You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AGT answers: "Is this agent allowed to call this tool?"
There's a second question worth exploring: "Should this agent act,
given the current state of the data behind the decision?"
These aren't the same. An agent can be fully authorized to call
approve_refund (right identity, right policy) and still cause damage
because the Fivetran sync behind the decision is stale, or a new enum
value appeared that the input contract never authorized.
Before a refund action executes, it checks live Fivetran evidence, a
BigQuery row from the synced table, and a versioned input contract. The
policy engine returns ALLOW / APPROVAL_REQUIRED / BLOCK with a full
evidence receipt. A new customer_tier enum outside contract v1 routes to
human approval before damage happens.
The question for AGT: is there interest in a data-trust extension point
for govern()? Something like:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
AGT answers: "Is this agent allowed to call this tool?"
There's a second question worth exploring: "Should this agent act,
given the current state of the data behind the decision?"
These aren't the same. An agent can be fully authorized to call
approve_refund (right identity, right policy) and still cause damage
because the Fivetran sync behind the decision is stale, or a new enum
value appeared that the input contract never authorized.
I built TrustGate to explore this gap during a hackathon:
https://github.com/MoAz06/trustgate-ai-agents
Before a refund action executes, it checks live Fivetran evidence, a
BigQuery row from the synced table, and a versioned input contract. The
policy engine returns ALLOW / APPROVAL_REQUIRED / BLOCK with a full
evidence receipt. A new customer_tier enum outside contract v1 routes to
human approval before damage happens.
The question for AGT: is there interest in a data-trust extension point
for govern()? Something like:
Or does this belong outside AGT as a separate adapter that feeds into
your policy evaluation? Happy to hear where the boundaries should be.
Beta Was this translation helpful? Give feedback.
All reactions