Securing Agents with Policies
An agent without policies is an open wallet. This guide walks through configuring the policies, alerts, and controls that make Conto valuable in production, from basic spend caps to x402 micropayment budgets.Prerequisites
An active agent with a linked wallet
Familiarity with the payment request/execute flow (Quickstart)
How Policies Work
Before diving in, three rules to remember:- AND logic: All assigned policies are evaluated. The most restrictive outcome wins.
- First deny stops: If any policy returns DENY, evaluation stops immediately.
- Wallet limits first: Wallet-level per-transaction/daily/weekly/monthly limits are checked before policy rules.
Layer 1: Spending Limits
The foundation. Every production agent should have spend caps.Daily Budget
Prevents a runaway agent from draining the wallet in a single day.1
Create the policy
Go to Policies → Create Policy.
2
Add rule
The agent can spend up to $100 per day across all transactions. Resets at midnight UTC.
3
Assign to agent
Go to the agent’s Permissions tab and assign this policy.
Per-Transaction Cap
Prevents any single large transaction, even if the daily budget has room.
Add this as a second rule in the same policy, or create a separate policy. Both approaches work. Conto evaluates all rules regardless.
Human Approval for Large Payments
Automatically escalate payments above a threshold for human review.
Payments over $50 show up in Pending Approvals in the dashboard. The agent receives
REQUIRES_APPROVAL and can poll or use webhooks to check status.
A common pattern: set MAX_AMOUNT to 50 (human review in the middle). Payments under 50-200 are blocked outright.
Layer 2: Counterparty Controls
Control who your agent can pay, not just how much.Allowlist Known Recipients
Only permit payments to pre-approved addresses.1
Create the policy
2
Add rule
Only addresses in this list can receive payments. All others are denied.
Block Specific Addresses
Alternatively, allow all recipients except specific blocked ones:Trust Score Threshold
Require counterparties to have a minimum trust score before receiving payments:
New, unknown counterparties start with a low trust score. As transaction history builds, their score increases. See Trust Providers for how scoring works.
Layer 3: Time Controls
Restrict when your agent can make payments.Business Hours Only
1
Create the policy
2
Add time window rule
3
Add day-of-week rule
Both rules must pass (AND logic). Payments outside business hours or on weekends are denied.
Policy-rule time windows use the server’s local time. Use wallet-level time windows when you need
an explicit IANA timezone such as
America/New_York.Blackout Periods
Block payments during specific date ranges (holidays, maintenance windows):Layer 4: x402 Micropayment Controls
If your agent pays for APIs using the x402 protocol, add dedicated micropayment policies.Cap Per API Call
Prevent a single expensive API call from draining the budget:
No single x402 payment can exceed $0.10.
Budget Per Service
Limit total spending on a specific API service:
Total spend per service domain cannot exceed $50.
Allowlist Approved Services
Only allow x402 payments to known API providers:
Payments to any other x402 service domain are denied.
Layer 5: Alerts
Policies prevent bad transactions. Alerts tell you when something interesting happens.Recommended Alert Configuration
Go to Alerts in the sidebar and configure:x402-Specific Alerts
If using x402 micropayments, also enable:Putting It Together: Example Configuration
Here’s a production-ready policy stack for a typical AI agent:
With this stack, the agent can:
- Automatically pay up to $25 to known recipients during business hours
- Request human approval for 50 payments
- Never exceed 200/day
- Pay for x402 APIs up to 20/service
Verifying Your Policies
After setting up, verify with the setup endpoint:policies array shows all active policies and their rules. Run a few test transactions to confirm enforcement before going live.
Troubleshooting
Policy assigned but not enforcing
Policy assigned but not enforcing
Policies must be assigned to the agent in the Permissions tab. Creating a policy doesn’t apply it automatically. Also verify the policy status is ACTIVE (not DRAFT or DISABLED).
Too many violations, agent can't do anything
Too many violations, agent can't do anything
Policies stack with AND logic. If you have 5 restrictive policies, the agent must pass all of them. Review each policy’s rules and consider loosening thresholds or removing redundant policies.
Org-level policy still denying
Org-level policy still denying
Organization-level policies apply to all agents and stack with agent policies. If an org policy caps transactions at 100 won’t override it. Check with your org admin.
Wallet limits vs. policy limits confusion
Wallet limits vs. policy limits confusion
Wallet-level limits (set when linking a wallet) are checked first and separately from policies. If the wallet per-transaction limit is 50, the wallet limit wins. Edit wallet limits from the agent detail page.
Next Steps
Recipes
Copy-paste policy configurations for common scenarios
Advanced Policies
x402, MPP, geographic, and DeFi policy rules
Trust Providers
Counterparty trust scoring and verification
Policy Testing
Step-by-step policy enforcement testing