Skip to main content

Spend Limit Policies

Spend limit policies control the maximum amount that can be spent per transaction, day, week, or month.

Configuration

Create a SPEND_LIMIT policy and add rules via the API: 
# Create policy
curl -X POST https://www.conto.finance/api/policies \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -d '{"name": "Spend Limits", "policyType": "SPEND_LIMIT", "priority": 50}'

# Add rules
curl -X POST https://www.conto.finance/api/policies/{policyId}/rules \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -d '{
    "rules": [
      {"ruleType": "MAX_AMOUNT", "operator": "LESS_THAN", "value": "500", "action": "ALLOW"},
      {"ruleType": "DAILY_LIMIT", "operator": "LESS_THAN", "value": "2000", "action": "ALLOW"},
      {"ruleType": "WEEKLY_LIMIT", "operator": "LESS_THAN", "value": "10000", "action": "ALLOW"},
      {"ruleType": "MONTHLY_LIMIT", "operator": "LESS_THAN", "value": "30000", "action": "ALLOW"}
    ]
  }'

Rule Types

Rule TypeDescriptionOperatorValue
MAX_AMOUNTMaximum per single transactionLESS_THANAmount (number)
DAILY_LIMITMaximum total spend per dayLESS_THANAmount (number)
WEEKLY_LIMITMaximum total spend per weekLESS_THANAmount (number)
MONTHLY_LIMITMaximum total spend per monthLESS_THANAmount (number)
BUDGET_CAPBudget with periodLESS_THAN{"amount": N, "period": "MONTHLY"}

How It Works

  1. Per-Transaction: Checked against the requested amount
  2. Daily/Weekly/Monthly: Checked against cumulative spend + requested amount

Example Evaluation

Agent: Operations Agent
Daily Limit: $1,000
Spent Today: $750

Request: $300 payment

Evaluation:
- Per-tx check: $300 < limit (pass)
- Daily check: $750 + $300 = $1,050 > $1,000 (FAIL)

Result: DENIED
Reason: "Would exceed daily limit: $250 remaining"

Wallet-Level Limits

In addition to policies, limits can be set on the agent-wallet link: 
{
  "agentId": "agent_abc",
  "walletId": "wallet_xyz",
  "spendLimitPerTx": 100,
  "spendLimitDaily": 1000,
  "spendLimitWeekly": 5000,
  "spendLimitMonthly": 15000
}
These are evaluated first, before policy rules.

Tracking Spend

The system tracks spending automatically:
  • spentToday - Resets at midnight UTC
  • spentThisWeek - Resets Monday midnight UTC
  • spentThisMonth - Resets 1st of month midnight UTC

Best Practices

Begin with low limits and increase based on operational needs:
{
  "type": "PER_TRANSACTION",
  "maxAmount": 50  // Start low
}
Use multiple limit types for defense in depth:
  • Per-tx: Prevents single large payments
  • Daily: Limits daily exposure
  • Monthly: Controls overall budget
Create different policies for different agent risk levels:
  • Low-risk agents: Higher limits
  • New agents: Lower limits until proven
  • Critical agents: Strict limits + approval

API Example

# Create spend limit policy
curl -X POST https://conto.finance/api/policies \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Standard Spend Limits",
    "policyType": "SPEND_LIMIT",
    "priority": 50,
    "isActive": true
  }'

# Add rules
curl -X POST https://conto.finance/api/policies/{policyId}/rules \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -d '{
    "rules": [
      { "ruleType": "MAX_AMOUNT", "operator": "LESS_THAN", "value": "500", "action": "ALLOW" },
      { "ruleType": "DAILY_LIMIT", "operator": "LESS_THAN", "value": "2000", "action": "ALLOW" }
    ]
  }'