Spending Policies

Frequently asked questions

How do I limit how much money my AI agent spends?

Set per-call, per-day, per-month, per-counterparty and per-rail caps in the dashboard or via PATCH /agents/:id. The 4-layer policy cascade enforces Account ⊇ Principal ⊇ Agent on every write — you cannot grant an agent more than the Principal has, and you cannot grant a Principal more than the Account is approved for.

Can I require approval over a threshold?

Yes. Configure an approval threshold (e.g. $500) and any spend above it routes to the Principal via WhatsApp tap-to-approve or passkey signature. Over $10k can require 2-of-3 multi-sig with separate Principals.

What happens when a cap is hit?

The transaction is rejected before any rail is hit — no half-state, no partial spend. The dashboard logs the attempt with the failing cap and the requesting agent so you can tune the policy.

Can I cap spending per vendor?

Yes. Per-counterparty caps let you set a hard ceiling on spend to a specific merchant or wallet address (e.g. 'no more than $200/day to AWS'). Useful for capping individual SaaS subscriptions or specific wallet recipients.

Can the AI agent pay contractors in different countries?

Yes. AgentWallet routes through 17 rails — pay a contractor in Brazil on Pix, India on UPI, Europe on SEPA Instant, US on FedNow or ACH, the UK on Faster Payments — all from the same agent wallet, all under the same per-day cap.

Are caps real-time or batched?

Real-time. Caps are enforced inline by the Express process that signs the payment, so a spend that would breach the cap is rejected synchronously with an RFC 7807 problem+json response — not after the fact.