Documentation & Help
Comprehensive guides for users and developers to master AgentGuard's security and governance features.
User Guides
Learn how to hire agents, manage your budget, and connect your favorite tools without writing a single line of code.
Start here →Expert Mode
Deep dive into the API, custom MCP servers, and low-level agent governance for developers and system admins.
Developer docs →User Guide (Non-Expert Mode)
1. Hiring Agents
Browse the Marketplace to find specialized agents. Each agent has a pre-defined safety tier and category. Hiring an agent adds it to your active agents list, where you can then configure its unique instructions.
2. Safety Governance
On the Agent Governance page, you can adjust how strict AgentGuard is with your agent. Choose from Conservative (very strict), Balanced, or Aggressive (more autonomous).
3. Connecting Skills
Visit Agent Skills (formerly MCP Tools) to connect your agents to apps like Gmail, Stripe, or Outlook. Click "Connect" to authorize AgentGuard to act on your behalf securely.
4. Credits & Billing
Freemium users start with 1,000 Credits. Every agent action costs a small amount of credits. You can purchase more in the Billing section or upgrade to Pay-as-you-go for unlimited usage.
Expert Mode & API Reference
Advanced configuration for developers building custom agents or integrating AgentGuard into enterprise workflows.
Quickstart
Install the SDK and make your first authorization call in under 2 minutes.
pip install agentguard-sdk
from agentguard.client import AgentGuardClient
guard = AgentGuardClient(
api_url="https://myagentguard.com",
key_id="YOUR_KEY_ID",
private_key=open("private.pem").read(),
agent_id="YOUR_AGENT_ID",
user_id="FIREBASE_UID",
)
# Authorize a basic action
auth = guard.authorize("execute_task", {"domain": "api.openai.com"})
print(auth) # { decision: "Approved", transactionId: "..." }Authentication (JWT)
Every API call is authenticated with a short-lived RS256-signed JWT. The SDKs handle signing automatically. Your Key ID and RSA private key can be found in the Dashboard under Developer Settings.
# JWT payload structure (managed by the SDK)
{
"iss": "YOUR_KEY_ID",
"sub": "YOUR_AGENT_ID",
"aud": "https://myagentguard.com",
"iat": 1710000000,
"exp": 1710000300, # 5 minute TTL
"action": "request_funds",
"userId": "FIREBASE_UID"
}V2 Middleware API
The V2 Middleware API allows you to trigger agent missions programmatically and poll for their status. Use your API Key found in the Developer Settings.
Execute Mission
curl -X POST https://myagentguard.com/api/v1/execute \
-H "x-api-key: YOUR_API_KEY" \
-d '{ "agentId": "agent_123", "prompt": "Find cheapest jeans" }'{
"missionId": "miss_abc123",
"status": "queued",
"message": "Mission started"
}Check Mission Status
curl https://myagentguard.com/api/v1/mission/miss_abc123 \ -H "x-api-key: YOUR_API_KEY"
{
"status": "executing",
"logs": [...],
"credits_spent": 1.2
}Credit Metering
AgentGuard V2 uses a credit-based system for usage-based billing. 1 credit ≈ $0.001.
Action Fee
0.1 Credits / action
Token Cost
Metered by model
Platform Fee
1% of transaction value
API: request_funds (JIT Shared Payment Token)
When your agent needs to make a real payment, call request_funds. AgentGuard creates a single-use Stripe Issuing Shared Payment Token restricted to the exact amount and MCC. The card is destroyed after one transaction and the agent can never overspend.
Request body
{
"userId": "string",
"agentId": "string",
"agentType": "flight-hotel" | "restaurant" |
"smart-shopper" | "govadmin",
"amountCents": 4599, // $45.99 in cents
"currency": "usd",
"mcc": "5999", // Merchant Category Code
"reasoning": "string"
}Response
{
"cardId": "ic_1abc...",
"last4": "3782",
"exp_month": 3,
"exp_year": 2026,
"number": "4000...", // one-time only
"cvc": "123",
"spendLimitCents": 4599
}SDK usage
card = guard.request_funds(
amount=4599, # cents
currency="usd",
mcc="5999",
reasoning="Purchase lowest-price item from Amazon",
agent_type="smart-shopper"
)
# Use card.number, card.cvc, card.exp_month, card.exp_year to complete checkoutAPI: Human-in-the-Loop Approvals
When a transaction exceeds the user's approval threshold (set in the Control Center), your agent must pause and wait for the user to approve via email or dashboard. Use @approval_required in Python, or CreateApprovalRequest + PollApproval in Go/Ruby.
Creates a pending approval. User receives a styled email with Approve / Deny buttons.
Polls approval status. Returns PENDING | APPROVED | DENIED.
from agentguard.client import AgentGuardClient, approval_required, ApprovalDeniedError
guard = AgentGuardClient()
# Option A: Automatic decorator (pauses if amount > threshold)
@approval_required(guard, threshold_cents=10000, category="shopping")
def buy_item(item, amount_cents):
card = guard.request_funds(amount=amount_cents, mcc="5999")
# ... complete checkout
# Option B: Manual flow
approval = guard.create_approval_request(
amount_cents=31200,
domain="booking.com",
reasoning="Book flight SFO-LHR for user"
)
try:
result = guard.poll_approval(approval["id"], timeout=300)
if result["status"] == "APPROVED":
card = guard.request_funds(amount=31200, mcc="4511")
except ApprovalDeniedError:
print("User denied the transaction")Set SENDGRID_API_KEY in Firebase App Hosting env vars to enable email notifications. Without it, approval links are logged to Cloud Run console as a fallback.
Global Kill Switch
The Global Kill Switch is your ultimate safety valve. When enabled, AgentGuard instantly blocks all outgoing transactions, Shared Payment Token provisioning, and API authorizations across all agents in your workspace.
Immediate Suspension
Activation results in all API calls returning a 403 Agent Blocked error. This remains in effect until manually toggled off in the Control Center.
Integrating with MCP Servers
The **Model Context Protocol (MCP)** allows you to extend agent capabilities by connecting them to external toolsets. AgentGuard acts as a secure proxy between your agent logic and your MCP server.
Setup Workflow
- Deploy your MCP server with public endpoint support.
- Ensure your server supports Bearer authentication for AgentGuard requests.
- Register the URL in the Marketplace → Publish tab.
- Link the MCP server to your agent manifest.
Note: All MCP tool calls are audited and subject to the same spend limits as standard API actions.
Marketplace & Prefab Agents
AgentGuard ships with 4 ready-to-use prefab agent templates in the marketplace/ directory. Each agent is pre-configured with the correct MCCs, approval thresholds, and AgentGuard SDK integration.
✈️ Flight & Hotel
marketplace/flight-hotel-agent/agent.py
MCCs: 4511, 7011 · Default limit: $500/day
🍽️ Restaurant Concierge
marketplace/restaurant-concierge/agent.py
MCCs: 5812 · Default limit: $200/day
🛒 Smart Shopper
marketplace/smart-shopper/agent.py
MCCs: 5999, 5732 · Default limit: $300/day
🏛️ GovAdmin
marketplace/govadmin/agent.py
MCCs: 9399 · Default limit: $150/day
Users can hire agents via the Marketplace dashboard. Policies (spend limits, approval thresholds) are managed in the Control Center.
Official SDKs
All SDKs support: authorize, request_funds, create_approval_request, and poll_approval. JWT signing, exponential backoff retry, and typed error classes are all handled automatically.
Error Reference
400 Bad Request
Missing required fields in the request body (userId, agentId, action, or amountCents).
401 Unauthorized
JWT is missing, expired, or has an invalid signature. Regenerate your JWT using your private key.
402 Balance / Limit Exhausted
Daily spend limit reached, or the user's monthly request quota is exceeded. Check the Control Center.
403 Agent Blocked
The agent is suspended (kill switch), the requested domain is not in the allowlist, or the MCC is restricted.
402 PENDING_APPROVAL Awaiting Human Approval
Transaction exceeds the user's approval threshold. Agent should poll /api/approvals/{id} until APPROVED or DENIED.
503 ISSUING_NOT_ENABLED Stripe Issuing Not Active
request_funds requires Stripe Issuing to be enabled on your Stripe account. Apply at dashboard.stripe.com/issuing.