Show HN: Agent Spending Controls – Enforce spending limits without custody

2 weeks ago 2

Non-custodial policy layer for AI agent wallets

Give your AI agents the ability to make payments whilst enforcing spending limits—without custodying keys.

AI agents need to make autonomous payments, but developers face a dilemma:

Give agents direct wallet access → Risk of runaway spending, no oversight, compliance gaps
Use custodial solutions → Liability, trust issues, regulatory complications
Build custom controls → Weeks of engineering, security risks, maintenance burden

We solve this: A non-custodial policy layer that wraps any wallet SDK, enforcing spending limits without ever touching your keys.

Real-time monitoring of multiple agents with different spending policies

Detailed audit trail showing ALLOWED and BLOCKED transactions

git clone https://github.com/L1AD/agent-spending-controls.git cd agent-spending-controls npm install

Runs on http://localhost:3001

3. Start the Dashboard (in a new terminal)

Open http://localhost:3002 to see real-time monitoring.

4. Run the Demo (in a new terminal)

⚠️ POC Mode: This demo runs in dry-run mode and does not execute real blockchain transactions. Policy enforcement (Gates 1 & 2) runs completely, but blockchain execution is simulated to avoid needing funded wallets. This demonstrates the policy layer without requiring gas fees.

This demonstrates:

🤖 3 agents with different spending limits (conservative, moderate, generous)
✅ Transactions being ALLOWED based on policy
❌ Transactions being BLOCKED when limits exceeded
📊 Real-time counter tracking and dashboard updates
🔒 Two-gate enforcement with tamper protection
💸 Simulated transaction execution (real blockchain code available but commented out)

Two-Gate Enforcement Model

Developer Code │ │ wallet.send(intent) ▼ ┌────────────────────────────────────────┐ │ Policy SDK (Your Machine) │ │ │ │ 🚪 GATE 1: Validate Intent │ ◄── Check policy, issue token │ 🚪 GATE 2: Verify Authorisation │ ◄── Verify token, consume it │ 🔐 WDK: Sign & Broadcast │ ◄── You keep the keys └────────────────────────────────────────┘ │ └──► Blockchain

Key Security Features:

✅ Intent Fingerprinting - Tamper detection via SHA-256 hashing
✅ Single-Use Tokens - JWT tokens with 60-second TTL, consumed on first use
✅ Immediate Reservation - Amount reserved at Gate 1, preventing race conditions
✅ Non-Custodial - Your keys never leave your infrastructure

Instead of using a wallet SDK directly:

// ❌ Direct WDK (no policy enforcement) const wdk = new WDK(seedPhrase); const account = await wdk.getAccount('ethereum', 0); await account.sendTransaction({ to: '0x...', value: parseEther('1.0') });

Wrap it with our policy layer:

// ✅ With spending controls import { PolicyWallet, PolicyError } from 'agent-spending-controls'; const wallet = new PolicyWallet(wdk, { apiUrl: 'http://localhost:3001', orgId: 'your-org', walletId: 'your-wallet', agentId: 'agent-1' }); try { await wallet.send({ chain: 'ethereum', asset: 'eth', to: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb1', amount: '1000000000000000000' // 1 ETH }); console.log('✅ Payment approved and executed'); } catch (error) { if (error instanceof PolicyError) { console.log(`❌ Blocked: ${error.message}`); console.log(` Code: ${error.code}`); console.log(` Remaining today: ${error.details.counters.remainingDaily} ETH`); } }

✅ Currently Implemented (Phase 1 - POC)

Feature Description

Per-Transaction Limits	Maximum amount per single transaction
Daily Limits	Maximum total spending per 24-hour period (midnight reset)
Hourly Limits	Maximum total spending per hour (UTC hour boundaries)
Recipient Whitelist	Only allow transactions to pre-approved addresses
Transaction Frequency	Maximum X transactions per time period (e.g., 3 per hour)
Multi-Agent Management	Different limits for each agent
Real-Time Monitoring	Live dashboard with auto-refresh
Audit Trail	Append-only log of every policy decision
Tamper Protection	Intent fingerprinting prevents modification
Single-Use Authorisations	Tokens consumed on first verification
Ethereum Support	Native ETH and ERC-20 tokens

Time-Based Limits - Weekly, monthly caps
Velocity Controls - Cooldown periods, burst protection
Recipient Controls - Blacklists, address screening
Multi-Chain - Bitcoin, Solana, Polygon, Arbitrum, etc.
Approval Workflows - Two-person rule, supervisor approval for large amounts
Fraud Detection - Anomaly detection, behavioural analysis
Compliance - KYC/AML integration, sanctions screening, reporting

Want to contribute? See 100+ potential controls and pick one to implement!

agent-spending-controls/ ├── src/ │ ├── api/ # Policy enforcement API │ │ ├── server.ts # Express server (port 3001) │ │ ├── policy-engine.ts # Spending limit evaluation │ │ ├── validate.ts # Gate 1: Validate intent │ │ ├── verify.ts # Gate 2: Verify authorisation │ │ ├── auth.ts # JWT token management │ │ ├── storage.ts # In-memory data store │ │ └── types.ts # API type definitions │ │ │ ├── sdk/ # Client-side SDK │ │ ├── policy-wallet.ts # Wrapper around wallet SDKs │ │ ├── types.ts # SDK types and PolicyError │ │ └── index.ts # Public exports │ │ │ └── dashboard/ # Real-time monitoring UI │ ├── server.ts # Dashboard server (port 3002) │ └── public/ │ └── index.html # Auto-refreshing UI │ ├── examples/ │ └── multi-agent-demo.ts # 3 agents with different limits │ ├── docs/ │ ├── POLICY_CONTROLS.md # 100+ potential policy controls │ └── images/ # Screenshots │ ├── ARCHITECTURE.md # Detailed technical documentation └── CONTRIBUTING.md # How to contribute

┌──────────────────────────────────────────────────────────────┐ │ 1. Agent calls wallet.send(intent) │ └──────────────────────────────────────────────────────────────┘ │ ▼ ┌──────────────────────────────────────────────────────────────┐ │ 2. SDK → POST /validate-intent │ │ • Policy engine evaluates spending limits │ │ • Immediately reserves amount in daily counter │ │ • Issues JWT token with intent fingerprint │ │ • Returns: { decision: 'allow', auth: 'token...', ... } │ └──────────────────────────────────────────────────────────────┘ │ ▼ ┌──────────────────────────────────────────────────────────────┐ │ 3. SDK → POST /verify-authorisation │ │ • Verifies JWT signature and expiry (60s TTL) │ │ • Checks token hasn't been used before │ │ • Validates intent fingerprint matches (tamper check) │ │ • Marks token as consumed (single-use) │ │ • Returns: { status: 'valid' } │ └──────────────────────────────────────────────────────────────┘ │ ▼ ┌──────────────────────────────────────────────────────────────┐ │ 4. SDK → WDK.sign() → Broadcast to blockchain │ │ • Developer's keys sign the transaction │ │ • Transaction executed on-chain │ │ • Returns: { hash, fee } │ └──────────────────────────────────────────────────────────────┘

Feature Direct Wallet SDK With Spending Controls

Spending Limits	❌ None	✅ Per-agent limits
Audit Trail	❌ No logging	✅ Full audit log
Monitoring	❌ No visibility	✅ Real-time dashboard
Multi-Agent	❌ Complex DIY	✅ Built-in management
Compliance	❌ DIY	✅ Regulatory-ready
Tamper Protection	❌ None	✅ Fingerprinting + single-use tokens
Key Security	✅ You control	✅ You control

Feature Custodial Wallet Service Agent Spending Controls

Key Custody	❌ Third-party holds keys	✅ You keep keys
Liability	❌ High (custodian risk)	✅ Low (non-custodial)
Trust Required	❌ Must trust custodian	✅ Minimal trust needed
Policy Enforcement	✅ Yes	✅ Yes
Vendor Lock-in	❌ High	✅ Wraps any wallet SDK
Compliance	⚠️ Custodian's responsibility	✅ Your control

Agent can purchase items up to $100/day, preventing runaway spending on expensive items.

2. Automated Treasury Management

DeFi agent can rebalance positions with per-transaction limits and daily caps.

Support agent can issue refunds up to $50 without human approval, larger amounts require oversight.

4. Research & Development

Grant access to multiple research agents, each with different budgets for experiments.

5. Multi-Agent Marketplaces

Platform with hundreds of agents, each with custom spending policies.

Phase 1: Proof of Concept ✅ (Current)

Basic spending limits (daily, per-transaction)
Hourly spending limits
Recipient whitelist controls
Transaction frequency limits
Two-gate enforcement model
Real-time monitoring dashboard
Audit logging
Ethereum support (ETH + ERC-20)
Multi-agent management

Phase 2: Production-Ready SDK (2-4 weeks)

npm package distribution
Persistent storage (PostgreSQL)
Redis for token management
Comprehensive test suite
SDK for multiple wallet providers
Docker deployment
Production security hardening

Phase 3: Advanced Controls (1-2 months)

Weekly/monthly limits
Recipient blacklists
Advanced velocity controls & rate limiting
Multi-chain support (Bitcoin, Solana)
Approval workflows
Webhooks & notifications

Phase 4: Enterprise Features (3+ months)

Fraud detection & anomaly detection
Compliance reporting (KYC/AML)
Multi-organisation support
Role-based access control
API rate limiting
SaaS offering

Want to help? Check CONTRIBUTING.md and POLICY_CONTROLS.md!

ARCHITECTURE.md - Detailed technical documentation
POLICY_CONTROLS.md - 100+ potential policy controls
CONTRIBUTING.md - How to contribute
Tether WDK Docs - Wallet SDK documentation

⚠️ NEVER commit sensitive data:

Seed phrases
Private keys
API keys
Production credentials

All sensitive configuration belongs in .env (gitignored).

Current Limitations (POC)

This is a proof of concept. Before production use:

Replace in-memory storage with PostgreSQL
Add Redis for distributed token management
Implement rate limiting on API endpoints
Add comprehensive input validation
Security audit of JWT implementation
Add monitoring & alerting
Implement backup & recovery procedures

Q: Do you custody my keys? A: No. Your keys remain on your infrastructure. We only enforce policy before you sign.

Q: Does this work with any wallet SDK? A: Currently demonstrated with Tether WDK. The SDK wrapper pattern works with any wallet library.

Q: What happens if your API goes down? A: Agents can't make payments (fail-closed design). In production, deploy your own policy API with high availability.

Q: Can I use this in production? A: This is a POC. See "Current Limitations" above. We're working towards production-ready releases.

Q: Does the demo execute real blockchain transactions? A: No. The demo runs in dry-run mode and simulates blockchain execution. Policy enforcement (the core innovation) runs completely. To enable real transactions, uncomment the production code in src/sdk/policy-wallet.ts and fund your wallet with ETH for gas.

Q: How do I add my own policy controls? A: Check CONTRIBUTING.md and POLICY_CONTROLS.md for guidance.

Q: Is there a hosted version? A: Not yet. Phase 1 is self-hosted. Hosted SaaS coming in Phase 4.

We welcome contributions! This project is young and there's lots to build.

High-value contributions:

Implement policy controls from POLICY_CONTROLS.md
Add support for more wallet SDKs
Write tests (unit, integration, security)
Improve documentation & examples
Add multi-chain support

See CONTRIBUTING.md for detailed guidelines.

MIT License - see LICENSE for details.

Tether WDK - Multi-chain wallet SDK
Agentic Commerce - Inspiration for agent-driven economy

GitHub Issues: Report bugs or request features
Twitter: @L1AD
Email:

Read Entire Article