Pushary
Blog
Product

Stop runaway spend: kill an agent session at a daily budget

Set a daily budget for an AI agent, track its cost from the transcript, and auto-stop the session when it crosses the line.

AG
Aadil Ghani
Founder, Pushary
Jun 9, 20264 min read
Share

A long agent run can quietly turn into a long bill. The agent loops, retries, re-reads files, and keeps calling the model. By the time you look, the day is gone and so is the money. Cost guard is the part of Pushary that watches that, reads the session cost straight from the agent's transcript, and stops the session once it crosses a daily budget you set.

Key takeaways

  • Cost guard tracks an agent session's running cost from its transcript, not a guess.
  • You set a daily budget. When the session crosses it, the session gets stopped.
  • It is the same control surface as the rest of Pushary: a policy, with an audit record of what happened.

The problem with leaving an agent running

You hand an agent a task and walk away. That is the whole point of running one. But the failure mode is the same one every time: a loop with no person watching it. The agent hits something it cannot resolve, tries again, tries a slightly different way, and the token meter keeps moving. Nobody decided to spend that money. It just happened because the run never had a ceiling.

You can babysit the terminal, but that defeats the reason you started the agent. What you actually want is a number you set once and a thing that enforces it for you.

What cost guard does

Cost guard reads the cost of a session from the agent's transcript. Agents like Claude Code write a transcript as they work, and that transcript carries the token usage and cost of the run. Cost guard tracks that running total against a daily budget you configure. When the session crosses the budget, the session is stopped.

That stop is the same mechanism behind the kill switch. The difference is the trigger. A kill switch is you, on your phone, deciding to pull the plug. Cost guard is a number deciding for you, so a runaway loop cannot burn the whole day before you happen to check.

Two honest notes on scope:

  • This works where the agent writes a transcript Pushary can read, which is the CLI-hook agents (Claude Code, Codex, Gemini CLI, Cursor, Hermes). The Claude Desktop connector is paste-one-URL and can only notify and ask, so it has no hooks and no enforced stop.
  • Cost guard kills the session. It does not retroactively refund spend that already happened. The point is to cap the worst case, not to undo it.

How it fits the rest of the control panel

Cost guard is not a bolt-on. It sits next to the other controls in the agent control panel: per-tool permission policies, the human-in-the-loop approval flow, and the audit trail. That placement is the point. The thing worth paying for is the policy plus the record. Anyone can send a ping.

When cost guard stops a session, that is an event with a reason. It shows up in your history the same way a denied git push or an approved deploy does. You get a per-session receipt of what the agent did and why the run ended. If you are an eng lead or you answer to anyone on spend, the answer to "why did this stop" is in the audit trail, not in your memory of the afternoon.

The same dataset thinking applies here as everywhere in Pushary. Our read-only safe floor, the rules that auto-approve proven read-only commands, was decided from 1,721 real production questions, not from a hunch about what feels safe. Cost guard is the same idea pointed at money: a hard line you set on purpose, enforced without you in the room.

Setting a budget

Cost guard runs through the same agent hook that handles permissions and notifications, so if you already have an agent connected, the plumbing is there. The flow:

  1. Connect your agent with the CLI. The quickstart covers the one-time setup.
  2. Set your daily budget. This is the ceiling for a session's tracked cost.
  3. Run the agent normally. Cost guard watches the transcript in the background.
  4. When a session crosses the budget, it gets stopped, and the stop lands in your activity history.

If you want the policy details behind how rules and limits resolve, the policies docs are the reference. If you want to understand the stop mechanism itself, the kill switch docs cover it.

Who this is for

This is for anyone running agents without watching them. Maybe you kick off an overnight refactor and go to sleep. Maybe you run batch agent jobs and check in once a day. Or you handed agents to a team and you want a spend ceiling that does not depend on everyone remembering to look. The budget is yours to set, and the enforcement does not need you in the room.

Cost guard ships on the paid agent plans alongside the rest of the control panel. You can see what is included on pricing, or read the broader case for putting a control layer in front of your AI agents. Decide the ceiling once, and stop hoping a loop will end on its own.

AG
Aadil Ghani
Founder, Pushary

Building Pushary so an AI agent can reach you on your phone and wait for a yes before it does something you would not want.

XWebsite

Read next

Product

How permission policies learn your defaults

Match rules on what the agent is about to run, not just the tool name, and let your real approve and deny history write the rules for you.

Jun 25, 20264 min readAadil Ghani
Product

The Pushary mobile app: answer approvals and send commands from your phone

The phone is now two-way: approve an agent action from the lock screen, then queue an instruction back to the running session.

Jun 16, 20264 min readAadil Ghani
Product

One board for every running agent

Delivery modes, presence-aware routing, and a Fleet board that groups concurrent agent sessions into lifecycle columns.

Jun 14, 20264 min readAadil Ghani

Get a push the moment your agent needs you

Approvals, done alerts, and a kill switch for Claude Code, Codex, Cursor, and the rest. It takes a couple of minutes to set up.