Skip to main content

Overview

The Policy Engine is the core safety mechanism in Aegis. It sits between your agent’s action request and the actual blockchain execution, enforcing configurable spending limits at four granularity levels. Every financial action, transfers, payments, bridges, swaps, and any other onchain operation that requires the movement of assets must pass through the policy engine before execution.

How It Works

When an agent attempts a financial action, the policy engine:
  1. Looks up the agent’s configured limits from the database
  2. Calculates the agent’s cumulative spending for each time window (24h, 7d, 30d)
  3. Checks if the requested amount would exceed any limit
  4. Rejects the action if any limit would be breached
  5. Allows execution only if all limits are satisfied

Spending Limits

Limits are enforced hierarchically: perTx ≤ daily ≤ weekly ≤ monthly.

Checking Current Policy

Response:

Policy Rejection

If an action would exceed any limit, the API returns a 403 error:
The action is never sent to Circle. No gas is spent, no funds move.
Default limits are intentionally conservative. They are designed so that even if an agent goes rogue or is exploited, the damage is capped at predictable amounts.

Policy Updates

To maintain a zero-trust security posture, agents cannot update their own policies. If an agent’s credentials are leaked, the attacker remains constrained by the pre-configured limits and cannot autonomously increase them. All policy limit changes must be requested by contacting support.

Audit Trail Integration

Every policy check is recorded in the audit log, regardless of whether the action succeeds or fails. This gives you a complete history of what your agent attempted and what was blocked.