# Live action gates

Approval, policy, and sandbox boundaries for live sends, live spend, and high-risk operations.

Status: implemented
Version: latest
Review: source-backed

## Fail-closed defaults

Sensitive live actions fail closed unless account policy, RBAC, provider readiness, idempotency, content-firewall state, and durable approval records authorize execution.

| Action | Default | Required gates |
| --- | --- | --- |
| Live Gmail send/reply | Blocked | `LIVE_OUTREACH`, Gmail OAuth, sending alias, suppression check, safety review, approval |
| Agent spend/provisioning | Blocked | `LIVE_SPEND`, cap check, provider readiness, approval, idempotency |
| Runtime tool action | Blocked if unsafe | Project/account scope, content firewall, ToolRouter policy |
| Document/context release | Quarantined | Human review and source ref release |
| Skill promotion | Draft/project-local | Human approval and scope validation |

Denied actions still produce auditable ToolCall and RunEvent proof without executing the adapter.


Source paths:
- `lib/autonomous_agency/policies`
- `lib/autonomous_agency/tools/tool_router.ex`