Skip to main content

Policies API

Manage policies for individual agents. Policies are evaluated before every signing operation.

Get Policies

Returns all policies for an agent. 
GET /agents/:agentId/policies
Auth: Tenant API key or agent JWT Response: 
{
  "ok": true,
  "data": [
    {
      "id": "spending-limit-1",
      "type": "spending-limit",
      "enabled": true,
      "config": {
        "maxPerTransaction": "100000000000000000",
        "maxPerDay": "500000000000000000"
      }
    },
    {
      "id": "approved-addrs-1",
      "type": "approved-addresses",
      "enabled": true,
      "config": {
        "addresses": ["0x1111111254EEB25477B68fb85Ed929f73A960582"]
      }
    }
  ]
}

const policies = await steward.getPolicies("my-agent");

Set Policies

Replaces all policies for an agent. 
PUT /agents/:agentId/policies
Auth: Tenant API key or agent JWT
This endpoint replaces the entire policy set. Always send the complete list of policies you want the agent to have.
Request Body: 
Array<{
  id?: string;        // Unique ID (auto-generated if omitted)
  type: string;       // Policy type
  enabled: boolean;   // Active or inactive
  config: object;     // Type-specific configuration
}>
Valid policy types:
TypeDescription
spending-limitMax value per tx, per day, per week
approved-addressesWhitelist of allowed destination addresses
auto-approve-thresholdAuto-approve below this value; queue above
time-windowRestrict to specific hours
rate-limitMax transactions per minute/hour
allowed-chainsRestrict to specific chain IDs
Response: 
{
  "ok": true,
  "data": [
    {
      "id": "spending-limit-1",
      "type": "spending-limit",
      "enabled": true,
      "config": { "maxPerTransaction": "100000000000000000" }
    }
  ]
}

await steward.setPolicies("my-agent", [
  {
    id: "spending-limit",
    type: "spending-limit",
    enabled: true,
    config: {
      maxPerTransaction: "100000000000000000",
      maxPerDay: "500000000000000000",
    },
  },
  {
    id: "approved-addrs",
    type: "approved-addresses",
    enabled: true,
    config: {
      addresses: ["0x1111111254EEB25477B68fb85Ed929f73A960582"],
    },
  },
]);

Validation

The API validates each policy:
  • type must be one of the valid types listed above
  • enabled must be a boolean
  • config must be a non-null object
Invalid policies return 400: 
{
  "ok": false,
  "error": "Unknown policy type \"invalid-type\" — supported types: spending-limit, approved-addresses, auto-approve-threshold, time-window, rate-limit, allowed-chains"
}