I built a memory API that AI agents can pay for. $0.001 per call in USDC on Base. The demo at bmdpat.com/memory/demo shows real money move in real time. Cool. Now multiply that by every paid API your agent stack will eventually consume. Search. Inference. Vector DB. Scrapes. Memory. A typical 4-tool agent loop hits five priced endpoints per turn. A long-running task does this thousands of times a day. A single rogue loop drains a wallet in minutes. This is the actual problem. Not "can agents pay?" but: What's the per-tool cap? What's the per-agent budget? How do you kill an agent that's spending too fast? Who sees the spend by category, by agent, by hour? The right place for these controls is at the SDK boundary, before the call goes out. Once an HTTP request leaves your process, the money is committed. You need to gate spend at the call site, not in a billing dashboard you check on Monday. That means: Budgets the SDK enforces on every priced call. Hit the cap, the call short-circuits with a clean error. Per-tool caps so a single vector DB query that goes wrong can't accidentally cost $50. Rate limits so a runaway loop doesn't pile up calls before your monitor catches up. Kill switches with a one-line API. When something looks wrong, you stop the agent in one call from any other process. Spend visibility per agent, per tool, per hour. So you can see what's normal and what isn't. Without these, "agents can pay" is a footgun. With them, it's a real product surface. Memory was the demo. It is small, concrete, and ships in a few hundred lines of Next.js middleware. The point of the demo isn't memory storage. It's proving the protocol works end-to-end with real money. The product is the controls. Companies will not deploy agents that hold a wallet without runtime guardrails. Solo builders will not run an autonomous loop overnight without a budget cap. The whole agentic-payments wave runs into this wall the moment it hits production. Runtime spend controls for AI agents: Budgets the SDK enforces before the call goes out Per-tool caps so one bad call can't spike the bill Kill switches with a one-line API Spend visibility per agent, per tool, per hour The memory API was the demo. AgentGuard is the product. bmdpat.com/tools/agentguard