Autonomous agents need budgets the same way engineering teams need cloud cost controls — but faster, finer-grained, and enforceable without a human in the loop. Nomiqon policies are immutable, versioned rule sets attached to each agent identity. Changing a cap does not mutate history; it creates a new policy version with a timestamped audit record. This design mirrors how mature organizations govern infrastructure: declarative constraints, centralized templates, decentralized enforcement.
Policies are governance primitives — daily caps, total ceilings, rolling windows, domain allowlists, temporal windows, and kill switches — evaluated synchronously at the gateway before any funds move.
Policy Schema as Governance Contract
Every Nomiqon policy is a structured object with monotonically increasing version numbers. Finance and security teams can approve templates centrally; engineering assigns templates to agents without rewriting application code. The schema supports caps (daily, total, rolling window), domain controls (allowlist, blocklist with wildcard subdomains), temporal constraints (active hours, expiry dates), and emergency frozen flags.
// Reusable policy template — approved by finance
const template = await nomiqon.policies.create({
name: "standard-research-v3",
dailyCap: "25.00",
totalCap: "2000.00",
windowCap: { amount: "5.00", windowMs: 3_600_000 },
allowlist: [
"api.openai.com",
"api.anthropic.com",
"api.pinecone.io",
],
activeHours: {
timezone: "America/New_York",
from: "09:00",
to: "18:00",
},
});
// Assign to fleet — each assignment creates agent-specific version history
await Promise.all(
productionAgentIds.map((id) =>
nomiqon.agents.update(id, { policyId: template.id })
),
);Evaluation Order and Determinism
Policy evaluation is deterministic and ordered. The gateway executes checks in a fixed sequence: frozen flag, temporal bounds, blocklist, allowlist, rolling window cap, total cap, daily cap — then approves. This ordering matters for auditability: two engineers reading the same policy and spend request will always predict the same outcome.
- frozen === true → immediate 403 agent_frozen
- Outside activeFrom/Until/Hours → 403 policy_temporal_blocked
- Hostname on blocklist → 403 policy_domain_blocked
- Allowlist set and hostname missing → 403 policy_domain_blocked
- Rolling window exceeded → 402 policy_cap_exceeded
- Total cap exceeded → 402 policy_cap_exceeded
- Daily cap exceeded → 402 policy_cap_exceeded
Crew-Level Aggregation Without Shared Wallets
Decentralized governance does not mean unobservable sprawl. Agents tag metadata — crew, cost centre, environment — and Nomiqon aggregates spend across tags without commingling wallets. A research run spanning four agents reports total crew spend via transactions.aggregate while each agent retains isolated enforcement.
crew = "crew_q2_forecast"
for role in ("data", "model", "publish"):
client.agents.create(
name=f"forecast-{role}",
policy={"daily_cap": "10.00", "total_cap": "500.00"},
metadata={"crew": crew, "cost_centre": "FP-A-4401"},
)
stats = client.transactions.aggregate(metadata={"crew": crew})
print(f"Crew spend: {stats.total_usdc} USDC")
print(f"By agent: {stats.by_agent}")Policy Versioning and Diff Audits
Regulated industries require proof of what changed, when, and by whom. nomiqon.policies.listVersions() returns the full history for an agent. policies.diff() computes field-level changes between versions — invaluable during incident review when a cap increase preceded an anomaly.
const diff = await nomiqon.policies.diff("ag_01jx...", {
fromVersion: 4,
toVersion: 5,
});
// {
// changed: ["dailyCap"],
// added: [],
// removed: [],
// details: { dailyCap: { from: "10.00", to: "25.00" } }
// }Kill Switches and Incident Response
Setting frozen: true on a policy halts all spends globally within 100 ms. Unlike API key rotation — which requires updating every deployment — a kill switch is a single PATCH request with immediate effect. Resume is equally instant. Pair kill switches with webhook alerts on wallet.low_balance and policy_cap_exceeded for a complete operational playbook.
Treat agent policies like IAM roles: versioned, reviewed, templated, and never edited in production without an audit trail.