Policy System
The policy system is the core of Conto’s spending controls. Policies define rules that govern how AI agents can spend funds.What is a Policy?
A policy is a set of rules that determine whether a payment should be:- APPROVED - Payment can proceed
- DENIED - Payment is blocked
- REQUIRES_APPROVAL - Manual approval needed
Policy Types
Spend Limit
Control maximum amounts per transaction, day, week, or month
Time Window
Restrict transactions to specific hours and days
Counterparty
Control which recipients are allowed based on trust
Geographic
OFAC sanctions screening and country restrictions, built-in and configurable
AgentScore Compliance
Require verified humans, enforce jurisdiction allowlists, and trigger identity step-up before settlement
Category
Allow or block specific spending categories
Contract Allowlist
Restrict interactions to approved smart contracts and protocols via Contract Registry
Approval Threshold
Require manual approval above certain amounts
Velocity
Limit transaction frequency to prevent rapid drain
Whitelist
Only allow specific pre-approved addresses
x402 Controls
Price ceilings, service allowlists, and session budget caps for x402 micropayments
MPP Controls
Session budgets, concurrency limits, and duration caps for MPP payments
Budget Allocation
Allocate budgets by department or project with period tracking
Expiration
Time-limited permissions with start and end dates
Card Payment
MCC restrictions, merchant filtering, and amount limits for card payments
Policy Evaluation
Policies are evaluated fail-closed. When multiple policies are assigned, all must pass. The first DENY stops evaluation immediately.Evaluation Order
- Pre-checks: Agent must be ACTIVE with linked wallets
- Geographic & Sanctions: OFAC country check + address sanctions screening (always active, no policy needed)
- Counterparty Trust: Pre-fetch trust level and network trust score for use in policy rules
- Wallet Policies: Spend limits, wallet-level time windows (timezone-aware), and other configured policy rules
- Merchant Identity Gates: Optional AgentScore assess results can add verified-human, KYC, sanctions, and jurisdiction context before final settlement
- Counterparty Rules: Block list, trust requirements, network intelligence
- Relationship Limits: Per-counterparty spend limits from
AgentRelationshiprecords - Final Decision: Aggregate results
sessionId recorded with each payment, and MPP session budgets use the MPP sessionId,
so ordinary wallet transfers do not reduce protocol session allowance.
The default local sanctions provider now reads from Conto’s
SanctionedAddress table instead of
a hardcoded demo list. That table is seeded by migration with known high-confidence OFAC matches
and refreshed by the sanctions-list-refresh background job, so sanctions screening starts with
a safe baseline even before the first feed sync completes.| Outcome | Condition |
|---|---|
| DENIED | Any check denies |
| REQUIRES_APPROVAL | No denial, and at least one rule or workflow requires approval |
| APPROVED | All checks pass |
Evaluation Semantics
Policy rules use simple AND logic. Every active policy assigned to the selected agent or wallet is evaluated, and every rule inside those policies must pass unless it is aDENY or REQUIRE_APPROVAL trigger that does not match.
| Action | Meaning |
|---|---|
ALLOW | The condition describes what is permitted. If the condition does not match, the payment is denied. |
DENY | The condition describes what is blocked. If the condition matches, the payment is denied. |
REQUIRE_APPROVAL | The condition describes what needs review. If it matches and no DENY fires, the payment requires approval. |
Creating Policies
Via Dashboard
Configure Policy
| Field | Description |
|---|---|
| Name | Human-readable name |
| Type | Policy type (spend limit, time window, etc.) |
| Priority | 0-100 (higher = evaluated first, but never overrides a failing rule) |
| Description | What this policy does |
Via API
Policy Properties
| Property | Type | Description |
|---|---|---|
name | string | Human-readable name |
description | string | Detailed description |
policyType | enum | Type of policy |
priority | number | Evaluation order (0-100), not override precedence |
isActive | boolean | Whether policy is enforced |
rules | array | Specific rules for this policy |
Assigning Policies
Policies can be assigned to:- Agents - Apply to specific agents
- Wallets - Apply to specific wallets
- Cards - Apply to specific payment cards
Assign to Card
Assign to Agent
Example: Standard Agent Setup
A typical agent configuration with multiple policies:Best Practices
Layer Your Policies
Layer Your Policies
Create policies at different priority levels to make evaluation and debugging easier:
- HIGH (90-100): Security/Compliance (sanctions, blocked addresses)
- MEDIUM (40-60): Business Rules (limits, time windows)
- LOW (0-20): Defaults (catch-all rules)
Start Restrictive
Start Restrictive
Begin with strict policies and relax based on operational needs. Recommended starting limits for new agents: 500/day, $5,000/month.
- Day 1: $100/day limit, 3 trusted vendors
- Week 2: $500/day, add 5 more vendors
- Month 2: $1,000/day, category-based restrictions
Use Approval Thresholds
Use Approval Thresholds
Don’t block high-value transactions entirely - require approval:
Document Your Policies
Document Your Policies
Use descriptions to explain policy intent:
Available Rule Types
The value formats, operators, and caveats for every rule type live in Advanced Policies. Quick index:| Category | Rule Types |
|---|---|
| Spend limits | MAX_AMOUNT, DAILY_LIMIT, WEEKLY_LIMIT, MONTHLY_LIMIT, BUDGET_CAP |
| Time controls | TIME_WINDOW, DAY_OF_WEEK, DATE_RANGE, BLACKOUT_PERIOD (aliases: MAINTENANCE_WINDOW, BLOCKED_TIME_WINDOW) |
| Counterparty & address | ALLOWED_COUNTERPARTIES, BLOCKED_COUNTERPARTIES, TRUST_SCORE, COUNTERPARTY_STATUS |
| Category & contract | ALLOWED_CATEGORIES, BLOCKED_CATEGORIES, CONTRACT_ALLOWLIST (aliases: ALLOWED_CONTRACTS, PROTOCOL_ALLOWLIST) |
| Geographic & compliance | GEOGRAPHIC_RESTRICTION, VELOCITY_LIMIT, REQUIRE_APPROVAL_ABOVE, FAIRSCALE_MIN_SCORE |
| Card payment | CARD_MAX_AMOUNT, CARD_ALLOWED_MCCS, CARD_BLOCKED_MCCS, CARD_ALLOWED_MERCHANTS, CARD_BLOCKED_MERCHANTS |
| x402 protocol | X402_MAX_PER_REQUEST, X402_PRICE_CEILING, X402_MAX_PER_ENDPOINT, X402_MAX_PER_SERVICE, X402_ALLOWED_SERVICES, X402_BLOCKED_SERVICES, X402_ALLOWED_FACILITATORS, X402_VELOCITY_PER_ENDPOINT, X402_SESSION_BUDGET |
| MPP protocol | MPP_MAX_PER_REQUEST, MPP_PRICE_CEILING, MPP_MAX_PER_ENDPOINT, MPP_MAX_PER_SERVICE, MPP_ALLOWED_SERVICES, MPP_BLOCKED_SERVICES, MPP_VELOCITY_PER_ENDPOINT, MPP_SESSION_BUDGET, MPP_MAX_SESSION_DEPOSIT, MPP_MAX_CONCURRENT_SESSIONS, MPP_MAX_SESSION_DURATION, MPP_BLOCK_SESSION_INTENT |
| AgentScore commerce | AGENTSCORE_REQUIRE_VERIFIED, AGENTSCORE_ALLOWED_JURISDICTIONS, AGENTSCORE_BLOCKED_JURISDICTIONS |
Violation Details
When a payment is denied, detailed violation info is returned:source field indicating whether the denial came from a wallet-level limit ("wallet_limit") or a policy rule ("policy_rule"). Policy rule violations also include policyName.
Engine Architecture
Each rule type is evaluated by a dedicated strategy module. The engine looks up the strategy for a rule’sruleType from a registry and delegates evaluation.
New rule types can be added without modifying the core engine, register a new
strategy and update the SKILL.md docs.
Next Steps
Spend Limits
Configure amount-based limits
Time Windows
Set up time-based restrictions