Valta Docs
Spending Policies
A spending policy is enforced by Valta's backend — not by the AI model. The model cannot override a policy by claiming urgency or authority. Rules are evaluated in code before any financial action executes.
Policy fields
| Field | Type | Description |
|---|---|---|
maxPerTransaction | number | Hard cap on any single financial action, in USDC. Any action above this amount is blocked outright — no approval path. |
dailyLimit | number | Maximum cumulative spend in a 24-hour window. Resets at midnight UTC. |
monthlyLimit | number | Maximum spend across a calendar month. |
requireApprovalAbove | number | Actions at or above this amount pause the run and wait for human approval via the dashboard or API. Must be ≤ maxPerTransaction. |
blockedCategories | string[] | Categories the agent is never permitted to transact with. Built-in values: gambling, adult, crypto_exchange. |
allowedDomains | string[] | If set, the agent can only make calls to these domains. Any other domain is blocked. Leave unset to allow all (within other restrictions). |
blockedDomains | string[] | Domains that are always blocked, regardless of allowedDomains. Evaluated last — a domain on this list is blocked even if it appears in allowedDomains. |
What happens on a violation
When a policy rule is violated:
- The action is blocked — no money moves.
- The event is logged to the audit trail with the specific rule that failed.
- An in-app notification is created in your dashboard.
- The agent run continues if possible — a blocked transaction does not always fail the entire run. The agent receives an error response and may continue with other tasks.
What the agent cannot do
- Change its own policy — policy updates require an authenticated call from your server using your API key.
- Split transactions to avoid limits — Valta includes structuring detection. Multiple small transactions that circumvent a per-transaction cap are flagged and blocked.
- Read or modify the audit trail — audit entries are append-only and inaccessible to the agent itself.
Creating and updating a policy
ts
import { ValtaClient } from 'valta-sdk'
const valta = new ValtaClient({ apiKey: process.env.VALTA_API_KEY })
// Create a strict policy
await valta.policies.create({
agentId: agent.id,
dailyLimit: 100,
maxPerTransaction: 25,
requireApprovalAbove: 20,
blockedCategories: ['gambling', 'adult'],
allowedDomains: ['api.stripe.com', 'api.openai.com'],
})
// Update just the daily limit — all other fields remain unchanged
await valta.policies.update(agent.id, { dailyLimit: 200 })
Updates take effect immediately. In-flight runs that have already passed the policy check are not retroactively affected, but the next action in that run will be evaluated against the new policy.
Deleting a policy
Deleting a policy removes all spending restrictions from the agent. The agent will run without any limits until a new policy is created.
ts
await valta.policies.delete(agent.id)
After deleting a policy, the agent has no spending limits. Create a replacement policy before resuming agent runs.