From zero to first proxied call in 90 seconds.
One URL change. No SDK install required for proxy mode. The optional @gatewards/agent-sdk exists if you want typed errors and retries, but plain fetch works.
# 1. Sign in and create an API keyopen https://helix402.vercel.app/login# 2. Point your agent at the gatewayGATEWAY=https://api.rtahabas.comGATEWARDS_API_KEY=hk_live_...
// 3. Make your first proxied call.// No SDK required — it's a normal fetch.const upstream = 'https://api.coingecko.com/api/v3/simple/price?ids=bitcoin'const res = await fetch(`${GATEWAY}/api/v1/proxy/${encodeURIComponent(upstream)}`,{ headers: { Authorization: `Bearer ${GATEWARDS_API_KEY}` } })const data = await res.json()// What just happened:// • Pipeline budget pre-checked// • Cache looked up (miss → upstream fetch)// • Response returned + tagged with your agent ID// • Lifetime savings counter incremented on cache hit
Need x402 settlement on the merchant side? skip ahead →
Three knobs. One blast radius.
Guards apply to the pipeline as a whole, not per agent. If three agents share a pipeline, the daily limit is divided by usage, not by agent count. Same for dedup — cycles are detected across the fleet.
max_per_callHard cap on a single x402 settlement.
Reject any call whose price would exceed this. Useful when an upstream API quotes per-call pricing and you want a sanity ceiling.
daily_limitPipeline-wide spend cap, rolling 24h window.
Aggregated across every agent in the pipeline. When the limit is hit, the next call returns 423 PIPELINE_PAUSED and a critical webhook fires. Resume by raising the cap or waiting for the window.
dedup_thresholdLoop / runaway detector based on repeated upstream URLs.
If the same canonical URL is hit more than `threshold` times within `window_seconds` across the pipeline, the pipeline auto-pauses. Catches the agent-stuck-in-a-loop case before it burns the budget.
Create via dashboard /dashboard/pipelines or REST
# Create a pipeline with all three guards.curl -X POST https://api.rtahabas.com/api/v1/pipelines \-H "Authorization: Bearer $GATEWARDS_API_KEY" \-H "Content-Type: application/json" \-d '{"name": "research-fleet","max_per_call": "1.00","daily_limit": "50.00","dedup_threshold": 3,"dedup_window_seconds": 60}'
Operators hear about it before the invoice does.
Set a webhook URL on the pipeline. Auto-pause, budget breach, and loop detection fan out a signed JSON payload. Slack hooks.slack.com URLs are auto-detected and rendered as Block Kit messages with no extra config.
Default payload
{"event_type": "pipeline.auto_paused","severity": "critical","pipeline_id": "pipe_8f3a2c1e","payload": {"reason": "loop_threshold_exceeded","resource": "https://api.example.com/search?q=helix","count": 4,"threshold": 3,"windowSeconds": 60},"created_at": "2026-04-27T12:14:00Z"}
Verifying the signature
// Default webhooks are signed with HMAC-SHA256.// Verify before trusting the body.import { createHmac, timingSafeEqual } from 'node:crypto'app.post('/helix-webhook', (req, res) => {const expected = createHmac('sha256', process.env.GATEWARDS_WEBHOOK_SECRET).update(req.rawBody).digest('hex')const got = req.headers['x-gatewards-signature']const ok = got &&timingSafeEqual(Buffer.from(expected, 'hex'), Buffer.from(got, 'hex'))if (!ok) return res.status(401).end()const event = JSON.parse(req.rawBody.toString())// event.event_type, event.severity, event.payloadres.status(200).end()})
Slack adapter strips signature header · severity maps to info / warn / critical