xBPP (Execution Boundary Permission Protocol) is the open standard for governing autonomous AI agent payments. It provides a chain-agnostic governance layer that evaluates agent spending intent against declarative policies before transactions are executed.
xBPP is the open standard that governs what AI agents are allowed to spend - before they spend it. Define policies once - spending limits, approved vendors, escalation rules - and every agent follows them. No custom code. No prayer. Just policy.
Who are you?
We solved Capability - the ability to act.
We haven't solved Accountability - proving the action was safe.
Capability without constraint is dangerous:
An agent with access to a credit card could drain it in seconds
A compromised agent could send funds to attackers
Even well-intentioned agents make mistakes
Currently, there are only two ways to control an agent:
"Please don't spend more than $100"if (amount > 100) { reject(); }Traditional solutions don't work:
This creates
The Agentic Gap
The massive divide between what agents can do and what businesses dare let them do.
"Thousands of high-capability agents sitting on local laptops, forbidden from touching real money because the liability risk is infinite."
A standardized middleware layer between Agent and World
YOUR APPLICATION
Agent wants to pay $50 to 0xABC...
XBPP INTERPRETER
Action + Policy → Verdict
RESULT
ALLOW | BLOCK | ESCALATE
Step 1
Agent generates an action request
"Pay $50 USDC to 0xABC on Base"
Step 2
xBPP checks against active Policy
Constraints evaluated in real-time
ALLOW
Proceed with the payment
BLOCK
Stop; this violates policy
ESCALATE
Ask a human to approve
| Concept | What It Is | Example |
|---|---|---|
| Action | A proposed payment to evaluate | "Pay $50 USDC to 0xABC" |
| Policy | Rules defining what's allowed | "Max $100/tx, $1000/day" |
| Verdict | The evaluation result | ALLOW, BLOCK, or ESCALATE |
| State | Running totals and history | "$340 spent today" |
| Posture | Default risk tolerance | AGGRESSIVE, BALANCED, CAUTIOUS |
Trust builds over time - automatically
Cautious Posture
$10 limit, full human oversight
Aggressive Posture
$10k limit, autonomous execution
Graduate between postures as trust builds - without rewriting a single line of code.
Ready to test?
Hard-coded if (amount > 100) inside the bot
External Policy file: max_single: 100
Redeploy the entire agent to change a limit
Update the Policy; agent obeys instantly
"Check the logs and hope"
Cryptographic Verdict attached to every transaction
Blame the developer
Audit the verdict - the Protocol enforced the Policy
One question, answered before every agent action:
The core question
"Should this agent be allowed to spend this money?"
xBPP is a policy engine for autonomous agents. You define the boundaries. The protocol enforces them.
Define behavior in external policy files, not buried in code.
Interoperable across agents, platforms, and jurisdictions.
Every decision is deterministic, auditable, and provable.
Execute payments
That's x402's job — xBPP governs, x402 executes
Custody funds
xBPP is policy, not a wallet
Guarantee counterparty behavior
Can't prevent a vendor from being malicious
Replace legal contracts
xBPP is technical enforcement, not legal agreement
Where xBPP comes alive
Watch identical agents, identical worlds - with one rule changed. See exactly where behavior diverges. Understand what policies actually do.
Real scenarios. Real risks. Real protection.
Risk: Over-booking premium flights
Agent books $8,000 business class "because availability was low"
Protection: Policy-enforced limits
Policy caps single bookings at $800, escalates anything higher
What Vanar xBPP Is NOT
It shows you what your rules mean.
The decision is still yours.
Building AI agents that take autonomous actions
Governing agent fleets at scale
Designing the rules of interaction
Protecting systems from misuse
Directing intelligent systems
If you are responsible for outcomes -
this is where you test assumptions before reality does.
Market Context: The Agentic Economy
Building wallets for agents
Building the Agentic Internet layer
Researching Trusted Agent Registries
Exploring agent authentication standards
Emerging platforms are standardizing infrastructure. They're all waiting for the same missing piece: a shared standard for agent governance.
SSL
Standard for moving data
xBPP
Standard for moving value
xBPP transforms the "Wild West" of on-chain agents into a
reliable, insurable, and scalable economy.
xBPP (Execution Boundary Permission Protocol) is the open standard for governing autonomous AI agent payments. It gives agents a declarative policy — what they can spend, with whom, and under what conditions — producing deterministic, auditable verdicts for every transaction.
xBPP stands for Execution Boundary Permission Protocol. The “x” signals extensibility across payment rails. The “Execution Boundary” is the decision point where an agent’s spending intent meets policy enforcement before money moves.
xBPP and x402 are complementary layers. x402 handles payment execution — moving money between parties using HTTP 402 flows. xBPP sits above it as the governance layer, deciding whether a payment should be allowed, blocked, or escalated before x402 executes it. Think of x402 as the engine and xBPP as the steering wheel.
A policy is a declarative JSON config that defines an agent’s spending rules: per-transaction limits, daily/monthly budgets, approved counterparties, currency restrictions, time windows, and human escalation thresholds. Policies are evaluated deterministically — same input always yields the same verdict.
Install @vanar/xbpp, create a policy with your limits (max_single, max_daily, require_human_above), and wrap your x402 client. Every transaction is checked before execution. Setup takes under 60 seconds.
x402 answers “how do I pay?” — it is a payment execution protocol. xBPP answers “should I be allowed to pay?” — it is a governance protocol. They work together: xBPP evaluates the policy, and if approved, x402 executes the payment.
xBPP is chain-agnostic by design. The reference implementation is built by Vanar and optimised for Base, but the protocol works across any EVM-compatible chain and is designed to be extended to any payment rail.
Yes. xBPP is an open standard with an open-source reference implementation. The specification, SDK, policy templates, and test suite are all freely available and open to contribution.