The brake pedal your agent doesn't have.

Your agent made 4,300 Stripe charges in 90 seconds before someone noticed. No cap. No kill-switch. No audit trail. This is happening to someone today. Here's why it'll keep happening — and what we're building to stop it.

The setup nobody wants to admit to

Every agent framework tells you the same thing. Put your Stripe key in an env var. Put your Twilio auth token in a secret manager. Point the agent at the API. Trust the loop.

That's fine right up until a retry bug, a stuck tool call, or a prompt injection empties your balance and your inbox both. You get a bill. You don't get an audit log. The postmortem is guesswork, the rollback is a manual refund spreadsheet, and the fix is "we added a timeout."

None of that is a governance layer. It's a prayer.

"Don't the LLM proxies solve this?" No.

LiteLLM, Helicone, Bifrost — they cap your OpenAI and Anthropic spend. They're great at that. Their threat model is token budget, not cash burn. And the thing is: nobody is going to miss a mortgage payment because their agent ran GPT-5 in a loop for an hour. The damage ceiling on LLM tokens is real but bounded.

What they don't do — and aren't designed to do — is sit between your agent and Stripe, Twilio, Resend, or Shopify. That's where the real money leaks. A wrong POST /v1/charges is a $4,000 invoice. A wrong POST /Messages is a 5-figure SMS bill. The LLM proxies are solving a different, smaller problem.

The demand is literally on record

This isn't a thesis I invented. stripe/ai#356 — "Governance layer for Stripe agent payments" — has been open on Stripe's own agent toolkit repo since they shipped it. Developers are asking Stripe, by name, to add the primitive we're describing.

"Any plans to add a governance layer here? Right now an agent has full API-key access and there's no obvious way to cap spend per run or revoke without rotating."

— paraphrased from the thread; the full discussion has more detail

Stripe's reasonable answer has been some version of "that's your job, or your integrator's." Fine. We're the integrator.

What Keybrake is

One line changes in your agent:

- stripe = Stripe(api_key="sk_live_…")
+ stripe = Stripe(api_key="vault_key_xxx",
+                 base_url="https://proxy.keybrake.com/stripe/v1/")

That's the whole integration. Behind that base URL, we:

• Swap the vault key for your real Stripe key at request time. Your secret lives in our encrypted store, not in your agent's process.
• Check the request against policy. Is this endpoint allowlisted? Is the merchant allowlisted? Would this call push you over today's cap?
• Forward the call, parse the cost (the charge amount from Stripe, the price field from Twilio, the fixed rate on Resend), and record everything in an audit table you can query.
• Give you a kill-switch that revokes the vault key without rotating your real credentials. Mid-run, from a dashboard, no code deploy.

Daily per-vendor caps. Endpoint allowlists. Merchant allowlists. Per-run vault keys with expiries. A dashboard that shows what your agent actually did with your money, not what it said it did.

Why v1 ships with exactly three vendors

Stripe, Twilio, Resend. No more, no less, at launch.

The question we get: why so few? The answer is the one thing that separates "cap" from "estimate." For Keybrake to enforce a real USD cap, we have to know what every call cost. Those three APIs put the cost of every call in the response — Stripe returns the charge amount and fees, Twilio returns a price field, Resend is a flat rate. We can parse it. We can act on it. The cap is the truth, not a guess.

Adding a fourth vendor is not a config change. It's a vendor-specific cost parser. Shopify's pricing is tiered and rate-card-driven. Segment bills by MTU. OpenAI prices on tokens counted on their side. Each of those is its own project, and we'd rather do three well than eight badly.

The roadmap, in order we'll likely ship: Shopify, Postmark, Segment, SendGrid. Vote with your waitlist email — we prioritize by signal.

Who this is for

Senior or staff engineers and CTOs at ≤50-person companies running autonomous or semi-autonomous agents against production SaaS tooling. The person who has either been burned by a stuck loop, or is afraid of the next one. The psychographic is: "I'll let the agent take actions, but I need an off-switch and a paper trail."

If you're optimizing LLM cost, Keybrake isn't for you — go install LiteLLM. If you're shipping agent loops into production that touch real money or real customers, this is the layer you're missing.

Where we are today

• Landing + waitlist: live at keybrake.com.
• Proxy: in build. First vendor end-to-end (Stripe charges + audit + kill-switch) is the first public demo we'll ship.
• Pricing: free tier for 1,000 proxied requests/month. Paid plans start at $29/mo. Scale plan ships a self-hosted build.
• Security posture: vault keys are AES-256 at rest, decrypted in-memory per request, never logged. See the FAQ for the full handling.

Early access is open to the first ten beta teams — free for six months, unlimited requests, direct support channel.

If you want the practical version of this argument — concrete controls, what Stripe gives you today, what's missing — read How to give an AI agent a Stripe API key without losing $4,000 to a stuck loop.