Session Policies Overview

Policies define the rules that govern what your agent can and cannot do. They’re enforced on-chain by smart contracts—not by trust.

Available Policies

Sudo Policy

Full access to specific functions. Simple but powerful.

Universal Action Policy

Fine-grained parameter-level control with spending limits.

Timeframe Policy

Restrict when the agent can act.

Usage Limit Policy

Cap the total number of actions.

How Policies Work

When your agent tries to execute an action:

Agent gets a session quote with instructions and submits it for execution
        ↓
MEE broadcasts the transaction to blockchain
        ↓
Smart contract checks:
  ✓ Is this contract/function allowed?
  ✓ Do parameters pass all policy rules?
  ✓ Is the session still valid (time)?
  ✓ Is usage limit not exceeded?
        ↓
All checks pass → Execute
Any check fails → Revert

Combining Policies

Real agents typically combine multiple policies for defense in depth:

const functionSignature = toFunctionSelector(
  getAbiItem({ abi: UniswapRouterAbi, name: "exactInputSingle" })
);

const customActions = mcNexus.buildSessionAction({
  type: "custom",
  data: {
    chainIds: [8453, 10],
    contractAddress: UNISWAP_ROUTER,
    functionSignature,
    policies: [
      // Time limit
      {
        type: "timeframe",
        validAfter: now,
        validUntil: now + 7 * DAY,
      },
      // Usage limit
      {
        type: "usageLimit",
        limit: 5n
      },
      // Spending limits
      {
        type: "universal",
        rules: [
          {
            condition: "equal",
            calldataOffset: calldataArgument(2),
            // 10 USDC per tx
            comparisonValue: parseUnits("10", 6)
          }
        ],
      }
    ]
  }
});

Policy Selection Guide

Your Agent Needs	Use This Policy
Full access to trusted protocol	Sudo
Spending limits per action	Universal Action
Total spending caps	Universal Action (with `isLimited: true`)
Recipient whitelisting	Universal Action
Time-limited access	Timeframe
Max number of actions	Usage Limit
Scheduled execution windows	Timeframe

Quick Decision Tree

Is the target contract fully trusted?
├─ Yes: Consider Timeframe + No other restrictive policy
└─ No: Use Universal Action

Does the agent handle user funds?
├─ Yes: Universal Action with spending limits
└─ No: Sudo may be acceptable

Need to limit total actions?
├─ Yes: Add Usage Limit
└─ No: Timeframe may suffice

Security Layers

Always think in layers:

Layer	Control	Example
Contract	Which contracts can be called	Only Uniswap, Morpho
Function	Which functions are allowed	Only `swap()`, not `approve()`
Parameter	Rules on arguments	Max $500 per trade
Time	When agent can act	Next 7 days only
Usage	How many times	Max 50 trades
Gas	Max gas spend	$20 USDC for gas

Build Your Agent

Session Policies

Session Policies Overview

Available Policies

Sudo Policy

Universal Action Policy

Timeframe Policy

Usage Limit Policy

How Policies Work

Combining Policies

Policy Selection Guide

Quick Decision Tree

Security Layers

Next Steps

Sudo Policy

Universal Action

Build Your Agent

Session Policies

​Available Policies

Sudo Policy

Universal Action Policy

Timeframe Policy

Usage Limit Policy

​How Policies Work

​Combining Policies

​Policy Selection Guide

​Quick Decision Tree

​Security Layers

​Next Steps

Sudo Policy

Universal Action

Available Policies

How Policies Work

Combining Policies

Policy Selection Guide

Quick Decision Tree

Security Layers

Next Steps