollar moves — and it fails closed.

Wallgent Team5 min read
industryanalysisagents

The Agent Economy Is Here. The Infrastructure Isn't.

AI agents can now book meetings, write code, and manage projects. The one thing they still can't do reliably: handle money. That gap is closing faster than most people realize.

Wallgent Team4 min read
announcementproduct

Introducing Wallgent: Financial Infrastructure for AI Agents

AI agents are getting smarter every day. They can write code, analyze data, and make decisions. But they still can't handle money. We're changing that.

Wallgent Team2 min read
Stay informed

Engineering insights
delivered to your inbox

Technical deep-dives on AI agent finance, product updates, and what we're building. No filler, no fluff.

No spam. Unsubscribe anytime.