Advanced Policies
Advanced policy types and the rule engine for complex business requirements.
Policy Rules
Each policy consists of one or more rules. Rules define specific conditions and actions:
Rule Structure
{
"ruleType": "SINGLE_AMOUNT",
"operator": "GREATER_THAN",
"value": "{\"amount\": 500}",
"action": "REQUIRE_APPROVAL"
}
| Field | Description |
|---|
ruleType | Type of condition (see below) |
operator | Comparison operator |
value | JSON-encoded value for comparison |
action | ALLOW, DENY, or REQUIRE_APPROVAL |
Supported Rule Types
| Rule Type | Description | Example Value |
|---|
MAX_AMOUNT | Per-transaction amount | "500" |
DAILY_LIMIT | Daily spend cap | "1000" |
WEEKLY_LIMIT | Weekly spend cap | "5000" |
MONTHLY_LIMIT | Monthly spend cap | "20000" |
BUDGET_CAP | Budget allocation | "{\"amount\": 50000, \"period\": \"MONTHLY\"}" |
TIME_WINDOW | Time window restriction | "{\"start\": \"09:00\", \"end\": \"18:00\"}" |
DAY_OF_WEEK | Day restriction | "[\"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\"]" |
DATE_RANGE | Temporal validity | "{\"start\": \"2024-01-01\", \"end\": \"2024-03-31\"}" |
BLACKOUT_PERIOD | Block during windows | "{\"windows\": [{\"start\": \"02:00\", \"end\": \"06:00\", \"reason\": \"Maintenance\"}]}" |
ALLOWED_CATEGORIES | Allowed categories | "[\"software\", \"infrastructure\"]" |
BLOCKED_CATEGORIES | Blocked categories | "[\"gambling\", \"adult\"]" |
ALLOWED_COUNTERPARTIES | Allowed addresses | "[\"0x123...\", \"0x456...\"]" |
BLOCKED_COUNTERPARTIES | Blocked addresses | "[\"0xdead...\"]" |
VELOCITY_LIMIT | Transaction frequency | "{\"maxCount\": 10, \"period\": \"HOUR\"}" |
REQUIRE_APPROVAL_ABOVE | Approval threshold | "2500" |
GEOGRAPHIC_RESTRICTION | Blocked countries | "[\"CU\", \"IR\", \"KP\", \"SY\", \"RU\"]" |
TRUST_SCORE | Min trust score | "70" |
COUNTERPARTY_STATUS | Trust level requirement | "{\"status\": \"TRUSTED\"}" |
CONTRACT_ALLOWLIST | Allowed contracts | "{\"contracts\": [\"0x...\"], \"protocols\": [\"uniswap\"]}" |
Supported Operators
| Operator | Aliases | Description |
|---|
EQUALS | EQ | Exact match |
NOT_EQUALS | NEQ | Not equal |
GREATER_THAN | GT | Greater than |
GREATER_THAN_OR_EQUAL | GTE, GREATER_THAN_OR_EQUALS | Greater or equal |
LESS_THAN | LT | Less than |
LESS_THAN_OR_EQUAL | LTE, LESS_THAN_OR_EQUALS | Less or equal |
IN | IN_LIST | Value in list |
NOT_IN | NOT_IN_LIST | Value not in list |
BETWEEN | - | Within range |
NOT_BETWEEN | - | Outside range |
Rule Actions
ALLOW - If condition matches, allow the transactionDENY - If condition matches, block the transactionREQUIRE_APPROVAL - If condition matches, require manual approval
Example: High-Value Approval Rule
Block transactions over $500 unless manually approved:
{
"name": "High Value Transaction Review",
"policyType": "APPROVAL_THRESHOLD",
"priority": 80,
"rules": [
{
"ruleType": "SINGLE_AMOUNT",
"operator": "GREATER_THAN",
"value": "{\"amount\": 500}",
"action": "REQUIRE_APPROVAL"
}
]
}
Geographic Restrictions (OFAC)
Block transactions to sanctioned countries:
curl -X POST https://www.conto.finance/api/policies/{policyId}/rules \
-H "Authorization: Bearer $CONTO_API_KEY" \
-d '{
"rules": [{
"ruleType": "GEOGRAPHIC_RESTRICTION",
"operator": "IN_LIST",
"value": "[\"NK\", \"IR\", \"SY\", \"CU\", \"RU\"]",
"action": "DENY"
}]
}'
OFAC Sanctioned Countries
| Code | Country |
|---|
| CU | Cuba |
| IR | Iran |
| KP | North Korea |
| SY | Syria |
| RU | Russia |
| BY | Belarus |
| MM | Myanmar |
| VE | Venezuela |
Always consult legal counsel for compliance requirements. This is not legal advice.
Approval Thresholds
Require manual approval above certain amounts:
{
"policyType": "APPROVAL_THRESHOLD",
"rules": [
{
"type": "AMOUNT_THRESHOLD",
"threshold": 500,
"approvers": ["admin", "finance"]
}
]
}
- Payment returns
REQUIRES_APPROVAL
- Approvers are notified
- Payment held until approved or denied
Velocity Limits
Control transaction frequency:
curl -X POST https://www.conto.finance/api/policies/{policyId}/rules \
-H "Authorization: Bearer $CONTO_API_KEY" \
-d '{
"rules": [
{
"ruleType": "VELOCITY_LIMIT",
"operator": "LESS_THAN",
"value": "{\"maxCount\": 10, \"period\": \"HOUR\"}",
"action": "ALLOW"
},
{
"ruleType": "VELOCITY_LIMIT",
"operator": "LESS_THAN",
"value": "{\"maxAmount\": 1000, \"period\": \"DAILY\"}",
"action": "ALLOW"
}
]
}'
Velocity counting is per-wallet, per-agent. It counts transactions with status CONFIRMED or PENDING. The current transaction is included in the count (+1).
- Prevent rapid drain attacks
- Detect unusual patterns
- Rate limit agent activity
Category Restrictions
Allow or block specific categories:
curl -X POST https://www.conto.finance/api/policies/{policyId}/rules \
-H "Authorization: Bearer $CONTO_API_KEY" \
-d '{
"rules": [
{
"ruleType": "BLOCKED_CATEGORIES",
"operator": "IN_LIST",
"value": "[\"gambling\", \"adult\", \"weapons\"]",
"action": "DENY"
},
{
"ruleType": "ALLOWED_CATEGORIES",
"operator": "IN_LIST",
"value": "[\"infrastructure\", \"ai_services\", \"marketing\"]",
"action": "ALLOW"
}
]
}'
Category matching is case-insensitive. If no category is provided in the payment request, ALLOWED_CATEGORIES rules with ALLOW action are skipped (not denied).
Budget Allocations
Allocate budgets by department or project:
{
"policyType": "BUDGET_ALLOCATION",
"rules": [
{
"type": "DEPARTMENT_BUDGET",
"department": "ENGINEERING",
"monthlyBudget": 50000,
"rollover": false
},
{
"type": "PROJECT_BUDGET",
"projectId": "PROJECT_123",
"totalBudget": 100000
}
]
}
Expiration Policies
Time-limited permissions:
{
"policyType": "EXPIRATION",
"rules": [
{
"type": "VALID_UNTIL",
"expiresAt": "2024-12-31T23:59:59Z"
},
{
"type": "VALID_BETWEEN",
"startDate": "2024-01-01",
"endDate": "2024-03-31"
}
]
}
- Temporary elevated access
- Contract-based limits
- Trial periods
Composite Policies
Combine multiple conditions with AND/OR logic:
{
"policyType": "COMPOSITE",
"rules": [
{
"type": "AND",
"conditions": [
{ "type": "AMOUNT_LESS_THAN", "amount": 1000 },
{ "type": "CATEGORY_IS", "category": "INFRASTRUCTURE" }
]
},
{
"type": "OR",
"conditions": [
{ "type": "TRUSTED_COUNTERPARTY" },
{ "type": "MANUAL_OVERRIDE" }
]
}
]
}
Example: High-Security Agent
Complete configuration for a high-security agent:
[
{
"name": "OFAC Compliance",
"policyType": "GEOGRAPHIC",
"priority": 100,
"rules": [{ "type": "BLOCK_COUNTRIES", "countries": ["NK","IR","SY","CU","RU"] }]
},
{
"name": "Whitelist Only",
"policyType": "WHITELIST",
"priority": 90,
"rules": [{ "type": "ADDRESS_WHITELIST", "addresses": ["0x..."] }]
},
{
"name": "Strict Limits",
"policyType": "SPEND_LIMIT",
"priority": 80,
"rules": [
{ "type": "PER_TRANSACTION", "maxAmount": 100 },
{ "type": "DAILY", "maxAmount": 500 }
]
},
{
"name": "All Require Approval",
"policyType": "APPROVAL_THRESHOLD",
"priority": 70,
"rules": [{ "type": "AMOUNT_THRESHOLD", "threshold": 0 }]
}
]
Bulk Policy Operations
Create Multiple Policies
curl -X POST https://conto.finance/api/policies/bulk \
-H "Authorization: Bearer $CONTO_API_KEY" \
-d '{
"policies": [
{ "name": "Policy 1", "policyType": "SPEND_LIMIT", ... },
{ "name": "Policy 2", "policyType": "TIME_WINDOW", ... }
]
}'
Assign to Multiple Agents
curl -X PUT https://conto.finance/api/policies/bulk \
-H "Authorization: Bearer $CONTO_API_KEY" \
-d '{
"assignments": [
{ "policyId": "policy_1", "agentIds": ["agent_a", "agent_b"] },
{ "policyId": "policy_2", "agentIds": ["agent_c"] }
]
}'
