Let AI agents spend real money.

AgentLedger is the financial control layer between your AI agent and your credit card. Set budgets, require approvals, keep a full audit trail. Free to self-host and open source.

Go · SQLite · Zero deps

Works with OpenClaw Paperclip and others

The problem

AI agents spend real money — booking services, purchasing APIs, buying resources. Operators hard-code card credentials or babysit every transaction. Neither scales.

The fix

A secured ledger and credential vault between agent and payment method. Budgets enforced. Approvals routed. Purchases tracked. Card details released only when the rules are met. Human-in-the-loop or 100% delegated.

How It Works

Request

Agent calls the API with amount, merchant, and purpose.

Check

Ledger verifies budget and reserves funds. Optionally routes to human approval.

Release

Card details decrypted and returned, purchase details logged.

Not a developer?

Your AI assistant can set this up for you.

AgentLedger is a tool that runs on your computer — no cloud account, no subscription needed. If the technical setup feels unfamiliar, don't worry. Just open Claude, ChatGPT, or Gemini and paste this:

              "Please read the AgentLedger documentation at https://agentledger.tech/docs.html and help me install and set it up on my computer, step by step."
            

Your assistant will read the docs and walk you through the whole process — downloading the binary, running the first commands, and connecting it to your agent. No prior experience required.

By design

Budget Control

Per-agent limits — cumulative or monthly. Enforced atomically. Card released = budget consumed.

Credential Safety

AES-256-GCM encrypted at rest. Decrypted only at the moment of release.

Full Audit Trail

Every transaction logged — amount, merchant, purpose, agent, timestamp.

From human-in-the-loop to fully autonomous

Two MCP servers — one for the spending agent, one for the supervisor. Choose your level of delegation.

Manual

Human approves

You review and approve every transaction via CLI or API.

Supervised

AI overseer

A supervisor agent handles approvals on your behalf. Tiered permissions — from approve/deny up to full budget management.

Autonomous

Fully delegated

Your CEO agent approves purchases by worker agents. Zero-human operations with Paperclip and similar orchestrators.

Works with any agent

Framework-agnostic. REST API and MCP tools. OpenClaw, Paperclip, CrewAI, LangChain, or raw HTTP — if your agent can make a request, it works.

~11 MB

on disk

<50 ms

cold start

<1 ms

per request

~10 MB

RAM at runtime

0

runtime deps

Full ledger, vault, approval workflow, and API surface in under 2,500 lines of Go. Single static binary — no Python, no Node, no Docker.

Versions & Plans

Local

Free

Go binary. Self-host. Open source. AGPL-3.0.

Hosted Basic

Coming Soon

Managed API, Telegram approvals, multi-card support.

Hosted Teams

Coming Soon

Team access, full ChatOps, dashboard, compliance exports.

                [SUCCESS] Added to waitlist.
              

Feature	Local	Hosted Basic	Hosted Teams
Spending agents	Unlimited	Unlimited	Unlimited
Vaulted cards	1	Multiple	Multiple
Single-use virtual cards	—	✓	✓
Approval channels	CLI · API · MCP	+ Telegram	+ Slack
Dashboard & spend analytics	—	✓	✓
Audit export	—	—	CSV · QBO
Team access	Single user	Single user	Multi-user · RBAC

FAQ

Getting Started

What exactly is AgentLedger?

A lightweight ledger and credential vault that sits between your AI agent and your payment method. The agent requests permission to spend; AgentLedger checks the budget, optionally routes for human approval, and only then releases the card details.

How do I install the Local edition?

Download a single binary from GitHub Releases for your platform. Run agentledger init to generate your encryption key and auth token, then agentledger serve to start. No runtime dependencies required.

Can any agent orchestrator use this?

Yes. If your agent can hit a REST API or use MCP tools, it works. Framework, orchestrator, and LLM don't matter.

Can I run this on a VPS or cloud server?

Yes. AgentLedger binds to localhost by default, so you need a reverse proxy (Caddy or nginx) in front for TLS. This ensures tokens and card data are encrypted in transit. A typical setup: AgentLedger on 127.0.0.1:9119, Caddy handling HTTPS on port 443 with auto-provisioned Let's Encrypt certificates. See the Running on a VPS guide in the docs.

Security & Trust

Where is my credit card data stored?

In the Local edition, strictly on your own machine — AES-256-GCM encrypted, decrypted only at the moment of release. In the Hosted edition, vaulting uses transparent column encryption at the database level.

How secure is the Local version?

Card data is AES-256-GCM encrypted at rest with guarded heap memory. Budgets are enforced atomically and two separate tokens ensure a spending agent can never approve its own requests. Known risk: once card details are released to an agent, AgentLedger cannot control how they are used — a rogue agent could spend at a different merchant or ignore the authorized amount. This is still far safer than giving raw card credentials to an agent with no framework at all. The Hosted edition will mitigate this further with one-time-use virtual cards scoped to exact amounts.

Is it open source?

The Local edition is fully open source under AGPL-3.0. Read the code, verify the encryption, audit everything. The Hosted edition is a closed-source managed service that implements the same API contract.

How It Works

What happens if an agent tries to exceed its budget?

The transaction is rejected immediately. The budget is checked and deducted atomically before any card details are released — there is no way for an agent to overspend.

Can I run multiple agents? How does that work?

Yes — there is no limit and no registration step. An agent exists the moment you set a budget for it using an agent ID of your choice. Each agent gets its own independently tracked budget and transaction history, but all agents share the same user token and the same vaulted card. For complete isolation between separate groups of agents (e.g. two independent projects), you can run two separate AgentLedger instances simultaneously — each in its own directory with its own encryption key, tokens, card, and database. Set AGENTLEDGER_PORT in each instance's .env to run them on different ports at the same time.

Can an AI handle the approvals instead of a human?

Yes. AgentLedger ships two MCP servers — one for the spending agent, one for the supervisor. A supervisor agent can approve, deny, and manage budgets on your behalf with three opt-in tiers of permission. At the highest tier, no human-only operations remain.

What's the difference between Local and Hosted?

Local is a single binary that runs on your machine — free, open source, ideal for solo developers and trust verification. Hosted is a managed service that adds team access, multi-card support, ChatOps notifications, a web dashboard, and compliance exports.

How does this work with Paperclip?

Paperclip orchestrates zero-human companies with agents as employees. Give the worker agents the spending MCP server and the CEO agent the supervisor MCP server. The CEO reviews and approves purchases autonomously — fully delegated financial operations.