Overview
The CLI provides full CRUD for spending policies. When you list policies, each one is tagged as [agent] (directly assigned) or [org-wide] (inherited from your organization).
Create a Policy
The interactive builder walks you through each step with descriptions:
You’ll be prompted for:
- Policy name — A descriptive label
- Policy type — 14 types available, each with an explanation
- Priority — Lower numbers are evaluated first
- Rules — Optionally add the first rule immediately
- Assignment — Assign to the current agent or leave org-wide
Policy Types
| Type | Description |
|---|
| Spend Limit | Cap per-transaction, daily, weekly, or monthly totals |
| Approval Threshold | Require human approval above a dollar amount |
| Counterparty | Allow or block specific wallet addresses |
| Category | Restrict which spend categories are permitted |
| Geographic | Block transactions involving sanctioned countries |
| Budget Allocation | Set a total budget cap for a time period |
| Expiration | Policy only active within a date range |
| Merchant | Allow or block specific merchants by address |
| Time Window | Restrict transactions to specific hours or days |
| Velocity | Rate limit: max transactions per time period |
| Whitelist | Only pre-approved addresses can receive payments |
| Composite | Combine multiple conditions with AND/OR logic |
| Contract Allowlist | Restrict to approved smart contract addresses |
| Blackout Period | Block all transactions during specific time windows |
Add Rules
Add rules to an existing policy:
conto policies add-rule <policy-id>
- Rule type — Context-aware options based on the policy type
- Operator —
<=, >=, in list, not in list, between, etc.
- Value — With smart placeholders (dollar amounts for limits, JSON arrays for lists, country codes for geographic rules)
- Action — Allow, Deny, or Require Approval
Value Examples by Rule Type
| Rule Type | Example Value | Format |
|---|
| Daily Limit | 500 | Dollar amount |
| Allowed Counterparties | ["0xabc...","0xdef..."] | JSON array of addresses |
| Geographic Restriction | ["CU","IR","KP","SY"] | JSON array of country codes |
| Trust Score | 50 | Number (0-100) |
| Date Range | {"start":"2025-01-01","end":"2025-12-31"} | JSON with ISO dates |
| Velocity Limit | 5 | Max transactions per window |
Update & Delete
# Update name, priority, or active status
conto policies update <policy-id>
# Delete (with confirmation prompt)
conto policies delete <policy-id>
# Remove a specific rule from a policy
conto policies remove-rule <policy-id> <rule-id>
Assign & Unassign
Control which policies apply to your agent:
# Assign an org policy to your agent
conto policies assign <policy-id>
# Remove a policy from your agent
conto policies unassign <policy-id>
Org-wide policies (tagged [org-wide]) cannot be unassigned — they apply to all agents in the organization. To remove them, either delete the policy or set it to inactive with conto policies update <id>.
List All Org Policies
To see every policy in the organization (not just your agent’s):
This shows the policy ID, agent count, rules, and active status for all policies.
JSON Output
All policy commands support --json:
conto policies --json
conto policies all --json
conto policies create --json # Returns created policy as JSON