Skip to main content

SpendSafe Overview

SpendSafe is the control layer that lets autonomous agents spend safely without handing over keys. This page introduces the product, why spend controls matter, and how the platform fits together.

The Problem

Autonomous systems take action quickly, but become dangerous when handling money:

  • A buggy loop or compromised prompt drains wallets in minutes.
  • No built-in oversight exists when AI decides who receives payments.
  • Traditional solution: shared seed phrases create operational and compliance nightmares.

SpendSafe wraps your wallet with verifiable spending controls. Keep automation, maintain control.

What SpendSafe Does

  • Evaluates every transfer against limits you configure in the dashboard.
  • Issues cryptographically signed decision proofs for every allow/deny decision.
  • Keeps signing in your environment—private keys never reach SpendSafe.
  • Surfaces live metrics (Value Protected, decline reasons) for real-time spend monitoring.

Why Spend Controls Matter

Traditional wallet integrations give agents unrestricted signing power. One bug, exploit, or prompt injection drains funds instantly. SpendSafe inserts a policy engine between automation and blockchain:

  • Cap spending per transaction and per time window
  • Restrict recipients to pre-approved addresses
  • Audit every decision after the fact

Private keys remain under your control.

Use Cases

  • AI assistants & bots – Issue refunds, pay vendors, top up services without unlimited treasury access
  • Operations teams – Replace shared seed phrases with API-key based controls per agent
  • Embedded finance – Enforce customer-specific limits before signing transactions
  • Compliance & finance – Maintain verifiable trail of policies governing each transaction

High-Level Architecture

Agent Code ─▶ PolicyWallet SDK ─▶ SpendSafe API ─▶ Policy Engine
     │                                      │
     └───────────── signs locally ──────────┘
  1. Agent assembles transaction intent and calls SDK
  2. SDK sends intent metadata to SpendSafe policy API (Gate 1)
  3. Policy engine evaluates dashboard-configured rules
  4. If approved, SDK verifies authorisation token (Gate 2), signs locally, broadcasts; otherwise throws error

SpendSafe never sees private keys or signed payloads—only metadata for policy evaluation.

Key Features

  • Two-gate enforcement – Gate 1 validates policy rules; Gate 2 verifies the authorisation token immediately before signing.
  • Fail-closed SDK – Signatures only happen when both gates succeed; network failures or policy mismatches stop transactions automatically
  • Time-based limits – hourly, daily, and custom window caps per asset.
  • Per-transaction limits – define maximum spend per transfer.
  • Recipient whitelists – lock spending to known addresses; everything else is blocked.
  • Frequency throttles – restrict how many transactions an agent can execute per period.
  • Multi-agent management – issue unique API keys with policy group assignments for each agent or service.
  • Multi-chain support – enforce across Ethereum, Base, Solana, and any EVM-compatible chain.
  • Real-time dashboard – central control panel showing Value Protected, top decline reasons, live activity, and audit logs.
  • Decision proofs – signed records of every allow/deny so you can reconcile SDK responses with dashboard activity.

Components at a Glance

  • Dashboard – configure rules, review transactions, manage agents, and monitor metrics.
  • SpendSafe API – validates intents (POST /validate-intent) and verifies authorisations (POST /verify-authorisation).
  • PolicyWallet SDK – wraps your wallet adapter (ethers, viem, Solana, Coinbase, Dynamic, Privy) and enforces policies before signing.
  • Adapters – lightweight bridges that translate SpendSafe’s interface to your chosen wallet library.

Production Status

Production-Ready:

  • PolicyWallet SDK with EVM chains (Ethereum, Base)
  • Two-gate enforcement architecture
  • Core policy controls (daily/hourly/per-tx limits, whitelists, frequency)
  • Dashboard monitoring and rule configuration
  • Cryptographic decision proofs
  • Wallet adapter support (ethers, viem, Coinbase, Dynamic, Privy)

Solana Support:

  • Solana wallet adapter: production-ready
  • Policy engine validation: EVM only (Ethereum, Base, etc.)
  • Solana policy validation: roadmap

Supported Assets (Policy Engine):

  • Native: ETH, WETH
  • Stablecoins: USDC, USDT, DAI
  • Other: WBTC
  • Any ERC-20 token (via contract address)

Next Steps

  • Quick Start: Create agent, add rules, send first policy-enforced transaction.
  • SDK Guide: API documentation and method reference the PolicyWallet SDK.
  • Core Concepts: Two-gate model: Gate 1/Gate 2, fingerprints, and hashes work.
  • Security & Trust Model: Security guarantees: fail-closed guarantees, decision proofs, roadmap.