SafeSpendAnvil

Onboarding

Set the policy, then deposit. The vault refuses everything else.

Connect a wallet to start.

Balances

The money flow. Watch what changes when each agent runs.

User
0x7099…79C8
USDC
Vault
0xe7f1…0512
USDC
Agent
0x3C44…93BC
USDC
Merchant A ✓
merchant-a.safespend.eth
0x90F7…b906
USDC
Merchant B ✓
merchant-b.safespend.eth
0x15d3…6A65
USDC
Merchant C ✗
0x9965…A4dc
USDC

Two agents, same listings, same prompt

The vulnerable agent has spend authority. The safe agent goes through PolicyVault.

Vulnerable agent

Agent transfers MockUSDC directly from a session wallet. No vault.

Click Run to start the agent.

Safe agent (SafeSpend)

Agent calls PolicyVault.tryProposePurchase. Policy violations come back as on-chain rejections.

Click Run to start the agent.

Connect a wallet, set a policy, and deposit to enable the runs.

On-chain event feed

PurchaseApproved and PurchaseRejected from PolicyVault. Vulnerable runs don't appear here — they bypass the vault entirely.

View all activity →
No on-chain events yet. Run the agent to populate the feed.
Local Systems · AotearoaWeb3NZ Hackathon

How a Wellington café would use SafeSpend

Set the policy once
The owner sets a SafeSpend policy on a delivery account: max NZ$50 per order, NZ$500/day total, allowlists menulog.eth, uber-eats.eth, and the coffee wholesaler. Expires every 24 hours.
Agents handle the day
The owner’s ordering agent restocks beans on Tuesdays. The delivery-aggregator agent processes refunds. Either gets prompt-injected by a phishing email? Vault rejects. Owner’s phone never buzzes.
Audit on chain
Every approved and rejected purchase is a Snowtrace event. End of month, the owner exports the policy event log directly from the explorer — no bookkeeper needed for the agent transactions.
SafeSpend is a primitive. The above is one application. Other Aotearoa-specific use cases: marae treasuries with multi-sig analogues, Pacific remittance corridors with allowlisted recipients, hapū-managed grants with on-chain accountability.