// GLOSSARY -- X402

What is an x402 Circuit Breaker?

2 min read Updated

An x402 circuit breaker is a safety mechanism that automatically halts all x402 payment activity for an agent or agent fleet after detecting repeated failures, policy violations, or anomalous spending patterns — preventing cascading financial damage from payment loops or compromised endpoints.

WHY IT MATTERS

The circuit breaker pattern, borrowed from electrical engineering and popularised in software by Michael Nygard, is essential for x402 because every payment failure costs real money. In traditional APIs, a retry loop wastes bandwidth. In x402, a retry loop drains wallets.

PolicyLayer's x402 implementation trips the circuit breaker after 10 consecutive policy violations, automatically pausing all x402 payments. This protects against:

  • Infinite payment loops — agent pays for a resource, gets an error, retries, pays again, loops indefinitely
  • Cascading endpoint failures — a compromised endpoint starts returning 402 for every request, draining the agent across multiple requests
  • Prompt injection attacks — a malicious endpoint injects instructions causing the agent to pay inflated amounts or to repeatedly call expensive endpoints
  • Amount hallucination cascades — an agent consistently mis-parsing payment amounts due to a bug, overpaying on every request

The circuit breaker has three states: closed (payments flowing normally), open (all payments blocked), and half-open (allowing test payments to determine if the issue is resolved). The transition from closed to open happens automatically when violation thresholds are breached.

The $47,000 GetOnStack incident — where a multi-agent system looped for 11 days undetected — demonstrates why circuit breakers are non-negotiable. With x402's irreversible on-chain payments, there are no chargebacks to recover from a spending loop.

HOW POLICYLAYER USES THIS

PolicyLayer's circuit breaker trips after 10 consecutive x402 policy violations and blocks all payments until manually reset or after a configurable cooldown period. When the circuit opens, operators receive immediate webhook notifications with details of the violations that triggered it.

FREQUENTLY ASKED QUESTIONS

What triggers an x402 circuit breaker?
Consecutive policy violations — such as repeated attempts to pay blocked recipients, exceed spending limits, or make duplicate payments. PolicyLayer's default threshold is 10 consecutive violations. Custom thresholds can be configured per agent or per endpoint.
How is the circuit breaker reset?
Typically manually by an operator after investigating the cause. Some implementations support automatic reset after a cooldown period with reduced limits (half-open state). Manual reset is safer because it ensures a human reviews the incident.
How does this differ from a general kill switch?
A kill switch is manually triggered and halts all agent activity — transactions, API calls, everything. A circuit breaker is automatic and specific to payments — the agent can still operate, it just can't make x402 payments until the circuit is reset.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.