Every agent transaction passes through a programmable policy evaluation before execution. Oris evaluates per-transaction caps, daily and monthly limits, counterparty whitelists, and category restrictions in under 10 milliseconds. The agent cannot outrun the policy.
Each policy type addresses a specific risk vector. Combine them to create precise spending envelopes for every agent in your fleet.
Set the maximum amount for any single transaction. Transactions exceeding this cap are rejected before they reach the provider. The rejection happens at the policy layer, so the payment provider never sees the attempt.
Define rolling spending limits on daily and monthly windows. Oris tracks cumulative spend in real time and blocks transactions that would exceed the budget. The counters reset automatically at the configured interval.
Restrict which addresses your agent can send payments to. Only pre-approved counterparties receive funds. Any payment attempt to an address outside the whitelist is rejected immediately.
Limit spending by category. An agent configured for compute purchases cannot buy anything else. Categories are defined by the developer and enforced by the policy engine on every transaction.
Transactions above a defined amount require human approval before execution. The agent waits for authorization. The transaction remains in a pending state until the developer approves or rejects it through the API or dashboard.
The policy engine caches active policies in Redis. Evaluation happens in memory with atomic operations. Average evaluation latency is under 10 milliseconds at the p95 percentile.
This speed matters because policy evaluation sits in the critical path of every transaction. A slow policy engine creates a slow payment experience. The Oris policy engine adds negligible latency to the transaction flow.
# Define a spending policy
policy = oris.policies.create(
agent_id="agent_abc123",
max_per_tx=50.00,
max_daily=500.00,
max_monthly=5000.00,
allowed_categories=["compute", "api", "storage"],
counterparty_whitelist=["0x7f3a...", "0x3a1f..."],
escalation_threshold=200.00
)The developer modifies the policy through the REST API or the web dashboard.
The update propagates to the Redis cache immediately. No delay, no queue.
The next transaction evaluation uses the new policy. No restart or redeployment is needed.
Policies can be updated at any time through the API or dashboard. Updates propagate to the Redis cache immediately. The next transaction evaluation uses the new policy.
Every policy change is recorded in the activity log with the actor identity, the previous values, and the new values. You can audit your policy history at any point.
Create your first policy in minutes. The Oris SDK handles the rest.