A policy is a per-agent JSON document that defines what an agent may do. It is enforced in two places: the SDK’s pre-flight check (off-chain) and Swig’s session-key constraints (on-chain).Documentation Index
Fetch the complete documentation index at: https://docs.altheia.xyz/llms.txt
Use this file to discover all available pages before exploring further.
Shape
Fields
| Field | What it controls | Enforced on-chain? |
|---|---|---|
asset_caps[mint].max_per_tx | Max units per single transaction. | yes (Swig TokenLimit) |
asset_caps[mint].max_per_day | Max units in a rolling 24h window. | yes (Swig TokenRecurringLimit) |
allowed_programs | Program IDs the agent may invoke. | yes (Swig Program scope) |
blocked_destinations | Addresses the agent may never send to. | off-chain only |
max_actions_per_minute | Rate limit on guarded calls. | off-chain only |
expires_at | Auto-revoke at this ISO timestamp. | off-chain trigger |
50 USDC, 0.5 SOL). The SDK and dashboard handle conversion to base units.
Two layers, one truth
The SDK calls/sdk/agent_check before signing. If the off-chain check denies, the action never reaches Solana — fast feedback, no wasted fee.
If somehow the off-chain check misses or the SDK is misconfigured, Swig’s on-chain scope is the floor. The session key cannot sign anything outside its programmed limits, regardless of what the SDK thinks.
This is why failureMode: "open" is safe by default. The on-chain layer catches over-cap actions even when the off-chain check is unreachable.
Updating a policy
Edit on the agent detail page. You sign one transaction. The policy commitment on-chain updates, the Swig session-key constraints update, and the new policy takes effect immediately. Old in-flight transactions are not retroactively blocked.Next: kill switch
Pause, revoke, and what each one does to the on-chain state.