Trading Bot Guardrails

Description

A trading agent may buy on NASDAQ only if purchase_nasdaq capability is present, trust > 95, amount ≤ $50,000, and during market hours.

A trading agent's ability to misbehave is severely limited within policy. Policies can add instrument allowlists, volatility circuit breakers, or dynamic ceilings during incident states. Tokens are one-shot per order; every decision and context (amount, instrument, exchange, reason) is logged.

Business Value

Enforce risk limits and auditability without slowing algo execution; reduce compliance workload:

• Risk controls at the call site: Hard limits enforced consistently across all strategies and services.
• Auditability: Regulator-ready evidence of who/what placed each order and why it was allowed.
• Operational resilience: Change guardrails centrally in policy as markets move, without touching bot code.
• Blast-radius containment: Short-lived tokens limit unauthorized reuse.

Why Not With Alternatives?

IAM roles/scopes can’t easily encode dynamic risk signals (behavioral trust), market hours, and spend ceilings tied to an agent’s DID and continuous audit trail per order:

• Broker API keys are static; “limits in code” drift across bots and can be bypassed.
• IAM roles don’t encode market-hour windows, per-instrument ceilings, or trust scoring in real time.
• Policy engines without DID/VC can’t strongly attest the specific agent that executed the trade.

Policy

default allow = false

allow if {
  input.action == "purchase_nasdaq" # agent/bot will need to have this capability in its VC
  input.context.exchange == "NASDAQ"
  input.context.amount <= 50000
  input.trust > 95
  time.hour(time.now_ns()) >= 9
  time.hour(time.now_ns()) <= 16
}