Skip to main content
A pact is the agreement between the wallet owner and your runtime. It captures the program’s intent, the execution plan, the policy boundaries the owner enforces, and when the authority expires. When the owner approves a pact, Cobo Agentic Wallet creates a scoped delegation with enforced policies so the runtime can operate, but only within the approved boundaries.

How pacts work

The pact flow has three phases: propose, approve, operate. 
1. Runtime proposes a pact
   └── "I want to DCA $500/week into ETH on Base for 3 months"
   └── Specifies: spending limits, allowed contracts, and completion conditions

2. You review and approve
   └── Pact appears in the Cobo Agentic Wallet app
   └── You see the intent, execution plan, and spending rules
   └── You can revise the policies before approving
   └── Approve → runtime gets scoped access. Reject → nothing happens.

3. Runtime operates within the pact
   └── Every transaction is checked against the pact's policies
   └── Exceeds a limit → denied with a clear reason
   └── Exceeds your threshold → paused for your approval
   └── Completion conditions are met or the owner revokes → access removed automatically

What a pact contains

For the conceptual overview of the four elements, see What is a pact. The following table maps those elements to PactSpec fields:
FieldWhat it controls
IntentA plain-language description of what the runtime wants to do — e.g., “DCA $500/week into ETH on Base for 3 months”
Execution planA detailed markdown plan explaining the runtime’s strategy, steps, and rationale — helps the owner understand how the program intends to accomplish the intent
PoliciesSpending rules — per-transaction limits, daily/weekly budgets, allowed chains/tokens/contracts
Completion conditionsConditions that end the pact automatically — e.g., after 12 transactions, $6,000 total spent, or 90 days elapsed

Example PactSpec

A DCA trader pact that allows weekly $500 ETH purchases on Base for 3 months: 
{
  "policies": [
    {
      "name": "allow-uniswap-base",
      "type": "contract_call",
      "rules": {
        "effect": "allow",
        "when": {
          "chain_in": ["BASE_ETH"],
          "target_in": [{
            "chain_id": "BASE_ETH",
            "contract_addr": "0x2626664c2603336E57B271c5C0b26F421741e481"
          }]
        },
        "review_if": {
          "amount_usd_gt": "500"
        }
      }
    },
    {
      "name": "deny-excessive-spending",
      "type": "contract_call",
      "rules": {
        "effect": "allow",
        "when": {
          "chain_in": ["BASE_ETH"]
        },
        "deny_if": {
          "amount_usd_gt": "550",
          "usage_limits": {
            "rolling_24h": { "amount_usd_gt": "600", "tx_count_gt": 5 }
          }
        }
      }
    }
  ],
  "completion_conditions": [
    { "type": "time_elapsed", "threshold": "7776000" },
    { "type": "tx_count", "threshold": "12" }
  ]
}

Pact lifecycle

A pact moves through these states: 
  Submit ──► PENDING_APPROVAL
                  |
             ┌────┴────┐
      approved│        │rejected
             v        v
          ACTIVE   REJECTED
         ┌──┬──┐
         │  │  │
  done ◄─┘  │  └─► owner revokes ──► REVOKED
   v        v
COMPLETED  EXPIRED
StateWhat it means
PENDING_APPROVALRuntime submitted the pact. Waiting for owner approval in the Cobo Agentic Wallet app.
ACTIVEOwner approved. The runtime now has a scoped delegation and API key to operate within the pact’s boundaries.
REJECTEDOwner rejected the pact. No access was granted.
COMPLETEDA completion condition was met (e.g., 12 transactions completed). Access revoked automatically.
EXPIREDThe pact expired because approval timed out or a time-based completion condition elapsed. Access revoked automatically.
REVOKEDOwner revoked the pact manually. Access revoked immediately.
When a pact reaches any terminal state (COMPLETED, EXPIRED, REVOKED), the delegation and its pact-scoped API key are both revoked. The runtime can no longer submit onchain operations.

Pact, delegation, and policy relationship

When you approve a pact, Cobo Agentic Wallet creates the underlying infrastructure automatically: 
Pact (what you approve)

  ├── Delegation (scoped access grant)
  │     └── derived scope, wallet, operator, expiry

  ├── Inline policies (spending rules)
  │     └── transfer limits, contract allowlists, rolling budgets

  └── Pact-scoped API key (operator credential)
        └── bound to the delegation, returned only to the runtime
You don’t need to create delegations or policies manually when using pacts — the pact does it for you.

Submit a pact

# Submit a pact with inline policies and completion conditions
caw pact submit \
  --intent "DCA $500/week into ETH on Base for 3 months" \
  --execution-plan "Weekly automated ETH purchases via Uniswap on Base for 3 months." \
  --policies '[{"name":"allow-uniswap-base","type":"contract_call","rules":{"effect":"allow","when":{"chain_in":["BASE_ETH"],"target_in":[{"chain_id":"BASE_ETH","contract_addr":"0x2626664c2603336E57B271c5C0b26F421741e481"}]},"review_if":{"amount_usd_gt":"500"}}}]' \
  --completion-conditions '[{"type":"tx_count","threshold":"12"}]'
Required flags are --intent, --execution-plan, --policies, and --completion-conditions. The wallet UUID is resolved from the active wallet profile. Poll for status after submission:

Check pact status

# Show full pact detail
caw pact show <PACT_ID>

# Check status (also triggers lazy activation)
caw pact status <PACT_ID>

# List all pacts
caw pact list

# List active pacts only
caw pact list --status active

Revoke a pact

caw pact revoke <PACT_ID>
Revoking immediately revokes the delegation and invalidates the pact-scoped API key.

Approval experience

When your runtime submits a pact, the owner receives a notification in the Cobo Agentic Wallet app. The approval screen shows:
  • Intent — what the agent wants to do, in plain language
  • Execution plan — the agent’s detailed strategy and steps, so you understand the reasoning
  • Policy scope proposed — what transactions and contract calls the pact would allow in practice
  • Spending rules — per-transaction limits, daily budgets, allowed chains and contracts
  • Duration — how long the pact lasts
  • Completion conditions — what triggers automatic completion
You can approve, reject, or revise before approving. If the agent’s proposed policies are too broad (or too narrow), you can adjust them directly before granting access — the agent will operate under your revised terms, not its original proposal. You can also revoke an active pact at any time.

When to use pacts vs. manual delegation

ScenarioUse
Agent needs temporary, scoped access for a specific taskPact — auto-expires, auto-revokes on completion
You want to review what the agent is asking for before granting accessPact — the approval flow shows you exactly what’s being requested
Permanent or long-lived delegation managed by an adminManual delegation — create directly via API or CLI
Programmatic setup without human approvalManual delegation — no approval step required

Pact events

Every pact records lifecycle events that you can query: 
caw pact events <PACT_ID>
Events include: submitted, activated, rejected, completed, expired, revoked. Each event records a timestamp and relevant details.

Policy Engine

Deep dive into policy rules — the spending limits enforced by pacts.

Create Delegation

Understand delegations — the access grants created when pacts are approved.