An intent firewall
for your agent's wallet.
Spend caps stop an agent from spending too much. They can't tell a legitimate payment from a prompt-injected one. xPay's optional Bento layer screens every payment for malicious intent — prompt-injection, wallet-drain, intent-vs-execution mismatch — and blocks it before signing.
Two gates before any signature.
Both run inside the guardrail, before a signer is ever touched. The first is deterministic; the second is the AI layer your own code can't compute.
On in three steps.
Turn it on for the active profile. Or from an agent: the xpay_bento_enable tool flips it live.
xpay bento enableOne-time, on-chain. Log in with your owner wallet and register the agent wallet xPay signs with. The enable command prints the address.
# app.bentoguard.xyz → register addressFrom then on each pay / transfer is analysed for malicious intent and either cleared, blocked, or escalated — before a single token moves.
// protect() runs before any signatureThree outcomes, handled for you.
Every screened call returns a verdict and a 0–100 risk score. xPay turns each into the right action automatically.
Cleared policy and intent checks. xPay signs and settles as normal.
Flagged as a critical threat — wallet-drain, prompt-injection, intent mismatch. xPay throws before signing; no funds move.
Ambiguous — neither clearly safe nor provably malicious. xPay defers to your approval hook, or fails closed if none is set.
Manage from your terminal.
No API key — Bento authenticates with the wallet's own key. Enable per profile.
xpay bento enableTurn the intent firewall on (prints the wallet to register)xpay bento statusWhether screening is active for the profilexpay bento disableTurn it off — falls back to local spend capsThe agent can manage it too.
Including disable — the escape hatch when a wallet isn't registered yet and payments are being rejected.
xpay_bento_statusRead whether the firewall is active (read-only)xpay_bento_enableTurn it on — returns the agent wallet to registerxpay_bento_disableTurn it off if the wallet isn't registered yetAdd a firewall to your agent.
Local spend caps ship on by default. Add Bento for the intent layer — register the wallet once and every payment is screened before it signs.
xpay bento enable