Policy Controls
A library of 100+ potential policy controls for AI agent wallets
Comprehensive reference for spending controls in SpendSafe policy layer. Custom policies, contribution ideas, organised by category.
About This Document
Purpose: Catalog potential policy controls for AI agent wallet management
Status: Living document—contributions welcome!
Current Implementation: See "Currently Implemented ✅" section below
Contributing: Found a missing control or have a better approach? Open an issue or submit a PR
Why Policy Controls Matter
AI agents with direct wallet access can:
- Drain funds through runaway spending
- Fall victim to prompt injection attacks
- Violate compliance requirements
- Create liability for operators
Policy controls solve this by enforcing rules before transactions are signed—without custodying keys.
How to Use This Document
For Developers
- Find controls that match your use case
- Check implementation status
- Review the API documentation for implementation guidance
- Start with Phase 2 controls for near-term wins
For Contributors
- Pick an unimplemented control
- Open an issue describing your approach
- Submit a PR with implementation + tests
- Update this document with "✅ Implemented"
For Product Teams
- Identify controls needed for your use case
- Prioritise based on risk/value
- Share feedback on missing controls
Currently Implemented ✅
Basic Spending Limits
- Per-Transaction Limit: Maximum amount per single transaction
- Daily Limit: Maximum total spending per 24-hour period (midnight reset)
- Hourly Limit: Maximum total spending per hour (UTC hour boundaries)
Recipient Controls
- Recipient Whitelist: Only allow transactions to pre-approved addresses
Velocity Controls
- Transaction Frequency: Maximum X transactions per time period (e.g., 3 per hour)
Spending & Volume Controls
Time-Based Limits
- Hourly Limit: Maximum spend per hour
- Weekly Limit: Maximum spend per 7-day rolling window
- Monthly Limit: Maximum spend per 30-day rolling window
- Quarterly/Annual Limits: Longer-term spending caps
Velocity Controls
- Transaction Frequency: Max X transactions per time period (e.g., 10 per hour)
- Cooldown Period: Minimum time between transactions
- Burst Protection: Allow short bursts but limit sustained high-volume activity
- Rate Limiting by Recipient: Max X transactions to same address per period
Amount-Based Rules
- Minimum Transaction Amount: Prevent dust/spam transactions
- Tiered Limits: Different limits based on transaction size brackets
- Progressive Limits: Limits that decrease as more is spent
- Accelerating Limits: Require additional checks above certain thresholds
Recipient Controls
Whitelists & Blacklists
- Recipient Whitelist: Only allow transactions to pre-approved addresses
- Recipient Blacklist: Block transactions to specific addresses
- Contract Interaction Whitelist: Only allow interaction with approved smart contracts
- DNS/ENS Whitelist: Only allow transactions to verified domain names
Recipient Analysis
- New Address Delays: Require waiting period for first transaction to new address
- High-Risk Address Blocking: Block known scam/hack addresses (Chainalysis integration)
- Contract Verification: Require contracts to be verified on Etherscan
- Recipient Reputation Scoring: Allow/deny based on on-chain reputation
Asset & Chain Controls
Multi-Asset Policies
- Asset-Specific Limits: Different limits for ETH vs USDC vs other tokens
- Stablecoin vs Volatile: Different rules for stable vs volatile assets
- NFT Transfer Policies: Special rules for NFT transactions
- Token Approval Limits: Max approval amounts for ERC-20 approvals
Multi-Chain Policies
- Chain-Specific Limits: Different limits per blockchain
- Bridge Transaction Rules: Special policies for cross-chain bridges
- Preferred Chains: Encourage/require using specific chains
- Chain Risk Scoring: Higher scrutiny for newer/riskier chains
Temporal Controls
Time Windows
- Operating Hours: Only allow transactions during business hours
- Weekend Restrictions: Different limits on weekends
- Holiday Freezes: Disable transactions during holidays
- Timezone-Based Rules: Adjust rules based on user's timezone
Scheduling
- Scheduled Transactions: Pre-approve transactions for future execution
- Recurring Payments: Automated recurring transfers with limits
- Embargo Periods: Block transactions during sensitive periods
Security Controls
Multi-Party Approval
- Two-Person Rule: Require approval from second party above threshold
- Multi-Signature: Require M-of-N approvals for large amounts
- Supervisor Approval: Route large transactions to human supervisor
- Delayed Execution: Enforce waiting period allowing cancellation
Fraud Detection
- Anomaly Detection: Flag unusual patterns (ML-based)
- Geo-Fencing: Block if transaction originates from unexpected location
- Device Fingerprinting: Block if different device suddenly used
- Behavioral Analysis: Compare to agent's normal transaction patterns
Risk Management
- Progressive Trust: Start with low limits, increase as agent proves reliable
- Circuit Breakers: Auto-pause if unusual activity detected
- Emergency Freeze: Admin ability to instantly freeze agent
- Rollback/Revert: Ability to reverse recent transactions (where possible)
Compliance & Regulatory
KYC/AML
- Transaction Reporting: Auto-report transactions above threshold
- Suspicious Activity Flagging: Flag potentially suspicious patterns
- Sanctions Screening: Check against OFAC and other sanctions lists
- Source of Funds: Track and verify origin of funds
Audit & Reporting
- Detailed Logging: Record all transaction attempts (success and failure)
- Compliance Reports: Generate reports for regulators
- Tax Reporting: Prepare transaction summaries for tax purposes
- Real-Time Alerts: Notify stakeholders of significant events
Jurisdictional
- Regional Restrictions: Different rules based on legal jurisdiction
- Currency Controls: Respect capital controls in certain countries
- Prohibited Activities: Block transactions related to prohibited goods/services
Agent-Specific Controls
Identity & Authentication
- Agent Identity Verification: Verify agent is who it claims to be
- API Key Rotation: Require periodic credential rotation
- Session Timeouts: Require re-authentication after inactivity
- MFA Requirements: Multi-factor auth for sensitive operations
Purpose & Context
- Transaction Purpose Tags: Require agents to tag transaction purpose
- Business Logic Validation: Ensure transaction makes business sense
- Invoice Matching: Match transactions to approved invoices
- Budget Allocation: Enforce budget categories (marketing, ops, etc.)
Learning & Adaptation
- Confidence Scores: Require higher confidence for larger amounts
- Trial Periods: Limited capabilities when agent is new
- Performance-Based Limits: Adjust limits based on agent success rate
- Feedback Loops: Learn from human approvals/rejections
Technical Controls
Gas & Fees
- Maximum Gas Price: Prevent overpaying for gas
- Gas Limit Caps: Prevent excessive computation
- Priority Fee Controls: Limit MEV/priority fees
- Fee Optimization: Require use of gas optimization services
Smart Contract Interaction
- Function Whitelist: Only allow calling specific contract functions
- Parameter Validation: Validate smart contract call parameters
- Reentrancy Protection: Prevent reentrancy attacks
- Upgrade Restrictions: Block interaction with upgradeable contracts
Network & Infrastructure
- RPC Endpoint Restrictions: Only use approved RPC providers
- Mempool Privacy: Require private mempool for sensitive transactions
- MEV Protection: Use Flashbots or similar MEV protection
- Simulation Requirements: Require transaction simulation before execution
Advanced Policy Features
Conditional Logic
- If-Then Rules: "If amount > X, then require Y"
- Combined Conditions: Multiple criteria must be met
- Exception Handling: Override rules in specific circumstances
- Policy Inheritance: Agents inherit policies from groups/organizations
Dynamic Policies
- Market-Responsive: Adjust limits based on market volatility
- Liquidity-Aware: Consider available liquidity before approving
- Time-Decay: Limits that change throughout the day
- Event-Triggered: Policies that activate on specific events
Organizational
- Department Budgets: Enforce departmental spending limits
- Project-Based: Different limits for different projects
- Cost Center Allocation: Track spending by cost center
- Hierarchical Policies: Company-wide → Department → Agent
Data & Privacy
Privacy Controls
- Data Minimization: Only collect necessary transaction data
- Encryption: Encrypt sensitive policy and transaction data
- Right to Deletion: Allow data deletion after retention period
- Anonymization: Anonymize data for analytics
Transparency
- Policy Disclosure: Agents understand what rules apply to them
- Explanation System: Explain why transactions were blocked
- Appeal Process: Allow challenging of policy decisions
- Audit Trail: Complete history of policy changes
Integration & Extensibility
External Systems
- Oracle Integration: Use price oracles for USD limits
- Banking Integration: Coordinate with traditional bank accounts
- Accounting System Sync: Push transactions to QuickBooks/Xero
- Notification Systems: Alert via Slack/email/SMS
Custom Rules Engine
- Rule Builder UI: No-code interface for creating policies
- Policy Templates: Pre-built policies for common use cases
- Policy Versioning: Track changes to policies over time
- A/B Testing: Test different policies simultaneously
AI/ML Enhancements
- Predictive Blocking: Block likely fraudulent transactions proactively
- Smart Recommendations: Suggest policy improvements
- Pattern Recognition: Identify emerging fraud patterns
- Natural Language Policies: "Block transactions over $1000 on weekends"
Emergency & Recovery
Incident Response
- Panic Button: Instantly freeze all agents
- Gradual Recovery: Slowly restore access after incident
- Post-Incident Review: Mandatory review after security events
- Lessons Learned: Update policies based on incidents
Disaster Recovery
- Backup Policies: Fallback rules if primary system fails
- Manual Override: Human ability to override in emergencies
- Degraded Mode: Reduced functionality during system issues
- Recovery Procedures: Clear process for restoring normal operations
Implementation Priority
Phase 1 (MVP - Current)
- ✅ Per-Transaction Limit
- ✅ Daily Limit
- ✅ Basic audit logging
Phase 2 (Near-Term)
- Recipient whitelist/blacklist
- Hourly/weekly limits
- Transaction frequency controls
- Asset-specific limits
Phase 3 (Medium-Term)
- Multi-party approval
- Anomaly detection
- Compliance reporting
- Time-window restrictions
Phase 4 (Long-Term)
- ML-based fraud detection
- Dynamic policy adjustment
- Advanced organizational features
- Full regulatory compliance suite
Document Version: 1.0 Last Updated: 2025-10-20 Maintainer: Wollit Team