Conto for Hermes: Policy Enforcement for Nous Research Agents
Conto adds spending policy controls to every payment your Hermes agent makes. Per-transaction limits, daily budgets, category restrictions, approval workflows, and 40+ other rule types. One API call, every policy evaluated.
Nous Research's Hermes agents can execute payments autonomously. That unlocks a lot, but it also opens the door to real financial risk if there's nothing standing between the agent and the wallet.
We're excited to announce our Hermes integration. It's a Conto skill that evaluates every outgoing payment against your spending policies before a single token leaves the wallet. If you're running Hermes agents, you can now enforce per-transaction caps, rolling budgets, counterparty allowlists, human approval thresholds, and 40+ other rule types — all through a single skill install.
We're opening up the full policy suite to early adopters at no cost while we collect feedback. Join our Discord if you want to try it out or have questions.
Why This Matters
Autonomous payment ability is table stakes for useful agents. But autonomy without constraints is how wallets get drained — a misconfigured API call, an unexpected loop, a bad recipient address. The usual fix is custom validation logic bolted onto each agent, which tends to be brittle, incomplete, and hard to audit.
Conto centralizes that enforcement. You define the rules once, and every payment your Hermes agent attempts gets checked against them before execution.
The Flow
Every payment attempt passes through Conto before any funds move:
- You configure spending policies in the Conto dashboard
- Your Hermes agent initiates a payment
- The skill sends the payment details to Conto's approval endpoint
- Conto evaluates the request against every active policy
- The response is
APPROVED,DENIED, orREQUIRES_APPROVAL - The agent acts accordingly
POST /api/sdk/payments/approveA single call covers all your rules — transaction limits, daily caps, counterparty checks, time windows, everything. If the payment doesn't clear, the agent gets back the specific violations so it can report why.
Installation
Hermes supports well-known skill discovery, so setup is one command:
hermes skills install well-known:https://conto.finance/.well-known/skills/contoThis pulls down the skill manifest and a conto-check.sh helper script into ~/.hermes/skills/conto/.
Then add your SDK key to ~/.hermes/.env:
CONTO_SDK_KEY=conto_agent_your_key_here
CONTO_API_URL=https://conto.financeYou can generate keys from the Conto dashboard under Agents > SDK Keys > Generate New Key. Standard keys handle payment evaluation and transaction visibility. Admin keys also allow policy creation and wallet management.
Policy Types
Over 40 rule types are available across several categories:
- Human Approval. Require manual sign-off for payments above a configurable threshold.
- Spend Limits. Per-transaction maximums, plus daily, weekly, and monthly rolling caps. Budget allocations for specific use cases.
- Category Controls. Restrict payments by category — allow only
API_PROVIDERandINFRASTRUCTURE, blockTRAVELandMARKETING, or any combination across 14 supported categories. - Counterparty Management. Maintain allowlists of approved recipient addresses or blocklists of known-bad ones.
- Scheduling. Limit payments to business hours, specific days of the week, or block them entirely during maintenance windows.
- x402 API Controls. Set price ceilings per x402 call, cap daily spend per service, or block specific x402 endpoints entirely.
You can create policies through structured JSON or plain language:
/conto create a policy that limits each transaction to 200 pathUSDWallet Modes
The integration supports two custody models:
Provider-managed (Sponge or Privy): A single API call handles policy evaluation and payment execution together. The wallet provider holds the keys, and Conto orchestrates the full flow. This is the simplest setup if you don't need direct key custody.
External wallet: Your agent holds its own keys. Conto evaluates the payment and returns an approval. Your agent then executes the transfer independently and confirms back with the transaction hash:
POST /api/sdk/payments/{approvalId}/confirmApproval tokens are cryptographically bound to the original request parameters — amount, recipient, and chain — and expire after 10 minutes. They can't be replayed for a different payment.
Chains
Base, Tempo, and Solana are all supported, along with their respective stablecoins.
Get Started
- Sign up at conto.finance
- Install the Conto skill:
hermes skills install well-known:https://conto.finance/.well-known/skills/conto- Connect your Hermes agent in the dashboard
- Generate an SDK key
- Add the config to
~/.hermes/.env - Create your first policy
Resources
- Hermes SDK Reference — full API docs for the Hermes integration
- Conto Dashboard — manage agents, policies, and SDK keys
- Skill Manifest — well-known endpoint for skill discovery
- Policy Guide — deep dive into all 40+ rule types
- Discord Community — feedback, questions, and support
- OpenClaw Integration — if you're also building on OpenClaw
Your agents can move money. Conto makes sure they do it on your terms.