AI agents need pre-call runtime budget guards, not just dashboards
Assili Salim argues that AI agent cost control must happen before provider API calls execute, not after the fact via billing dashboards, and introduces AI CostGuard — a local-first TypeScript/Node.js runtime safety layer that blocks dangerous agent behavior pre-call.
Score breakdown
The post identifies a gap in standard AI cost tooling: provider dashboards report spending after calls execute, but agents can accumulate runaway costs across many steps before any dashboard alert fires, making a pre-call interception layer the only point where spending can actually be stopped.
- 01AI agents run in loops — combining model calls, tool calls, and retries — making post-hoc cost review insufficient compared to single prompt-response LLM usage.
- 02The post argues the key question for agents is 'Should this next provider call be allowed?' not 'How much did this model cost?'
- 03A pre-call guard layer is proposed that intercepts each agent step before the provider API call executes.
Assili Salim's post draws a sharp distinction between two questions: "What happened?" (answered by a provider dashboard) and "Should this next call happen?" (answered by a runtime guard). For single LLM calls, post-hoc cost review is tolerable. For agents — which are loops composed of model calls, tool calls, retries, and branching logic — the expensive failure often accumulates quietly across many individually reasonable-looking steps. Common culprits include agents retrying too many times, looping without progress, or silently routing to a more expensive model due to a typo or provider alias change.
The proposed solution is a pre-call interception layer, illustrated with a TypeScript-oriented pattern where a `guard.beforeCall()` check runs before every provider invocation.
The proposed solution is a pre-call interception layer, illustrated with a TypeScript-oriented pattern where a `guard.beforeCall()` check runs before every provider invocation. If the guard returns `allowed: false`, the call is blocked before any cost is incurred. Practical checks the guard can perform include: verifying that the model's price is known (failing closed if not), confirming the run hasn't exceeded its budget or max step count, detecting prompts too similar to previous failed attempts, and identifying runs making no progress. Salim explicitly frames unknown model pricing as a production risk — a typo in a model name or a provider alias change can silently route to something more expensive, and a dashboard will only surface this after the fact.
Salim is building these ideas into AI CostGuard, described as a local-first TypeScript/Node.js runtime safety layer for AI agents. Current checks include retry storm detection. The post is careful to scope what AI CostGuard is not: it is not a billing ledger, a hard security boundary, or an enterprise firewall — it is a pre-call runtime kill switch for cost and loop failures. The central argument is that optimizations like cheaper tokens, caching, and routing help normal runs, but abnormal agent behavior requires runtime limits enforced before execution.
Key facts
- 01AI agents run in loops — combining model calls, tool calls, and retries — making post-hoc cost review insufficient compared to single prompt-response LLM usage.
- 02The post argues the key question for agents is 'Should this next provider call be allowed?' not 'How much did this model cost?'
- 03A pre-call guard layer is proposed that intercepts each agent step before the provider API call executes.
- 04Recommended pre-call checks include: known model pricing, budget limits, max step count, repeated failed prompts, and lack of progress.
- 05Unknown model pricing should 'fail closed' — a typo or provider alias change can silently route to a more expensive model.
- 06AI CostGuard is described as a local-first TypeScript/Node.js runtime safety layer with retry storm detection among its current checks.
- 07AI CostGuard is explicitly scoped as a pre-call runtime kill switch, not a billing ledger, security boundary, or enterprise firewall.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 19, 2026 · 10:25 UTC. How this works →