A policy is a set of rules that govern what an agent can do. Every agent has exactly one active policy at a time. When a transaction is validated, the policy engine evaluates it against these fields in sequential order. You configure policies through the Policy Builder in the dashboard or via the POST /api/agents/{agentId}/policies endpoint.New agents receive a default policy after claiming: 100per−transactionlimit,1,000 daily limit, risk scanning enabled, and no address restrictions.
Maximum USD value for a single transaction. Any transaction above this amount is blocked with per_tx_limit_exceeded.
spend_limit_per_day_usd
decimal
1000
Maximum cumulative USD spend per day. Resets at midnight UTC. Exceeding this triggers daily_quota_exceeded.
spend_limit_per_month_usd
decimal
null
Maximum cumulative USD spend per month. Resets on the 1st of each month. When null, no monthly cap is enforced.
Spend limits use a reservation system. When an intent is validated, the amount is reserved against the budget. Reservations are released when intents fail, expire, or are rejected. They convert to permanent spend records when confirmed on-chain.
Whitelist of permitted destination addresses. When null, all addresses are allowed. When set, only listed addresses pass the allowlist check.
allowed_contracts
string[]
null
Whitelist of permitted contract addresses. Separate from allowed_addresses to distinguish EOA recipients from contract interactions. When null, all contracts are allowed.
Set allowed_addresses to restrict where funds can go. This is the strongest protection against prompt injection attacks that attempt to redirect transfers to attacker-controlled addresses.
Action types the agent is forbidden from performing. If the agent submits a validation with an action field matching any entry, the request is blocked with action_blocked. Example: ["bet", "bridge"].
blocked_selectors
string[]
[]
4-byte function selectors the agent cannot call. Raw validation only. Example: ["0x095ea7b3"] blocks ERC20 approve calls. Triggers selector_blocked.
USD threshold above which transactions require human approval. When null, no amount-based approval is required. Example: set to 500 and any transaction above $500 pauses for approval.
require_approval_actions
string[]
[]
Action types that always require human approval, regardless of amount. Example: ["bridge", "stake"] sends all bridge and stake requests to the approval queue.
require_approval_selectors
string[]
[]
4-byte function selectors that require approval. Raw validation only. Example: ["0x095ea7b3"] requires approval for ERC20 approve calls.
Maximum gas limit (hex string). Raw validation only. When null, no gas cap is enforced. Example: "0x1e8480" (2,000,000 gas). Exceeding triggers gas_limit_exceeded.
max_value_wei
string
null
Maximum native value in wei (hex string). Raw validation only. When null, no native value cap is enforced. Exceeding triggers value_wei_exceeded.
Time-of-day and day-of-week restrictions. When null, transactions are allowed at any time. Format: {"days": [1,2,3,4,5], "hours": [9,10,11,12,13,14,15,16,17]} restricts to weekdays 9am-5pm UTC.
The days array uses ISO day numbers: 1 (Monday) through 7 (Sunday). The hours array lists allowed hours in 24-hour UTC format. Both arrays must be present in the schedule object.
Free-text policy rules written in MANDATE.md format. Passed to the optional LLM judge during reason scanning. Use this to express nuanced rules that structured fields cannot capture. Example: “Never approve transactions to addresses you haven’t interacted with before.”
This policy allows swaps and transfers up to 250each,5,000/day, 50,000/month.Bridgesrequireapproval.Betsareblocked.Transactionsabove1,000 require approval. Only the Base USDC contract is allowed. Trading hours: weekdays 8am-8pm UTC.
