Three evaluation stages
Every operation passes through three sequential stages. A denial at any stage stops evaluation immediately.Stage 1 — Permission check
Checks whether the operation type is within the scope defined by the pact. A transfer request under a pact that only covers contract calls is denied here, before any policy rules are consulted.Stage 2 — Policy rule evaluation
Evaluates the applicable policy rules against the operation. Rules can allow, deny, or escalate to pending approval based on conditions like chain, token, destination address, contract address, or operation value. Policies apply at three scopes — global (all wallets), wallet (a specific wallet), and delegation (the active pact) — evaluated from broadest to most specific.Stage 3 — Counter check
Checks whether executing the operation would exceed any rolling window spending counters configured in the pact’s policies. Supported windows: 1 hour, 24 hours, 7 days, 30 days. See Spend Limits for details.Three outcomes
Allow — the operation passed all three stages and proceeds to execution. Require approval — a review condition was triggered. The operation is held as a pending operation and the owner is notified. The agent receives aPENDING_APPROVAL response with a pending_operation_id it can poll for the outcome. Once approved, execution proceeds automatically.
Deny — the operation was blocked. The response includes a machine-readable error code, a human-readable reason, and structured details — for example, the current counter value, the limit, and when the window resets.
Further reading
- Spend limits — rolling window counters and per-transaction caps
- Address allowlists — destination address and contract address restrictions
- Pacts — how policies are declared in a PactSpec