/Docs/AI Agent OS/Permissions & Controls

Permissions and Controls

Agent autonomy must be bounded in code. Ramestta policies are designed so an owner can define what an agent may do, when it may do it and when a human must approve.

Core controls

Target allowlists

Allow calls only to selected contract addresses and method selectors.

Spend limits

Set per-transaction, daily or workflow-level ceilings before a transaction is signed.

Approval gates

Require controller approval over a chosen risk or value threshold.

Emergency pause

Stop future execution immediately while preserving the audit trail.

Recommended control matrix

WorkflowSuggested policyHuman involvement
Read-only researchNo wallet authorityNone
Notifications and monitoringNo transfer methodsReview alerts
Recurring low-value paymentRecipient + method allowlist, low capApprove setup and exceptions
Treasury movementStrict targets and multisig thresholdApproval for every action
Contract administrationNo autonomous authority by defaultMultisig only

Operational safeguards

  • Use separate wallets for testing, production automation and cold treasury custody.
  • Keep initial funding low until the workflow has been observed under real conditions.
  • Use an onchain multisig for protocol ownership and high-value controls.
  • Monitor scheduled jobs, nonce progression and failed transaction attempts.
  • Pause first, investigate second, and only then change or restore a permission policy.
⚠️Guarded beta
Agent OS components should be used with explicit owner-defined bounds. Automation is not a substitute for review of contract risk, recipient addresses or asset custody.

Found an issue with this page? Report on GitHub