XonaXona Docs
OverviewResourcesxPayInference

Guardrails

Spending caps, allowed hosts, and approval hooks that run before any signer is touched.

Guardrails run before any signer is touched, so a misbehaving agent can't bypass them. Amount caps apply to both paid calls and transfers; allowed hosts apply only to x402 calls.

xpay guardrail set \
  --max-per-tx 0.5 \
  --max-per-day 5 \
  --require-approval-above 1 \
  --allowed-hosts 'api.payai.network,*.xona.xyz'

Calls at or above requireApprovalAbove need explicit approval: a Touch ID prompt when biometric unlock is enabled, otherwise a y/n confirm in the terminal. In the MCP server it is Touch ID only — an agent's large payment surfaces as a system dialog you physically approve. In the SDK, wire the onApprovalRequired hook to whatever you like: push notification, biometric prompt, or webhook.

Caps stop overspending, but they can't tell a legitimate payment from a prompt-injected one. For that, enable the optional Bento intent firewall — every payment is screened for malicious intent (prompt-injection, wallet-drain) before signing. Turn it on with xpay bento enable.

MCP server

Drop xPay into any MCP host with no code and no keys — the agent gets its own fundable wallet.

Biometric unlock (macOS)

Unlock the xPay wallet passphrase with Touch ID instead of typing it every time.