Security · powered by bentoguard.xyz

An intent firewall
for your agent's wallet.

Spend caps stop an agent from spending too much. They can't tell a legitimate payment from a prompt-injected one. xPay's optional Bento layer screens every payment for malicious intent — prompt-injection, wallet-drain, intent-vs-execution mismatch — and blocks it before signing.

Defense in depth

Two gates before any signature.

Both run inside the guardrail, before a signer is ever touched. The first is deterministic; the second is the AI layer your own code can't compute.

Payment intent
agent wants to pay
Spend caps
deterministic
Bento
intent firewall
Sign & settle
only if cleared
How it works

On in three steps.

01
Enable the firewall

Turn it on for the active profile. Or from an agent: the xpay_bento_enable tool flips it live.

xpay bento enable
02
Register the agent wallet

One-time, on-chain. Log in with your owner wallet and register the agent wallet xPay signs with. The enable command prints the address.

# app.bentoguard.xyz → register address
03
Every payment is screened

From then on each pay / transfer is analysed for malicious intent and either cleared, blocked, or escalated — before a single token moves.

// protect() runs before any signature
Verdicts

Three outcomes, handled for you.

Every screened call returns a verdict and a 0–100 risk score. xPay turns each into the right action automatically.

ALLOW

Cleared policy and intent checks. xPay signs and settles as normal.

BLOCKED

Flagged as a critical threat — wallet-drain, prompt-injection, intent mismatch. xPay throws before signing; no funds move.

ESCALATED

Ambiguous — neither clearly safe nor provably malicious. xPay defers to your approval hook, or fails closed if none is set.

CLI

Manage from your terminal.

No API key — Bento authenticates with the wallet's own key. Enable per profile.

xpay bento enableTurn the intent firewall on (prints the wallet to register)
xpay bento statusWhether screening is active for the profile
xpay bento disableTurn it off — falls back to local spend caps
MCP tools

The agent can manage it too.

Including disable — the escape hatch when a wallet isn't registered yet and payments are being rejected.

xpay_bento_statusRead whether the firewall is active (read-only)
xpay_bento_enableTurn it on — returns the agent wallet to register
xpay_bento_disableTurn it off if the wallet isn't registered yet

Add a firewall to your agent.

Local spend caps ship on by default. Add Bento for the intent layer — register the wallet once and every payment is screened before it signs.

xpay bento enable