Agent runtime

The boundary between a model and commerce operations.

KarmanFlow does not give agents a side door. A model calls a tool, the tool becomes a typed action, policy checks the actor and risk, approval binds a human when needed, and the receipt proves what happened.

Run the quickstart Open developer surfaces

Layers

The path a tool call takes.

Every agent tool call lands in the same governed write path a human action uses. There is no agent-only fast path, no privileged token mode, and no shadow write surface.

Model clientKarmanFlow MCPPolicy + approvalReceipt + timeline

Every agent request becomes a governed KarmanFlow action before it can change inventory, orders, or fulfillment.

1. Action contract
Every agent capability is a contract-checked action with a typed result and a declared risk class. MCP tools and GraphQL mutations expose the approved action set, so agent work can be scoped and audited.
2. Policy and risk class
Each action declares R0 through R3. Policy checks the actor, scope, tenant, and environment before a write can continue. The decision is recorded on the receipt.
3. Approval binding
R2 actions enter a pending-approval state. The approval surface binds a named human before execution. Receipts carry both actors: the agent that proposed and the operator that approved.
4. Audit and replay
Receipts are immutable. Events, timelines, exports, and replay all read from the same committed action history, so support and operators can reconstruct what happened without trusting a chat log.

Proof

What the receipt makes visible.

The point is not to show JSON for its own sake. The point is that every automated action carries a readable chain: policy outcome, actor chain, approval binding, events, and replay.

requiresApproval: true

Policy outcome

Risky writes pause before execution. The decision and the rule set stay on the receipt.

proposedBy agent + approvedBy user

Actor chain

The timeline shows who proposed the action and who approved it. Both identities remain queryable.

receipt -> event -> timeline

Replay path

Support can reconstruct the action without treating a chat transcript as the source of truth.

Where we draw the line

Why this is not an operations chatbot.

Chatbots can help answer questions, but risky commerce work needs a boundary. KarmanFlow lets agents propose structured actions, applies policy before execution, and records the receipt your team can replay.

Build against it

Design the first safe agent action.

Start with one read, one preview, and one approval-bound write. The quickstart shows the hosted preview path.

Run the quickstart Read approvals + receipts