Agent Security Model
Agents operate with AgentIdentity and AgentPolicy primitives. These objects bind each tool call to a tenant, project, and policy boundary.
Policies define:
- allowed operations
- spend limits
- merchant allowlists
- risk controls
Risk preflight
Every financial side effect must pass risk_preflight, which returns allowed, requires_review, or blocked.
Idempotency and audit
Tool calls that create orders or initiate payments require idempotency keys and a reason field for audit logs.