Status: implemented
Version: latest
Review: source-backed
Last scanned: 2026-06-25T00:00:00Z
Review required: false
Live action gates
Approval, policy, and sandbox boundaries for live sends, live spend, and high-risk operations.
Fail-closed defaults
Sensitive live actions fail closed unless account policy, RBAC, provider readiness, idempotency, content-firewall state, and durable approval records authorize execution.
| Action | Default | Required gates |
|---|---|---|
| Live Gmail send/reply | Blocked |
LIVE_OUTREACH, Gmail OAuth, sending alias, suppression check, safety review, approval
|
| Agent spend/provisioning | Blocked |
LIVE_SPEND, cap check, provider readiness, approval, idempotency
|
| Runtime tool action | Blocked if unsafe | Project/account scope, content firewall, ToolRouter policy |
| Document/context release | Quarantined | Human review and source ref release |
| Skill promotion | Draft/project-local | Human approval and scope validation |
Denied actions still produce auditable ToolCall and RunEvent proof without executing the adapter.
Official references
| System | Use in Trinity | Official docs |
|---|---|---|
| Hermes | Hosted agent runtime and skills context | Hermes Agent docs |
| Jido | Narrow policy/firewall action seam | Jido Actions and Workflows |
| NVIDIA | Nemotron scoring, safety, and QA decisions | NIM LLM API reference |
| Stripe | Checkout, webhooks, revenue proof, guarded spend | Checkout Sessions API |
| Gmail | Drafts, sends, aliases, scopes, inbound replies | Gmail API scopes |
| Phoenix/Oban/Postgres | Control plane, durable jobs, source-of-truth data | Phoenix LiveView |
Source paths
lib/autonomous_agency/policieslib/autonomous_agency/tools/tool_router.ex