get_spending_rules MCP tool) but can never modify or bypass it.
The policy engine
Each payment request passes through a staged evaluation pipeline before any money moves:- Identity — Is the API key valid, unrevoked, and scoped to this agent?
- Budget — Do the agent, its team, and its project all have sufficient remaining budget? Budgets are checked and reserved atomically, so concurrent requests can’t overspend.
- Velocity — Has the agent exceeded its hourly or daily transaction-count limits?
- Merchant rules — On the card rail, is the merchant allowed by the agent’s MCC and merchant allow/deny lists? On the wallet rail, the recipient address is validated per chain (checksum, format, supported network) instead — there is no per-recipient allowlist for wallets today.
- Approval threshold — Is the amount above the auto-approval threshold? If so, the request routes to a human instead of executing.
- Anomaly checks — Suspicious acceleration (e.g. hitting a daily velocity limit within a fraction of the day) flags the transaction for review.
Policy controls
| Control | What it does | Default |
|---|---|---|
| Total budget | Hard ceiling on lifetime spend, allocated from the team/project budget | Set at agent creation |
| Per-payment limit | Maximum amount for a single transaction | No limit |
| Daily spend limit | Maximum total spend per rolling day | No limit |
| Hourly velocity | Maximum payments per hour | Platform default cap |
| Daily velocity | Maximum payments per day | Platform default cap |
| Approval threshold | Amount above which a human must approve | Every transaction requires approval until configured |
| Merchant allowlist / denylist | Restrict which merchants the agent may pay — card rail only | All allowed unless listed |
The approval threshold has three modes: every transaction requires approval (threshold 0),
above a set amount requires approval, or never — payments auto-approve within budget. Even
in “never” mode, the total budget remains a hard ceiling and anomaly flags still route to human
review.