Execution Boundary Permission Protocol for Autonomous Agents
xBPP (Execution Boundary Permission Protocol) is an open standard that lets autonomous AI agents make payments safely. It answers a simple question: "Should this agent be allowed to spend this money?"
When an AI agent wants to make a payment, xBPP evaluates the request against a policy you define and returns one of three answers:
ALLOW
Proceed with the payment
BLOCK
Stop; this violates policy
ESCALATE
Ask a human to approve
xBPP is a policy engine for autonomous agents. You define the boundaries. The protocol enforces them.
AI agents are increasingly capable of taking real-world actions-booking travel, purchasing software, paying invoices. But capability without constraint is dangerous:
Traditional solutions don't work:
xBPP provides graduated autonomy: agents operate freely within defined boundaries, escalate edge cases to humans, and hard-stop on policy violations.
YOUR APPLICATION
Agent wants to pay $50 to 0xABC...
XBPP INTERPRETER
Action + Policy → Verdict
RESULT
ALLOW | BLOCK | ESCALATE
| Concept | What It Is | Example |
|---|---|---|
| Action | A proposed payment to evaluate | "Pay $50 USDC to 0xABC on Base" |
| Policy | Rules defining what's allowed | "Max $100/tx, $1000/day, ask me above $500" |
| Verdict | The evaluation result | ALLOW, BLOCK, or ESCALATE with reasons |
| State | Running totals and history | "$340 spent today, 12 transactions" |
| Posture | Default risk tolerance | AGGRESSIVE, BALANCED, or CAUTIOUS |
Essential terminology for understanding and implementing the Execution Boundary Permission Protocol.
An open standard for autonomous agent governance. xBPP defines execution boundaries that determine whether an AI agent can proceed with an action, must stop, or should escalate to human oversight. The protocol serves as a "programmable super-ego" for autonomous systems.
The set of constraints and rules that define what actions an autonomous agent is permitted to take. Unlike simple spending limits, execution boundaries encompass verification requirements, threat detection, rate limiting, and escalation triggers.
The signed decision returned by the xBPP interpreter after evaluating an action against a policy. A verdict contains one of three decisions (ALLOW, BLOCK, ESCALATE), along with reason codes explaining why, and cryptographic evidence for auditability.
A preset risk tolerance that determines how ambiguous situations are handled. AGGRESSIVE favors action and autonomy, CAUTIOUS maximizes oversight and blocks uncertainty, and BALANCED provides a middle ground.
A standardized identifier (e.g., EXCEEDS_SINGLE_LIMIT, DRAINER_CONTRACT) that explains why a particular verdict was reached. Reason codes enable consistent logging, auditing, and programmatic handling of policy decisions.
The structured evaluation sequence xBPP uses to assess every action: (1) Validation, (2) Emergency Checks, (3) Input Validation, (4) Core Limits, (5) Duplicate Detection, (6) Verification, (7) Profile Checks, (8) Escalation Triggers, (9) Final Decision.
The human or organization ultimately responsible for an agent's actions. The principal defines the policy, receives escalations, and bears liability for permitted transactions.
A pause in autonomous execution that requests human decision-making. Escalations are triggered when actions require approval (high-value transactions), fall into policy ambiguity, or when explicit human oversight is mandated.
The divide between what autonomous agents can do (capability) and who is responsible when things go wrong (liability). xBPP bridges this gap by providing a standardized framework for defining and enforcing execution boundaries.
A payment protocol that enables AI agents to make authenticated payments over HTTP. xBPP integrates with x402 to provide policy enforcement for autonomous transactions, wrapping the x402 client with execution boundary controls.
Build your own xBPP policy in real-time. Adjust the controls to see how different settings affect the policy JSON.
{
"schema": "xbpp-pay/v1.0",
"version": "1",
"posture": "BALANCED",
"limits": {
"max_single": 100,
"max_daily": 1000,
"max_weekly": 5000,
"require_human_above": 500
},
"verification": "BUILT_IN",
"counterparty_rules": {
"new_counterparty_action": "ESCALATE",
"require_verified": false
}
}This policy says:
Run your custom policy against real-world scenarios
Test the full xBPP 9-phase evaluation sequence. Configure transaction details including chain rules, security threats, rate limits, and more to see how your policy responds.
Testing against policy with:
Test your policy configuration against all 22 scenarios in the library
Open Test SuiteComplete reference of all 45+ xBPP reason codes. Filter by category or decision type to find specific codes.
67 of 67 reason codes
EXCEEDS_SINGLE_LIMITValue exceeds maximum single transaction limit
EXCEEDS_DAILY_LIMITWould exceed maximum daily spending limit
EXCEEDS_WEEKLY_LIMITWould exceed maximum weekly spending limit
EXCEEDS_MONTHLY_LIMITWould exceed maximum monthly spending limit
DUST_AMOUNTValue is below minimum allowed amount
EXCEEDS_MAX_VALUEValue exceeds hard cap maximum
PATTERN_MATCH_EXACTExact match with known threat pattern
PATTERN_MATCH_FUZZYFuzzy match with potential threat pattern
ZERO_DAY_HEURISTICHeuristic detected potential unknown threat
UNVERIFIED_CONTRACTContract source code is not verified
ADMIN_KEY_DETECTEDContract contains admin key privileges
ADDRESS_POISONINGAddress poisoning attack detected
PHISHING_SIGNATUREKnown phishing signature pattern detected
DRAINER_CONTRACTKnown wallet drainer contract detected
HONEYPOT_TOKENToken identified as honeypot scam
Here's a policy for a small team's AI purchasing agent:
{
"schema": "xbpp-pay/v1.0",
"posture": "BALANCED",
"limits": {
"max_single": 500,
"max_daily": 5000,
"require_human_above": 1000
},
"verification": "BUILT_IN",
"counterparty_rules": {
"new_counterparty_action": "ESCALATE"
}
}This policy says:
AGGRESSIVE
Favor action; minimize friction
Use case: High-frequency trading, automation
BALANCED
Balance autonomy and safety
Use case: General purpose (default)
CAUTIOUS
Favor safety; maximize oversight
Use case: High-value, compliance-sensitive
When policy does not specify behavior for ambiguous situations, posture determines the default:
| Situation | Aggressive | Balanced | Cautious |
|---|---|---|---|
| Unknown field in action | Ignore | Warn | Block |
| Verification unavailable | Allow | Escalate | Block |
| Near daily limit (>80%) | Allow | Warn | Escalate |
| New counterparty | Allow | Escalate | Block |
| Unknown chain | Escalate | Block | Block |
| Low confidence | Warn | Escalate | Block |
The xBPP specification includes recommended default policies for common use cases. Explore our full Policy Bank for more templates.
For individual developers getting started
{
"schema": "xbpp-pay/v1.0",
"posture": "BALANCED",
"limits": {
"max_single": 100,
"max_daily": 1000,
"require_human_above": 500
},
"verification": "BUILT_IN"
}npm install @vanar/xbppimport { evaluate, balanced } from '@vanar/xbpp';
const verdict = await evaluate(
{ amount: 50, currency: 'USDC', recipient: 'api.openai.com' },
balanced
);
if (verdict.decision === 'ALLOW') {
// proceed with payment
} else if (verdict.decision === 'ESCALATE') {
// ask user for approval
} else {
console.log('Blocked:', verdict.reasons);
}switch (verdict.decision) {
case 'ALLOW': // ✅ Proceed - payment is within policy
break;
case 'BLOCK': // 🛑 Stop - policy violation
console.log('Blocked:', verdict.reasons);
break;
case 'ESCALATE': // ⏸️ Pause - needs human approval
await handleEscalation(verdict);
break;
}import { evaluate, BlockedError, EscalateError, balanced } from '@vanar/xbpp';
try {
const verdict = await evaluate({ amount: 200 }, balanced);
if (verdict.decision === 'BLOCK') throw new BlockedError(verdict);
if (verdict.decision === 'ESCALATE') throw new EscalateError(verdict);
} catch (error) {
if (error instanceof BlockedError) {
console.log('Payment blocked');
console.log('Reasons:', error.verdict.reasons);
console.log('Message:', error.message);
if (error.verdict.reasons.includes('EXCEEDS_SINGLE_LIMIT')) {
showToast('Transaction exceeds your spending limit.');
}
} else {
throw error;
}
}