DEV Community

Cover image for SPENDING_LIMIT Policy: Cap Your AI Agent's Daily Transaction Volume
Wallet Guy
Wallet Guy

Posted on

SPENDING_LIMIT Policy: Cap Your AI Agent's Daily Transaction Volume

#ai #blockchain #security #web3

Setting spending limits for AI trading bots isn't just good practice—it's essential. When your AI agent has direct wallet access, one misconfigured algorithm or unexpected market condition could drain your entire portfolio in minutes.

The stakes are real. AI agents need transaction capabilities to be useful, but unlimited access creates unlimited risk. Traditional bot frameworks either give agents full wallet control or require manual approval for every transaction—neither scales for autonomous trading or DeFi operations.

Why Spending Limits Matter for AI Agents

Unlike human traders who naturally hesitate before large transactions, AI agents execute commands with mechanical precision. They don't second-guess a $50,000 swap or question whether a leverage position makes sense. This reliability is valuable, but it becomes dangerous when combined with bugs, market manipulation, or unexpected edge cases.

Consider what happens when an AI agent:

  • Misinterprets price data due to an oracle attack
  • Gets stuck in a trading loop due to slippage miscalculation
  • Receives malicious input designed to trigger large transactions
  • Encounters a smart contract bug that drains approved tokens

Without spending controls, any of these scenarios can result in total fund loss. The solution isn't to eliminate AI agents—it's to implement proper guardrails that preserve autonomy while limiting blast radius.

WAIaaS SPENDING_LIMIT Policy: 4-Tier Security

WAIaaS implements spending limits through a 4-tier security model that automatically escalates based on transaction size. Each tier provides different levels of friction, from instant execution to human approval.

The Four Security Tiers

INSTANT - Execute immediately, no notification
NOTIFY - Execute immediately, send notification

DELAY - Queue for specified seconds, then execute (cancellable)
APPROVAL - Require human approval via WalletConnect, Telegram, or push notification

Here's how to configure a SPENDING_LIMIT policy:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 500,
      "monthly_limit_usd": 5000
    }
  }'
Enter fullscreen mode Exit fullscreen mode

This configuration creates automatic escalation:

  • Transactions ≤ $10: Execute instantly
  • Transactions ≤ $100: Execute with notification
  • Transactions ≤ $1,000: Wait 5 minutes, then execute (cancellable)
  • Transactions > $1,000: Require explicit human approval

Token-Specific Limits

You can set different limits for specific tokens, useful when you want tighter controls on volatile assets:

{
  "instant_max_usd": 100,
  "notify_max_usd": 500,
  "delay_max_usd": 2000,
  "delay_seconds": 900,
  "daily_limit_usd": 5000,
  "monthly_limit_usd": 20000,
  "token_limits": {
    "native:solana": {
      "instant_max": "0.1",
      "notify_max": "1.0", 
      "delay_max": "5.0"
    },
    "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v": {
      "instant_max": "50",
      "notify_max": "200",
      "delay_max": "1000"
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

This allows $100 USDC transfers to execute instantly, while limiting SOL transfers to 0.1 SOL ($20-30) for instant execution.

Default-Deny Architecture

WAIaaS follows a default-deny security model. Beyond spending limits, your agent can't interact with tokens or contracts unless explicitly permitted. This prevents common attack vectors where malicious inputs trick agents into approving unknown tokens or calling dangerous contracts.

ALLOWED_TOKENS Policy 

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {
          "address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
          "symbol": "USDC",
          "chain": "solana"
        }
      ]
    }
  }'
Enter fullscreen mode Exit fullscreen mode

Without this whitelist, token transfer attempts are blocked regardless of spending limits.

CONTRACT_WHITELIST Policy 

{
  "contracts": [
    {
      "address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
      "name": "Jupiter",
      "chain": "solana"
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

This prevents your agent from interacting with unknown smart contracts, even if an attacker manages to inject malicious contract addresses.

3-Layer Security Architecture

WAIaaS implements three distinct security layers:

Layer 1: Session Authentication
AI agents use JWT tokens with configurable TTL and renewal limits. Tokens can be revoked instantly if suspicious activity is detected.

Layer 2: Policy Engine

All transactions pass through 21 policy types with 4 security tiers. Policies are evaluated in real-time with default-deny enforcement.

Layer 3: Human Oversight
Time delays and approval requirements provide kill switch capabilities. Owners can cancel delayed transactions or approve/reject pending ones via WalletConnect, Telegram, or push notifications.

Setting Up Spending Limits

Step 1: Create a Wallet 

curl -X POST http://127.0.0.1:3100/v1/wallets \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{"name": "trading-wallet", "chain": "solana", "environment": "mainnet"}'
Enter fullscreen mode Exit fullscreen mode

Step 2: Configure SPENDING_LIMIT Policy 

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT", 
    "rules": {
      "instant_max_usd": 50,
      "notify_max_usd": 200,
      "delay_max_usd": 1000,
      "delay_seconds": 600,
      "daily_limit_usd": 2000
    }
  }'
Enter fullscreen mode Exit fullscreen mode

Step 3: Create Session for AI Agent 

curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{"walletId": "<wallet-uuid>"}'
Enter fullscreen mode Exit fullscreen mode

Step 4: Test Transaction Tiers 

# This executes instantly (under $50)
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.001"
  }'

# This queues for 10-minute delay (over $1000)
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER", 
    "to": "recipient-address",
    "amount": "5.0"
  }'
Enter fullscreen mode Exit fullscreen mode

Step 5: Set Up Notifications

Configure WalletConnect for mobile approvals or Telegram for notifications:

waiaas notification setup --provider telegram --token <bot-token>
Enter fullscreen mode Exit fullscreen mode

Advanced Policy Combinations

Spending limits work best when combined with other policy types. Here are common patterns:

Trading Bot Configuration

  • SPENDING_LIMIT: $100 instant, $500 notify, $2000 delay
  • ALLOWED_TOKENS: USDC, USDT, major trading pairs only
  • CONTRACT_WHITELIST: Jupiter, Orca, major DEXes only
  • RATE_LIMIT: Maximum 50 transactions per hour

DeFi Yield Farming

  • SPENDING_LIMIT: $200 instant for small position adjustments
  • LENDING_LTV_LIMIT: Maximum 70% loan-to-value ratio
  • LENDING_ASSET_WHITELIST: SOL, ETH, stablecoins only
  • TIME_RESTRICTION: No transactions outside business hours

Cross-Chain Bridge Bot

  • SPENDING_LIMIT: $500 instant, $2000 delay
  • ALLOWED_NETWORKS: Ethereum, Polygon, Arbitrum only
  • CONTRACT_WHITELIST: LI.FI, Across Protocol only
  • X402_ALLOWED_DOMAINS: Bridge API endpoints only

Monitoring and Alerts

WAIaaS provides real-time monitoring of policy violations and spending patterns:

# Check current policy status
curl http://127.0.0.1:3100/v1/policies \
  -H "Authorization: Bearer wai_sess_<token>"

# View pending transactions (DELAY tier)
curl http://127.0.0.1:3100/v1/transactions?status=PENDING \
  -H "Authorization: Bearer wai_sess_<token>"

# Cancel a delayed transaction
curl -X POST http://127.0.0.1:3100/v1/transactions/<tx-id>/cancel \
  -H "X-Owner-Signature: <signature>" \
  -H "X-Owner-Message: <message>"
Enter fullscreen mode Exit fullscreen mode

The notification system sends alerts for:

  • NOTIFY tier transactions (immediate notification)
  • DELAY tier transactions (countdown notification)
  • APPROVAL tier transactions (approval request)
  • Policy violations and failed transactions
  • Daily/monthly spending limit approaching

What's Next

Implementing spending limits is just the first step in securing AI agent wallets. The policy engine supports 21 policy types for comprehensive risk management, from time restrictions to contract whitelists to DeFi-specific protections.

Ready to implement spending controls for your AI agents? Check out the WAIaaS GitHub repository for the complete setup guide, or visit waiaas.ai to learn about the full security framework.

Top comments (0)