Guardrails

Policies that travel
with the agent.

Control exactly how much, where, and when your agents can spend. If a transaction falls out of bounds, it hits an approval queue. You hold the override keys.

Three Caps. One Gate.

Every wallet action evaluates three velocity caps in this order: per-transaction, daily (rolling 24h), and monthly (rolling 30d). If any is exceeded, the action is blocked or routed to an approval queue.

  • Evaluated atomically in <50ms
  • Immutable across all rails (Card, ACH, USDC)
  • Applies to MCP tool calls before execution
// Policy Gate Code (Verbatim internal implementation)
async function checkLimits(agent, amountCents) { if (amountCents > agent.perTxnLimitCents) return { ok: false, reason: 'PER_TXN_EXCEEDED' }; const [daily, monthly] = await Promise.all([ spentSince(agent.id, '24h'), spentSince(agent.id, '30d') ]); if (daily + amountCents > agent.dailyLimitCents) return { ok: false, reason: 'DAILY_EXCEEDED' }; if (monthly + amountCents > agent.monthlyLimitCents) return { ok: false, reason: 'MONTHLY_EXCEEDED' }; return { ok: true }; }

Approval Routing & Overrides

When a transaction hits a threshold, the agent pauses. The assigned Principal gets pinged. They tap approve, and the agent resumes.

WhatsApp · Just now
A
AgentWallet
Approval Required
triage-bot-01 is requesting spend
$1,200.00
Vendor: Amazon Web Services
Reason: Threshold exceeded ( >$1000 )
Rail: Virtual Card

Notification Paths

Route approvals where your team already works. We support push notifications via the iOS app, SMS, Email, Slack channels, and WhatsApp Business.

Manager Chains

Build multi-hop routing. If spend is >$5k, route to the direct manager. If >$50k, require multi-sig (2-of-3) from the finance team.

Force-Approve Override

Admins and Principals can force-approve flagged transactions instantly from the dashboard or CLI. Operators with the `admin.force_approve` permission can unblock an agent when a Principal is unreachable. Every override is double-logged.

Define policies as code.

Inject policy JSON during provisioning or update it on the fly.

const
policy = {
"velocity": {
"per_txn_usd": 1000,
"daily_usd": 5000,
"monthly_usd": 20000
},
"merchants": {
"allowlist": ["openai.com", "anthropic.com", "aws.amazon.com"],
"mcc_blocks": [7995, 6051] // gambling, crypto
},
"geofence": {
"allowed_countries": ["US", "CA", "GB", "EU"]
},
"approvals": {
"auto_approve_under_usd": 50,
"require_human_over_usd": 1000
}
};

Compare us to the alternatives.