Use Case · Vercel AI SDK

Your AI SDK agent has tools. Civic decides which ones it can use.

The Vercel AI SDK makes it easy to give agents tool access. Civic makes it safe, with rate limits, scoped permissions, and instant revocation.

Start building See how it works

use case / vercel ai sdk

The AI SDK called the payment API 4,000 times in a loop.

Just imagine, one day…

You build a billing reconciliation tool using the Vercel AI SDK with tool-use enabled. Your agent has access to a payment API for reading invoices. It's supposed to fetch recent charges and flag discrepancies.

A malformed prompt causes the agent to enter a retry loop. Each iteration calls the list-charges endpoint with slightly different parameters, convinced the previous call failed. It runs for 11 minutes before you notice. By then it has made over 4,000 API calls, hit the rate limit, triggered a fraud review on your account, and racked up overage charges.

An agent with an API key and no rate limit can run up a bill before you even notice.

Without rate limits, one bad prompt becomes an expensive mistake.

It does things you did not intend

You asked it to read invoices. It hammered the payment API 4,000 times. A retry loop turned a read operation into a fraud alert.

You cannot prove what happened

4,000 API calls. No log of what triggered the loop, what parameters changed, or why it kept retrying. Debugging costs as much as the incident.

You cannot stop it fast enough

11 minutes before you noticed. The API key has no rate limit. The SDK has no circuit breaker. The charges keep adding up.

It gets confused and you never know

A malformed invoice entry causes the agent to misread the response and retry with slightly different parameters each time, convinced the previous call failed.

Your AI SDK agent calls Civic. Civic calls the APIs. You set the limits.

Connectivity

1 Civic endpoint for payments, email, databases, and more. Your AI SDK agent gets tool access without managing API keys.

Guardrails

Read charges but don't create them. 60 calls per minute, max. The agent physically can't exceed the limits you set.

Auditability

Every API call logged with parameters, response, and timing. When a loop starts, you see it in real time, not on your next invoice.

Revocation

Revoke any connection and the agent loses access instantly. No waiting for key rotation. No partial states. Just off.

Connect the Vercel AI SDK through Civic in three steps

Vercel AI SDK Agent

Add payments API and email.

Restrict payments to read-only.

Set rate limit to 60 calls per minute.

Done. 2 tools connected:

✓ Payments — read-only, 60/min limit

✓ Email — read-only

Your MCP URL is ready to copy.

Read the docs

The same scenario. Different outcomes.

Without Civic, the agent retries until the API cuts it off. With Civic, it hits the rate limit after 60 calls and stops.

$ ai-agent reconcile-charges

[ai-sdk] fetching charges...

[payments:list] call #1 — 200 OK

[ai-sdk] response unclear, retrying...

[payments:list] call #4,012 — rate limit hit

[stripe] ✘ fraud review triggered

$ # 4,000 calls. $340 in overages. fraud alert.

$ ai-agent reconcile-charges

[ai-sdk] fetching charges...

[payments:list] call #1 — 200 OK

[ai-sdk] response unclear, retrying...

[nexus] rate limit: 60/min reached

[nexus] ✘ BLOCKED — cooling off for 60s

[nexus] anomaly logged — alert sent

$ # 60 calls. rate limit enforced. you got a Slack ping.

Your AI SDK agent deserves rate limits.

You already built the agent. Spend 10 minutes adding the guardrails so a retry loop doesn't become an invoice.

Start building Read the docs