x402 answers how agents pay on the open web. xBPP answers whether they should. Drop declarative spending policies into any x402-native flow with a 600-line TypeScript SDK.
x402 is an open payment protocol that reactivates HTTP status code 402 Payment Required. Pioneered by Coinbase, x402 lets any HTTP service request payment from an autonomous caller - typically an AI agent - and settle that payment in stablecoins over a supported chain.
It's a clean, chain-agnostic way to turn the web into a machine-to-machine marketplace: an agent hits an endpoint, gets a 402 back with payment details, pays, and retries with a proof.
What x402 deliberately doesn't solve: Policy. x402 doesn't tell you whether an agent should pay - only how. That's where xBPP fits.
x402 is intentionally minimal. It specifies the wire format, the payment header, and the proof - and stops there. The moment you ship an autonomous agent that can send x402 payments, you hit three problems it doesn't solve:
Hardcoding these checks into your agent works for one project and breaks the moment you scale to two. xBPP is the missing policy layer. It ships as a 600-line TypeScript SDK with zero runtime dependencies, and it works with x402 out of the box.
┌─────────────────────────────────────────────────────────┐
│ AI AGENT │
└──────────────────────────┬──────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ xBPP evaluate() │
│ (policy as declarative JSON) │
│ │
│ ALLOW ────► continue │
│ BLOCK ────► stop + reason codes │
│ ESCALATE ──► pause + ask human │
└──────────────────────────┬──────────────────────────────┘
│ ALLOW
▼
┌─────────────────────────────────────────────────────────┐
│ x402 payment flow │
│ HTTP 402 → settle → proof → retry │
└─────────────────────────────────────────────────────────┘| Concern | Handled by |
|---|---|
| HTTP payment negotiation | x402 |
| On-chain settlement | x402 |
| Payment proof / header format | x402 |
| Should this agent spend here? | xBPP |
| Is this amount within budget? | xBPP |
| Is this counterparty on a blocklist? | xBPP |
| Should this escalate to a human? | xBPP |
import { evaluate, balanced } from '@vanar/xbpp'
async function agentCall(url: string) {
// 1. Evaluate the payment against your policy
const verdict = evaluate(
{ amount: 50, currency: 'USDC', recipient: url },
balanced
)
if (verdict.decision === 'BLOCK') {
throw new Error(`Payment blocked: ${verdict.reasons.join(', ')}`)
}
if (verdict.decision === 'ESCALATE') {
// Ask the user for approval
return
}
// 2. ALLOW - proceed with the payment
const response = await fetch(url)
return response.json()
}Three lines to add governance. Policy stays in JSON. No vendor lock-in.
The reference SDK ships with 12 built-in policy checks and 3 opinionated presets you can use as-is or fork:
Combine any subset, version them, ship them.
x402 is doing one thing well - HTTP-native payment negotiation - and doing it in a way that stays minimal and widely implementable. Policy is a fundamentally different concern that varies wildly across deployments: the same x402 endpoint might be called by a $5/day consumer agent and a $50k/day enterprise agent with completely different risk profiles.
Pushing policy into x402 would either bloat the wire format or force one-size-fits-all defaults. Keeping them separate means:
Is xBPP an x402 implementation?
No. xBPP is complementary. It adds a declarative policy layer you can use with any x402 implementation, including the Coinbase reference.
Does xBPP require x402?
No. xBPP also works with on-chain transfers, Stripe, or any other payment rail via adapters. x402 is the flagship use case because it's where autonomous agent payments are growing fastest.
Can I use xBPP on the x402 server side?
Yes. Services can use xBPP to evaluate incoming x402 requests - for example, to throttle or rate-limit specific callers before accepting payment.
Does xBPP add latency to x402 calls?
Essentially none. Evaluation is local, synchronous, and runs in under a millisecond for typical policies. No network calls, no external state.
Is there an x402 + xBPP reference implementation?
Yes - see the SDK repo for the evaluate() and wrap() functions, and the end-to-end example in /docs/guides/by-example.