Why a personal agent needs a gate
An unattended agent with your keys is the highest trust grant most people will ever make to software. It does not fail from malice; it fails from scale and confidence: one wrong assumption applied eight hundred times before you look.
your operations agent is limited to updating 200 records per run. One night it decides 1,800 need changing. The action check returns hold before anything moves, an alert lands in your panel and your inbox, and everything within the limit keeps running while you decide over coffee.
The lightest path in
Create a private tenant, register your agent with its limits, author the handful of AOPs that matter to you (spend ceilings, record scopes, what it may say if it talks to people), and wrap its actions in our middleware pattern: it proposes through one API call and acts only on a permit. Holds reach you as a panel alert and an email; our dashboard is your control surface, nothing to build.
Honest scope, today
What you integrate now is the middleware pattern and our API: a thin wrapper around the actions your agent takes. Deeper runtime-specific adapters are on our roadmap and are not available yet. If you want the agent to hold no credentials at all, register a connector with us and execute permits server side.
Shadow first, even for one agent
Run shadow for a few days. Read what our engine would have held or denied against your real runs, tighten the limits that were wrong, then enforce the hard ones and let judgment calls stay in shadow until you trust them.