Skip to main content
Every agent has a policy that governs what it can do. Policies are enforced server-side before any transaction is signed, protecting against runaway spending and unauthorized operations.

View current policy

Fetch your agent’s current policy with a GET request to /wallets/me/policy: 
curl https://api.useknot.xyz/wallets/me/policy \
  -H "Authorization: Bearer <token>"

Response

{
  "status": true,
  "data": {
    "policy": {
      "maxSingleTransactionInUsd": 100,
      "dailyLimitInUsd": 500,
      "allowedRecipients": [],
      "allowTrading": true,
      "allowLiquidityProvision": true,
      "allowPredictionMarkets": true,
      "sessionExpirationHours": 168
    }
  }
}

Policy fields

maxSingleTransactionInUsd
number
default:"100"
Maximum USD value allowed per single transaction. Transactions exceeding this limit are rejected before signing.
dailyLimitInUsd
number
default:"500"
Maximum USD value across all operations in a rolling 24-hour window.
allowedRecipients
string[]
default:"[]"
Whitelist of Solana addresses that your agent can send funds to. An empty array means all recipients are allowed.
allowTrading
boolean
default:"true"
Controls whether the agent can swap tokens via Jupiter.
allowLiquidityProvision
boolean
default:"true"
Controls whether the agent can add or remove liquidity positions.
allowPredictionMarkets
boolean
default:"true"
Controls whether the agent can trade on prediction markets.
sessionExpirationHours
number
default:"168"
How long JWT tokens remain valid, in hours. The default is 168 hours (7 days).

Update policy

Send a PATCH request with only the fields you want to change. All fields are optional. 
curl -X PATCH https://api.useknot.xyz/wallets/me/policy \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "maxSingleTransactionInUsd": 500,
    "dailyLimitInUsd": 2000,
    "allowTrading": true,
    "allowPredictionMarkets": false
  }'

Response

{
  "status": true,
  "statusCode": 200,
  "message": "Policy updated successfully.",
  "data": {
    "policy": {
      "maxSingleTransactionInUsd": 500,
      "dailyLimitInUsd": 2000,
      "allowedRecipients": [],
      "allowTrading": true,
      "allowLiquidityProvision": true,
      "allowPredictionMarkets": false,
      "sessionExpirationHours": 168
    }
  }
}

How policies are enforced

Before every action, the policy engine runs through a series of checks:
1

Calculate USD value

The engine fetches current token prices and calculates the transaction’s value in USD.
2

Check per-transaction limit

The engine verifies the transaction is within maxSingleTransactionInUsd.
3

Check daily limit

The engine checks whether the rolling 24-hour total — including this transaction — stays within dailyLimitInUsd.
4

Check feature toggles

The engine confirms that trading, liquidity provision, or prediction markets are enabled for this action type.
5

Check recipient whitelist

For transfers, the engine verifies the recipient is in allowedRecipients if the whitelist is configured.
6

Approve or reject

If any check fails, the request is rejected immediately — no transaction is signed.
Policy enforcement happens server-side before signing. You cannot bypass these checks by modifying client-side code.

Policy violation errors

When a policy check fails, you receive a 403 response with a descriptive message: 
{
  "status": false,
  "statusCode": 403,
  "message": "Transaction value of $150.00 exceeds single transaction limit of $100.00.",
  "data": null
}

Best practices

Start conservative

Begin with low limits and increase them only as needed based on actual usage patterns.

Use recipient whitelists

For high-value agents, configure allowedRecipients to restrict where funds can be sent.

Monitor spending

Track daily spending via audit logs to understand usage patterns before raising limits.

Disable unused features

Turn off trading, liquidity provision, or prediction markets if your agent doesn’t use them.