Enterprise AI Budget
Department budgets for AI. Enforced at request time.
Set a dollar cap per department, per employee, per workflow. P402 denies the request that would breach it, before the provider is called.
For enterprise platform teams, FinOps leads, and IT governance owners managing AI spend across business units.
The problem
Annual budgets, monthly invoices, weekly surprises.
Finance writes a number for the year. Engineering ships a feature. Two months later a $48k overage shows up on the AI line item. Nobody flagged it because nobody could see it in real time.
The denial decision needs to happen at the AI call, not at month-end. Otherwise the spend is already gone and the conversation is about who pays the variance, not how to prevent the next one.
What P402 does
One ledger. Owner, budget, policy, outcome, evidence.
Tenant, department, employee, workflow. Budgets compose. The smallest active cap wins. Audit trail logs every decision.
Deny codes: BUDGET_EXCEEDED, MANDATE_INACTIVE, CATEGORY_DENIED, SIGNATURE_INVALID. Every denied event is a row in Prove with a reason and a recovery path.
Real-time spend tile per department, refreshed on every event. No 24-hour delay, no provider-side aggregation lag.
Sign a budget into an AP2 mandate. The mandate is enforceable on-chain via the protocol. Verifiable when the spend ledger is audited.
Proof
Distinct, machine-readable policy decisions. No silent failures.
Median policy-decision overhead added to a request.
Mandates, identity, and reputation. Protocol-grade governance.
Questions
enterprise ai budget: FAQ
How granular can budgets get?
Tenant, department, employee, customer, project, feature, workflow. Any scope you attribute against can carry its own budget.
What happens when an employee exceeds their cap?
The request is denied with deny_code BUDGET_EXCEEDED. The denied event still lands in the ledger with full attribution so finance can see what was attempted.
Can engineers override a deny?
Only through an explicit policy bump signed by a budget owner. The override itself is logged as a policy event in Prove.
Do mandates stop working if Stripe or our IdP is down?
No. Policy is enforced in the request path against the policy table; payment rails and IdP are independent. The deny decision is a database read.
How does this work across providers?
P402 is the gateway. Every provider call (OpenAI, Anthropic, Gemini, Bedrock, OpenRouter) flows through the same policy engine and lands in the same ledger.