> ## Documentation Index
> Fetch the complete documentation index at: https://conto.finance/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Testing Spending Policies

> End-to-end walkthrough: connect an agent, configure policies, and verify they enforce correctly

# Testing Spending Policies

This guide focuses on **policy semantics**: how rules, actions, and priorities combine, and how to prove it with a three-tier threshold test that approves, requires approval, or denies payments based on amount.

For environment choices (agent sandbox vs testnet), counterparty and time-window scenarios, and production migration, see [Testing Payments Safely](/guides/testing-payments).

## Prerequisites

<Check>A Conto account and organization</Check>
<Check>An active agent with a linked, funded wallet and an SDK key in `CONTO_API_KEY`. The [Quickstart](/quickstart/setup) walks through creating the wallet, connecting the agent, and generating the key</Check>

## What You'll Build

| Amount Range | Expected Result            | Policy                         |
| ------------ | -------------------------- | ------------------------------ |
| $0 - $10     | **Approved** automatically | Under all thresholds           |
| $10 - $15    | **Requires approval**      | Exceeds approval threshold     |
| \$15+        | **Denied**                 | Exceeds max transaction amount |

## Step 1: Verify Your Setup

Before creating policies, confirm the agent is correctly configured:

```bash theme={null}
curl https://conto.finance/api/sdk/setup \
  -H "Authorization: Bearer $CONTO_API_KEY"
```

This returns your agent's profile, linked wallets, active policies, and current spend tracking. Check that:

* `agent.status` is `"ACTIVE"`
* `wallets` array is not empty

If either check fails, go back to the [Quickstart](/quickstart/setup).

## Step 2: Create Policies

Create two policies to test different enforcement behaviors.

### Policy A: Spend Limit

<Steps>
  <Step title="Create the policy">
    Go to **Policies** in the sidebar and click **Create Policy**.

    * **Name**: "Manual Spend Test"
    * **Description**: "Deny transactions over \$15"
    * **Policy Type**: SPEND\_LIMIT
  </Step>

  <Step title="Add a rule">
    | Field     | Value        |
    | --------- | ------------ |
    | Rule Type | `MAX_AMOUNT` |
    | Operator  | `LTE`        |
    | Value     | `15`         |
    | Action    | `ALLOW`      |

    This allows transactions up to \$15. Anything above is denied.

    <Info>
      **How rule actions work:**

      * `ALLOW` + `LTE $15` means: "Allow transactions where the amount is ≤ \$15"
      * Transactions that do NOT match the ALLOW condition are implicitly denied
      * `DENY` + `GT $15` achieves the same effect: "Deny transactions where amount > \$15"
      * `REQUIRE_APPROVAL` + `GT $10` means: "Require manual approval when amount > \$10"

      Think of it as: the **action** tells Conto what to do when the **condition is true**.
    </Info>
  </Step>
</Steps>

### Policy B: Approval Threshold

<Steps>
  <Step title="Create the policy">
    * **Name**: "Manual Approval Test"
    * **Description**: "Require approval for transactions over \$10"
    * **Policy Type**: APPROVAL\_THRESHOLD
  </Step>

  <Step title="Add a rule">
    | Field     | Value                    |
    | --------- | ------------------------ |
    | Rule Type | `REQUIRE_APPROVAL_ABOVE` |
    | Operator  | `GREATER_THAN`           |
    | Value     | `10`                     |
    | Action    | `REQUIRE_APPROVAL`       |

    Transactions over \$10 require manual approval in the dashboard before they can execute.
  </Step>
</Steps>

## Step 3: Assign Policies to the Agent

<Steps>
  <Step title="Open agent detail page">
    Navigate to your agent's detail page.
  </Step>

  <Step title="Go to the Permissions tab">
    Click the **Permissions** tab.
  </Step>

  <Step title="Assign both policies">
    Assign "Manual Spend Test" and "Manual Approval Test" to the agent. All assigned policies are evaluated with AND logic, the most restrictive rule wins.
  </Step>
</Steps>

You can re-run the `GET /api/sdk/setup` call from Step 1 to confirm `policies` now shows both assigned policies.

## Step 4: Run Test Transactions

Use `curl` or any HTTP client to test the three scenarios.

### Test 1: \$5 Payment (Expect: APPROVED)

```bash theme={null}
curl -X POST https://conto.finance/api/sdk/payments/request \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 5,
    "recipientAddress": "0x1234567890abcdef1234567890abcdef12345678",
    "purpose": "Test - under all limits",
    "category": "software"
  }'
```

Expected response:

```json theme={null}
{
  "requestId": "cmm...",
  "status": "APPROVED",
  "currency": "pathUSD",
  "wallet": {
    "address": "0x788dD0...",
    "availableBalance": 999822
  }
}
```

### Test 2: \$12 Payment (Expect: REQUIRES\_APPROVAL)

```bash theme={null}
curl -X POST https://conto.finance/api/sdk/payments/request \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 12,
    "recipientAddress": "0x1234567890abcdef1234567890abcdef12345678",
    "purpose": "Test - over approval threshold"
  }'
```

Expected response:

```json theme={null}
{
  "requestId": "cmm...",
  "status": "REQUIRES_APPROVAL",
  "violations": [
    {
      "type": "PER_TX_LIMIT",
      "message": "[Policy: Manual Approval Test] Amount $12 exceeds approval threshold $10",
      "source": "policy_rule",
      "policyName": "Manual Approval Test"
    }
  ]
}
```

### Test 3: \$20 Payment (Expect: DENIED)

```bash theme={null}
curl -X POST https://conto.finance/api/sdk/payments/request \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 20,
    "recipientAddress": "0x1234567890abcdef1234567890abcdef12345678",
    "purpose": "Test - over max amount"
  }'
```

Expected response:

```json theme={null}
{
  "requestId": "cmm...",
  "status": "DENIED",
  "violations": [
    {
      "type": "PER_TX_LIMIT",
      "message": "[Policy: Manual Spend Test] Transaction amount $20 exceeds limit $15",
      "source": "policy_rule",
      "policyName": "Manual Spend Test"
    }
  ]
}
```

## Step 5: Execute an Approved Payment

If Test 1 returned `APPROVED`, you can execute it onchain:

```bash theme={null}
curl -X POST https://conto.finance/api/sdk/payments/REQUEST_ID/execute \
  -H "Authorization: Bearer $CONTO_API_KEY"
```

Response includes the `txHash` and an explorer URL to verify onchain.

## Using the SDK Instead of curl

The same three tests in TypeScript (`conto.payments.request` with amounts 5, 12, and 20) are shown in the [Quickstart's SDK step](/quickstart/setup#step-9-same-flow-via-the-sdk).

## Editing Wallet Limits After Setup

If you need to change wallet spending limits after the initial setup:

1. Go to the agent detail page
2. Open the **Overview** or **Wallets** tab
3. Click the **pencil icon** next to the wallet
4. Update per-transaction, daily, weekly, or monthly limits
5. Click **Save Changes**

<Warning>
  If the per-transaction limit is set to `$0`, the wallet-level per-transaction cap is disabled.
  Update it to a positive value when you need a cap.
</Warning>

## How Policy Evaluation Works

Conto evaluates wallet-level limits first, then policy rules with AND logic. The first DENY stops evaluation. Org-level policies stack with agent-level policies. See [Policy Overview](/policies/overview) for the full reference.

## Troubleshooting

These accordions cover policy-semantics issues. For setup issues (lost SDK keys, unfunded wallets), see the [Quickstart troubleshooting](/quickstart/setup#troubleshooting); for environment and scenario issues, see [Testing Payments Safely](/guides/testing-payments#troubleshooting).

<AccordionGroup>
  <Accordion title="Payment denied but I expected REQUIRES_APPROVAL">
    Multiple policies are evaluated with AND logic. If one policy denies while another would require approval, the denial takes priority. Check which policies are assigned in the Permissions tab.
  </Accordion>

  <Accordion title="Wrong policy is triggering">
    Policies at the same priority level are all evaluated. If both an approval threshold (`>$10`)
    and a spend limit (`>$15`) match, DENY wins over REQUIRES\_APPROVAL. Priority changes sort
    order only; it does not override a failing rule.
  </Accordion>

  <Accordion title="Organization policies are overriding my agent policies">
    Org-level policies apply to all agents. If a Starter policy caps transactions at $25 and your agent policy allows up to $100, the \$25 cap wins. Check with your org admin.
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Policy Types" icon="shield" href="/policies/overview">
    Explore all available policy rule types
  </Card>

  <Card title="SDK Reference" icon="code" href="/sdk/payments">
    Full SDK payment methods and options
  </Card>

  <Card title="Time Windows" icon="clock" href="/policies/time-windows">
    Restrict payments to specific hours and days
  </Card>

  <Card title="Counterparties" icon="users" href="/policies/counterparties">
    Allowlist and blocklist recipient addresses
  </Card>
</CardGroup>
