← Back to Daily Builds

Daily build note · May 29, 2026

Agent Action Gate

A productized implementation sprint and lightweight policy layer that puts approval, rollback notes, and receipts in front of high-risk AI-agent actions such as money movement, auth...

Mixed Wildcard - Combine Or Alternate Between The Strongest Themes Above Build note published Public demo coming soon

What shipped

  • Dependency-free Node.js CLI named agent-action-gate.
  • Local workspace initializer for policy, docs, receipt directories, and index files.
  • Deterministic policy evaluator for allow, log, approval_required, and blocked.
  • Request lifecycle commands: request, approve, deny, and complete.
  • Markdown and JSON receipt generation with schema version 0.1.0.
  • Inventory command that updates both policy and ACTION_GATE.md.
  • Weekly review report generation in Markdown and JSON.
  • Policy diff command for action classes, approvers, rule decisions, and blocked patterns.
  • Seed sample scenarios for read-only inspection, production migration, auth permission change, and Stripe test-mode refund simulation.
  • Local examples for shell, GitHub public-send, Stripe test mode, and generic MCP tool-call flows.
  • Smoke script and Node test suite.

Architecture

  • Used plain Node.js ES modules and built-in node:test so the MVP works without network access or package installation.
  • Stored policy as JSON-compatible YAML in agent-action-gate.yaml to keep it PR-reviewable while avoiding a YAML parser dependency.
  • Used file-based persistence under action-receipts/ instead of a database or hosted backend.
  • Kept policy evaluation deterministic and local. No external LLMs, Claude, Anthropic, OpenRouter, Stripe, GitHub, or MCP calls are made.
  • Treated receipts as operational evidence with stable JSON fields plus human-readable Markdown.

Trimmed scope

  • No browser dashboard.
  • No Slack, GitHub, Stripe, or MCP live integration.
  • No OAuth, team accounts, hosted storage, or billing.
  • No cryptographic signing or tamper-evident receipt chain.
  • No arbitrary YAML parser; policy files must remain JSON-compatible.
  • No automatic command execution wrapper beyond local examples.

Limitations

  • Manual approval recording means the team must still enforce the habit of requesting approval before mutation.
  • Local receipt files can be edited by anyone with filesystem write access.
  • Policy diffs summarize meaningful top-level changes but are not a full semantic YAML diff.
  • Interactive prompts are intentionally simple; scripted flags are the preferred reliable path.
  • Blocked live-payment and production customer-data patterns are starter safeguards, not comprehensive integration security.

Verification

Completed locally:

``bash npm test npm run smoke ``

Both passed.

Suggested next steps

  • Add a real shell wrapper that refuses configured destructive commands unless a request id is approved.
  • Add a small MCP middleware demo that gates write tools before invocation.
  • Add optional receipt hashing and chained receipt manifests.
  • Add GitHub PR comment templates for approval blocks and completed receipts.
  • Add a static HTML receipt browser generated from action-receipts/index.json.
  • Expand policy diff to compare against git refs.
  • Add adapter examples for OpenAI Agents SDK tool calls.