Skip to main content
LearnGlossaryAgent spend policy
GLOSSARY

What is an agent spend policy.

DEFINITION

An agent spend policy is the set of rules attached to an AI-agent wallet that govern what the agent is allowed to pay - a per-period allowance (daily, weekly, or monthly), a per-transaction cap, and a validity window of start and end dates. The policy is set in the dashboard and enforced at the wallet API layer (outside the agent's manipulable scope), checked on every payment before it settles. The API exposes it read-only.

WHY IT MATTERS

The only thing that makes autonomous payment safe.

Without a spend policy, giving an agent a wallet is giving an LLM unlimited access to a dollar-denominated checkbook. Two failure modes are inevitable. The first is the runaway loop: an agent's planner gets stuck retrying a paid tool and burns the workspace's balance in minutes. The second is prompt injection: an attacker convinces the agent to pay an attacker-controlled wallet under the cover of looking like a normal task.

A spend policy bounds both failure modes by construction. The runaway loop exhausts the period allowance and stops. The injected payment exceeds the per-transaction cap (or the remaining allowance) and never settles. The agent does not need to be perfectly trustworthy because the wallet refuses to settle anything outside the policy. This is the difference between 'agents that pay' being usable in production and being an experiment.

HOW IT WORKS

Configure once, evaluate every call.

  1. Configure. The human user sets the policy in the dashboard: a per-period allowance, a per-transaction cap, and an optional validity window (start and end dates). The API exposes the policy read-only; changes are audit-logged.
  2. Bind to identity. The policy attaches to the agent's payment identity. Multi-agent workspaces have one policy per agent, plus optionally a workspace-level cap that bounds the sum.
  3. Evaluate on every intent. When the agent submits a payment intent (typically driven by a 402 response), the wallet API runs the policy: check the per-transaction cap, check the remaining period allowance, check the validity window.
  4. Settle or reject. If all checks pass, the wallet settles the payment and decrements the remaining allowance. If any check fails, the wallet rejects the payment (it exceeds a limit or falls outside the window) and does not settle.
  5. Audit. Every accepted and every rejected intent is logged with the policy decision attached. The human can review the log at any time to see what the agent attempted and what the policy allowed through.

The policy is the same kind of object regardless of how many agents share the wallet. Per-agent policies isolate budgets cleanly; a workspace policy at the parent level applies a strict ceiling across all child agents combined.

EXAMPLES

Three policy shapes we see in production.

EXAMPLE 1

Per-agent daily cap with single-call ceiling

A research agent has a $5/day cap and a $0.50/call ceiling. It can make 10 calls of $0.50, or 100 calls of $0.05, or any combination under the daily total. A surprise $2.00 invoice from a tool gets rejected at the call ceiling before it ever settles. Both limits enforce simultaneously; the tighter one wins per call.

EXAMPLE 2

Receive-only lockdown

An agent that only ever receives payments has its allowance and per-transaction cap both set to zero. It can be paid by anyone at any time, but it cannot send USDC at all - regardless of what its code or a prompt injection tries to make it do. Setting both limits to zero is the strongest defense against prompt-injection-driven payment redirection: the wallet refuses every outgoing payment.

EXAMPLE 3

Time-boxed engagement window

A contractor agent is given a spend permission that is valid only for the engagement's 30-day window (a start and end date). Within the window it can spend up to its weekly allowance; after the end date the permission expires and no further payment settles, without anyone having to remember to turn it off.

FAQ

Three common questions.

What is the difference between a spend policy and a rate limit?

A rate limit governs the count of calls; a spend policy governs the dollar value across calls. An agent can be rate-limited to 100 calls per minute but still bankrupt its workspace if those calls each cost $1 and the agent makes them for an hour. A spend policy caps the dollar exposure regardless of call count. The two controls complement each other - rate limits prevent denial-of-service on the agent runtime, spend policies prevent denial-of-funds on the agent's wallet.

Where is the policy enforced - in the agent code or in the wallet?

In the wallet, on the payment API layer. Enforcing it in the agent code would mean any prompt-injection attack that bypasses the agent's planner also bypasses the budget. By enforcing it in the wallet API, the policy is outside the agent's manipulable scope. The agent submits a payment intent; the wallet evaluates the intent against the policy; the wallet either settles or rejects. The agent cannot raise its own limits.

Can the user adjust the policy mid-flight if a legitimate spend is being rejected?

Yes, but only the human user (or another authorized human) can adjust it - never the agent itself. The wallet's admin panel exposes the policy editor; changes are audit-logged with who-and-when. This keeps the agent inside guardrails by default while giving the human the override they need when a legitimate larger spend comes up. The agent does not get a way to ask 'please raise my limit' inside its planning loop, because that would defeat the purpose of having a limit.
Last reviewed: 2026-05-15. Published under CC BY 4.0.

Give your agent a budget envelope.

Per-period allowances and per-transaction caps, set in the dashboard. Free to start.