> ## Documentation Index
> Fetch the complete documentation index at: https://docs.biconomy.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sudo Policy

> Grant full access to specific contract functions

The Sudo Policy grants unrestricted access to specified contract functions. It's the simplest policy—and the most powerful.

## When to Use Sudo

<Check>Target contract is audited and trusted (Uniswap, Aave, Morpho)</Check>
<Check>No user funds at direct risk (game actions, governance votes)</Check>
<Check>You need simplicity over granular control</Check>
<Check>Combined with time limits or usage limits</Check>

## When NOT to Use Sudo

<Warning>Agent handles significant user funds without other limits</Warning>
<Warning>Target contract has dangerous functions (e.g., `approve` for arbitrary spenders)</Warning>
<Warning>You need spending caps or parameter validation</Warning>
<Warning>Indefinite access without time bounds</Warning>

## Basic Usage

```typescript theme={null}
const actions = mcNexus.buildSessionAction({
  type: 'transfer',
  data: {
    chainIds: [10],
    contractAddress: UNISWAP_ROUTER,
    policies: [{ type: "sudo" }]
  }
})
```

## Agent Examples

### Yield Optimizer Agent

Trust deposits/withdrawals on vetted protocols:

```typescript theme={null}
const TRUSTED_PROTOCOLS = {
  morpho: "0xA2Cac0023a4797b4729Db94783405189a4203AFc",
  aave: "0x...",
};

const now = Math.floor(Date.now() / 1000)
const validAfter = now
const validUntil = now + 3600

const timeframePolicy = mcNexus.buildActionPolicy({
  type: "timeframe",
  validAfter, // unix-timestamp when policy becomes active
  validUntil  // unix-timestamp when policy expires
});

// Morpho deposit
const [actionOne] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [10],
    contractAddress: TRUSTED_PROTOCOLS.morpho,
    functionSignature: toFunctionSelector("deposit(uint256,address)"),
    policies: [timeframePolicy]
  }
})

// Morpho withdraw
const [actionTwo] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [10],
    contractAddress: TRUSTED_PROTOCOLS.morpho,
    functionSignature: toFunctionSelector("withdraw(uint256,address,address)"),
    policies: [timeframePolicy]
  }
})

// Aave supply
const [actionThree] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [10],
    contractAddress: TRUSTED_PROTOCOLS.aave,
    functionSignature: toFunctionSelector("supply(address,uint256,address,uint16)"),
    policies: [timeframePolicy]
  }
})

// Aave withdraw
const [actionFour] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [10],
    contractAddress: TRUSTED_PROTOCOLS.aave,
    functionSignature: toFunctionSelector("withdraw(address,uint256,address)"),
    policies: [timeframePolicy]
  }
})

const quote = await meeClient.getSessionQuote({
  mode: "PREPARE",
  enableSession: {
    redeemer: agentSigner.address,
    actions: [actionOne, actionTwo, actionThree, actionFour],
    // Cap gas spend
    maxPaymentAmount: parseUnits("50", 6),
  },
  simulation: { simulate: true },
  feeToken: { address: USDC, chainId: 8453 },
  // Fund SCA
  trigger: {
    tokenAddress: USDC,
    chainId: 8453,
    amount: parseUnits("2", 6),
  },
  // Any additional Instructions
  instructions: [...]
});

// Store the sessions details for later use.
let sessionDetails: SessionDetail[] = [];

if (quote) {
  const { hash } = await meeClient.executeSessionQuote(quote);
  await meeClient.waitForSupertransactionReceipt({ hash });

  if (quote.sessionDetails) sessionDetails = quote.sessionDetails;
}
```

### Gaming Agent

Full access to game contract with usage limits:

```typescript theme={null}
const GAME_CONTRACT = "0x...";

const [claimAction] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [8453],
    contractAddress: GAME_CONTRACT,
    functionSignature: toFunctionSelector("claimRewards()"),
    policies: [
      {
        type: "usageLimit",
        limit: 100n // Max 100 claims
      }
    ]
  }
})

const [performAction] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [8453],
    contractAddress: GAME_CONTRACT,
    functionSignature: toFunctionSelector("performAction(uint256)"),
    policies: [
      {
        type: "usageLimit",
        limit: 1000n // Max 1000 actions
      }
    ]
  }
})
```

### Governance Agent

Vote on proposals automatically:

```typescript theme={null}
const GOVERNOR = "0x...";

const [castVoteAction] = mcNexus.buildSessionAction({
  type: 'custom',
  data: {
    chainIds: [8453],
    contractAddress: GOVERNOR,
    functionSignature: toFunctionSelector("castVote(uint256,uint8)"),
    policies: [
      // 1 year for governance
      {
        type: "timeframe",
        validAfter: Math.floor(Date.now() / 1000),
        validUntil: Math.floor(Date.now() / 1000) + 365 * 24 * 60 * 60
      }
    ]
  }
})
```

## Security Checklist

<Check>Timeframe Policy configured</Check>
<Check>Only specific functions allowed (not entire contract)</Check>
<Check>Target contract is audited</Check>
<Check>Usage limit considered for high-risk actions</Check>
<Check>Gas spend capped (`maxPaymentAmount`)</Check>

## Common Mistakes

<Warning>
  **Granting Sudo to `approve()` function**

  This lets the agent approve arbitrary spenders. Never do this:

  ```typescript theme={null}
  // ❌ DANGEROUS
  functionSignature: toFunctionSelector("approve(address,uint256)")
  ```
</Warning>

<Warning>
  **No time limit**

  Without timeframe policy, the permission never expires:

  ```typescript theme={null}
  // ❌ BAD - no time limit
  const actions = mcNexus.buildSessionAction({
    type: 'transfer',
    data: {
      chainIds: [10],
      contractAddress: UNISWAP_ROUTER,
      policies: [{ type: "sudo" }]
    }
  })

  // ✅ GOOD - expires in 30 days
  const now = Math.floor(Date.now() / 1000)
  const validAfter = now
  const validUntil = now + 30 * 24 * 60 * 60

  const actions = mcNexus.buildSessionAction({
    type: 'transfer',
    data: {
      chainIds: [10],
      contractAddress: UNISWAP_ROUTER,
      policies: [
        { type: "sudo" },
        {
          type: "timeframe",
          validAfter,
          validUntil
        }
      ]
    }
  })
  ```
</Warning>

## When to Upgrade to Universal Action

Switch to Universal Action when you need:

* Spending limits (per-action or total)
* Recipient whitelisting
* Parameter validation
* Cumulative caps

See [Universal Action Policy](/agents-automation/policies/universal-action) for details.
