> ## Documentation Index
> Fetch the complete documentation index at: https://conto.finance/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Defaults

> Single source of truth for every default value applied by the Conto API, SDK, and CLI

# Defaults

This page is the single source of truth for default values in Conto. Other pages link here instead of restating values inline, so the docs stay consistent when defaults change.

## Chains and currencies

The API/SDK and the CLI use different chain defaults on purpose. The API defaults to testnet so backend integrations are safe by default. The CLI defaults to mainnet because interactive operators usually want production.

| Setting                                         | Default                 | Notes                                                                                              |
| ----------------------------------------------- | ----------------------- | -------------------------------------------------------------------------------------------------- |
| Default chain ID (API/SDK)                      | `42431` (Tempo Testnet) | Applied when `chainId` is not supplied to `POST /api/wallets` or `POST /api/sdk/payments/request`. |
| Default chain ID (CLI)                          | `4217` (Tempo Mainnet)  | Used by `create-conto-agent` interactive prompts. Override with `--chain`.                         |
| Default chain type                              | `EVM`                   | Applied to new wallets when omitted.                                                               |
| Default Tempo Mainnet currency                  | `USDC.e`                | Returned in payment responses for chain `4217`.                                                    |
| Default Tempo Testnet currency                  | `pathUSD` (TIP-20)      | Returned in payment responses for chain `42431`.                                                   |
| Default Base/Ethereum/Arbitrum/Polygon currency | `USDC`                  | Resolved per chain by `getPrimaryStablecoin(chainId)`.                                             |
| Default Solana currency                         | `USDC` (SPL)            | Resolved by chain ID `solana-mainnet`.                                                             |

### Explorer URLs

Tempo has two networks with two explorers. Each is canonical for its chain.

| Chain ID | Name          | Explorer                             |
| -------- | ------------- | ------------------------------------ |
| `4217`   | Tempo Mainnet | `https://explore.tempo.xyz`          |
| `42431`  | Tempo Testnet | `https://explore.moderato.tempo.xyz` |

EVM chains use the standard block explorers (`basescan.org`, `etherscan.io`, etc.) and Solana uses `solscan.io` / `explorer.solana.com`.

## Wallets

`POST /api/wallets` applies these Zod defaults before persisting:

| Field         | Default                           |
| ------------- | --------------------------------- |
| `walletType`  | `EOA`                             |
| `chainType`   | `EVM`                             |
| `chainId`     | `42431` (via `getDefaultChain()`) |
| `custodyType` | `PRIVY`                           |
| `isWatchOnly` | `false`                           |

### Custody priority

The payment evaluator selects wallets in this order when an agent has multiple linked wallets:

`PRIVY > SPONGE > SMART_CONTRACT > EXTERNAL`

Executable custody (PRIVY, SPONGE) is preferred so platform-routed payments do not need user intervention.

## Agent-wallet links

`POST /api/agents/{id}/wallets` applies these defaults:

| Field               | Default                           | Notes                                                          |
| ------------------- | --------------------------------- | -------------------------------------------------------------- |
| `delegationType`    | `LIMITED`                         | Other values: `FULL`, `VIEW_ONLY`, `PREAPPROVED`, `ALLOWLIST`. |
| `spendLimitPerTx`   | `100`                             | USD. `null` means unlimited.                                   |
| `spendLimitDaily`   | `1000`                            | `null` means unlimited.                                        |
| `spendLimitWeekly`  | `null`                            | Unlimited unless set.                                          |
| `spendLimitMonthly` | `null`                            | Unlimited unless set.                                          |
| `allowedHoursStart` | `0`                               | Hour of day, 0-23.                                             |
| `allowedHoursEnd`   | `24`                              | Hour of day, 1-24.                                             |
| `allowedDays`       | `['Mon','Tue','Wed','Thu','Fri']` | Use full 7-day list to allow weekends.                         |
| `timezone`          | `UTC`                             | IANA names accepted (`America/New_York`, etc.).                |

For wallet-level spend limits, `null`, omitted fields, and `0` mean "unlimited". Use a positive
number to enforce a cap.

## External-wallet auto-create

When `POST /api/sdk/payments/approve` is called with a `senderAddress` that does not yet exist in the organization, Conto creates an EXTERNAL wallet automatically with:

| Field               | Default                            |
| ------------------- | ---------------------------------- |
| `spendLimitPerTx`   | `null` (unlimited per transaction) |
| `spendLimitDaily`   | `1000` USD                         |
| `spendLimitWeekly`  | `5000` USD                         |
| `spendLimitMonthly` | `20000` USD                        |
| `custodyType`       | `EXTERNAL`                         |
| `enforcementMode`   | `MONITORING_ONLY`                  |

Tighten these via `PATCH /api/agents/{agentId}/wallets/{walletId}` before relying on them in production.

## Approval tokens

| Endpoint                                            | Token TTL  |
| --------------------------------------------------- | ---------- |
| `POST /api/sdk/payments/request`                    | 5 minutes  |
| `POST /api/sdk/payments/approve` (external wallets) | 10 minutes |
| `POST /api/sdk/cards/approve`                       | 5 minutes  |

Tokens are single-use. After expiry, request approval again.

## SDK keys

| Setting               | Default           | Notes                                                              |
| --------------------- | ----------------- | ------------------------------------------------------------------ |
| `expiresInDays`       | `365`             | Optional. Defaults to 365 when omitted.                            |
| Max `expiresInDays`   | `730`             | 2-year hard cap.                                                   |
| Key format (standard) | `conto_agent_...` | Per-agent. Used for payment operations.                            |
| Key format (admin)    | `conto_agent_...` | Per-agent. Adds `agents:write`, `wallets:write`, `policies:write`. |
| Org API key format    | `conto_...`       | Org-level. Used with `ContoAdmin`.                                 |

Full keys are returned only once at creation. Store them immediately.

## Payment requests

| Setting                                  | Default                                                                                                                           |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| `currency` (on `POST /api/transactions`) | `USDC`                                                                                                                            |
| `urgency`                                | `NORMAL`                                                                                                                          |
| `autoExecute`                            | `false`                                                                                                                           |
| Idempotency window                       | Indefinite. Same `idempotencyKey` + same payload returns the cached result. Different payload returns `409 IDEMPOTENCY_CONFLICT`. |

## Policy evaluation

| Setting                    | Default           | Notes                                                                            |
| -------------------------- | ----------------- | -------------------------------------------------------------------------------- |
| Policy priority direction  | Higher first      | `evaluatePolicyRules` sorts by descending priority.                              |
| Default policy priority    | `50`              | Use `0-100`. Reserve 90+ for security/compliance rules you want evaluated first. |
| Rule combination           | `AND`             | All rules in a policy must pass.                                                 |
| Policy combination         | `AND`             | All policies assigned to an agent must pass. First `DENY` stops evaluation.      |
| Counterparty trust storage | Decimal `0.0-1.0` | Rule values for `TRUST_SCORE` use the same scale. Defaults to `0.5` (`UNKNOWN`). |

## Counterparties

| Field        | Default   |
| ------------ | --------- |
| `trustScore` | `0.5`     |
| `trustLevel` | `UNKNOWN` |
| `riskLevel`  | `MEDIUM`  |
| `verified`   | `false`   |
| `type`       | `VENDOR`  |

Trust levels map to score ranges:

| Range        | Level      |
| ------------ | ---------- |
| `0.75 - 1.0` | `TRUSTED`  |
| `0.5 - 0.75` | `VERIFIED` |
| `0.2 - 0.5`  | `UNKNOWN`  |
| `0.0 - 0.2`  | `BLOCKED`  |

## Rate limits

| Endpoint group        | Limit | Window    | Key         |
| --------------------- | ----- | --------- | ----------- |
| SDK payment endpoints | 60    | 1 minute  | Per agent   |
| SDK read endpoints    | 120   | 1 minute  | Per agent   |
| Auth endpoints        | 10    | 5 minutes | Per IP      |
| Account auth          | 5     | 5 minutes | Per account |
| Dashboard             | 100   | 1 minute  | Per user    |

Sliding window. Fails closed if the backing store is unavailable.

## Pagination

| Field       | Default |
| ----------- | ------- |
| `limit`     | `50`    |
| Max `limit` | `100`   |
| `offset`    | `0`     |

Paginated responses return `{ items, total, limit, offset }`.

## Webhook delivery

| Setting          | Default                                            |
| ---------------- | -------------------------------------------------- |
| Max retries      | `3`                                                |
| Backoff          | Immediate first attempt, retries after 1s, then 2s |
| Timeout          | 10 seconds                                         |
| Signature header | `X-Conto-Signature` (HMAC-SHA256)                  |
| Required scheme  | HTTPS (HTTP and private IPs blocked)               |

## Auto-freeze thresholds

| Trigger                        | Default threshold |
| ------------------------------ | ----------------- |
| `CONSECUTIVE_VIOLATIONS`       | 5                 |
| `CONSECUTIVE_FAILURES`         | 5                 |
| `SPEND_VELOCITY`               | 3x normal         |
| `LARGE_TRANSACTION_ANOMALY`    | 10x normal        |
| `TRUST_SCORE_BELOW_THRESHOLD`  | `<0.2`            |
| `TRUST_SCORE_DROP`             | `30%`             |
| `RAPID_COUNTERPARTY_SWITCHING` | 10 per hour       |

Tunable via `PATCH /api/agents/{id}/freeze-config`.

## Org roles

`OrgRole` enum: `OWNER`, `ADMIN`, `MANAGER`, `MEMBER`, `VIEWER`. New members default to `MEMBER`.

See [Roles and permissions](/guides/roles-permissions) for the permission matrix.
