Feature: On-chain spending limits for agent wallets (SpendingPolicy support) #108
Description
Problem
ClawRouter generates local wallets that agents fund with USDC and spend per-request via x402. This is great for autonomy — but there's no on-chain mechanism to limit how much an agent can spend.
If an agent gets compromised, misconfigured, or enters a runaway loop, it can drain the entire wallet balance in seconds. The only protection today is "fund with a small amount" — which limits capability, not risk.
For production agent deployments managing real budgets, operators need enforceable spending guardrails that the agent's own code can't override.
Proposed Solution
Support optional on-chain spending limits via agentwallet-sdk, which provides:
- Per-token spending limits with configurable time windows (e.g., max 10 USDC/hour)
- Contract-enforced via ERC-6551 token-bound accounts — even a compromised signing key can't exceed the budget
- SpendingPolicy guardrails set by the wallet owner, not the agent
- x402 compatible — already works with the x402 payment flow
How it could work with ClawRouter
import { AgentWallet } from "agentwallet-sdk";
// Instead of a raw local wallet:
const wallet = await AgentWallet.create({
chain: "base",
spendingPolicy: {
maxPerTransaction: "1.00", // USDC
maxPerHour: "10.00",
maxPerDay: "50.00",
allowedTokens: ["USDC"]
}
});
// ClawRouter uses this wallet for x402 payments
// Contract enforces limits regardless of what the agent tries to doBenefits
- Fail-safe for runaway agents — spending caps enforced at the contract level
- Enterprise-ready — operators can set budgets per-agent
- No trust required — limits are on-chain, not in application code
- Backward compatible — existing local wallets still work, SpendingPolicy is opt-in
Context
agentwallet-sdkv5+ on npm (MIT, 1,400+ weekly downloads)- Already in the Coinbase x402 ecosystem listing
- Supports Base, Ethereum, and 17-chain CCTP bridging
- GitHub
Happy to contribute a PR if there's interest. The integration surface is small — it's just swapping the wallet provider for agents that want spending guardrails.
Disclosure: I'm a maintainer of agentwallet-sdk. Suggesting this because the security gap is real and we've already built the solution.