Policy Engine
Define the rules for how agents spend, then evaluate every payment request before funds move. Conto keeps limits, categories, trust requirements, and approval rules in the transaction path.
One policy check, two execution paths
Managed wallet
Conto-orchestrated execution · Provider-backed custody, e.g. Privy or Sponge
Agent requests a payment
POST /payments/requestConto evaluates policy
Human approves
Routine spend skips this step.
Managed provider signs and sends
Conto approves the request, then executes through the configured custody provider.
POST /payments/executeLogged with full context
tx 0x9f2c… ✓
policy · approval · settled
Agent-controlled wallet
Agent keeps its own keys · Conto authorizes, logs on confirm
Agent asks to authorize
POST /payments/approveConto evaluates policy
Human approves
Routine spend skips this step.
Agent signs with its own key
Conto returns an approval token (10 min). The agent sends the tx.
Agent confirms the hash
POST /payments/confirmtx 0x9f2c… ✓
policy · approval · settled
Same payment context, same policy evaluation, same audit trail. Execution is where the path diverges.
Policy controls built for the payment decision
Use policy primitives that evaluate spend at the moment an agent asks to move money.
Spend limits
Set per-transaction, daily, weekly, monthly, and scoped limits by agent, wallet, merchant, category, or project.
Counterparty rules
Require trusted recipients, block risky addresses, and route unknown counterparties to review.
Velocity controls
Catch broken loops, retry storms, and unexpected payment bursts before a wallet is drained.
Approval thresholds
Let routine payments clear while higher-risk requests pause for human review with full policy context.
Policy outcomes your teams can inspect
Finance, operations, and security can see which rule fired, why it fired, and what happened to the payment next.
Payment request
Rules evaluated
Routed to review
1 of 4 rules needs a human before settlement.
How policy decisions shape each payment
The engine sits between agent intent and settlement, turning configured rules into approve, deny, or route decisions.
Step 1
Configure rules
Create policies for the agent, wallet, payment rail, category, counterparty, or approval path.
Step 2
Evaluate every request
Conto checks the payment request against active policies when the agent tries to pay.
Step 3
Return a clear decision
Approved payments continue, denied requests stop, and exceptions route into approval workflows.
See it in action
Delivery & gig work in action
Watch a dispatch agent pay drivers the moment a delivery completes. Every payout hits the policy engine first, with per-tip caps, category allowlists, and velocity limits returning approve, deny, or review before it settles.
Approval threshold
$40
Velocity limit
5 payouts/hr
Settlement rail
Tempo · pathUSD
What inline policy delivers
Agents can transact autonomously without bypassing financial controls.
Finance and security see the exact policy decision behind each payment.
Control changes happen in Conto instead of scattered runtime code.
Where runtime policy shows up
Escalation paths
Approval routing for high-value or ambiguous payment decisions
Some payment decisions need a pause, not a hard stop. Agents can keep moving on the standard path while Conto holds only the transactions that need human approval.
ExploreVendor trust controls
Vendor and counterparty controls for autonomous payments
Trusted vendors should clear quickly, and new counterparties should not slip through unnoticed. Conto keeps vendor, merchant, and service-provider policy attached to each request so recipient drift is caught immediately.
ExploreMicropayments
x402/MPP and service-spend budgets for machine payments
When agents are paying for APIs, inference, or compute by the call, Conto applies per-request caps and session budgets so service spend stays bounded even when the agent is making many decisions per minute.
Explore