feat(examples): add budget governance example with agentpay-mcp

[up2itnow0822]

Summary

Adds a budget-governance example showing how to layer spend governance on top of aixyz's native x402 payments using agentpay-mcp.

Problem

aixyz ships x402 pricing beautifully — accepts: { scheme: "exact", price: "$0.005" } per tool, per agent. But there's no mechanism for the operator (the person deploying the agent) to enforce:

• Session-level budget caps ("this agent can spend max $5 per session")
• Per-call limits ("no single payment over $1")
• Category policies ("max $3 on data APIs, max $2 on compute")
• Velocity limits ("max 100 payments per hour")

Without these, an autonomous agent with a funded wallet can drain it.

Solution

A new example (examples/budget-governance/) that demonstrates the governance layer:

• budget-state.ts — in-memory budget tracker (replace with agentpay-mcp MCP calls in production)
• tools/check-budget.ts — tool for the agent to inspect its own remaining budget
• tools/request-payment.ts — payment tool with three governance gates (per-call, session, category)
• agent.ts — governance-aware agent with instructions explaining the budget rules
• aixyz.config.ts — standard aixyz config with budget governance skills

How it complements aixyz

Layer	What it does	Who controls it
aixyz accepts	Sets the price for each tool/agent	Agent developer
agentpay-mcp governance	Sets the budget for each session	Agent operator

These are complementary — accepts says "this costs $0.005", governance says "but you can only spend $5 total."

Credential

agentpay-mcp is merged into NVIDIA NeMo Agent Toolkit Examples (PR #17) as an official catalog entry. 475 weekly npm downloads. MIT licensed.

Changes

• examples/budget-governance/ — complete new example (7 files)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
examples-boilerplate	Skipped		Apr 2, 2026 1:21am
examples-chainlink	Skipped		Apr 2, 2026 1:21am
examples-flight-search	Skipped		Apr 2, 2026 1:21am
examples-with-custom-server	Skipped		Apr 2, 2026 1:21am

[vercel]

@up2itnow0822 is attempting to deploy a commit to the Agently Team on Vercel.

A member of the Team first needs to authorize it.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 46b271bf97

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Validate payment amount before governance checks

Parsing amount with parseFloat without validating finiteness/positivity lets invalid inputs bypass the gates: e.g., "abc" becomes NaN (all > checks are false) and then recordSpend turns totals into NaN, while negative values reduce spend and effectively increase remaining budget. This breaks the governance guarantees and can approve payments that should be blocked.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Scope budget state to a session key

The example advertises session-level caps, but this singleton state is shared process-wide, so spending/blocks from one conversation affect all others. In a multi-user server process this causes cross-session interference and incorrect enforcement of the documented “per session” limits.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Add runnable scripts to the new example package

This package is missing scripts.dev/scripts.build, so the documented example workflow does not work here (bun run dev in this directory exits with Script not found "dev"). Without these scripts, users cannot run or build this example consistently with the other examples/* packages.

Useful? React with 👍 / 👎.