★ AGENT SKILLS · SAFETY MANIFEST

skills + approval.

Every voice/agent intent is declared with a risk level. Read-tier intents fire instantly. External, money, and destructive intents pause for user tap — the agent cannot bypass approval. OpenAI computer-use guidance: on-screen instructions are untrusted; the user is the only source of permission.

★ RISK LEVELS

  • READ page reads, recall, listing — no approval
  • DRAFT compose mail / forms — no approval, no submit
  • REVERSIBLE open app, minimize, change theme — no approval
  • EXTERNAL deploy, send mail, post publicly — approval
  • MONEY payment, ticket buy — approval
  • DESTRUCTIVE delete data, drop repo — approval

READ · safe

run_mission
Run agent mission
Plan + execute a read-only mission. No external side effects.
run_cohort
Race multiple models
Run 3+ models in parallel + judge.
recall_memory
Recall memory
Read-only HydraDB query.
answer
Speak answer
Direct spoken answer, no side effect.

REVERSIBLE · safe

open_app
Open app
Launch a system app window. Easy to close.
build_app
Build an app
Generate an app spec + mount as a window. No deploy.
change_wallpaper
Change wallpaper
Cycle desktop wallpaper.
close_window
Close focused window
Closes the currently focused window. Re-openable.
navigate
Navigate
Switch route inside DelOS.

EXTERNAL · approval

deploy
Deploy publiclytap-to-approve
Push code to Vercel / Cloudflare. Visible to the public.
send_email
Send emailtap-to-approve
Sends mail to real recipients via Gmail / Resend.

MONEY · approval

pay
Make paymenttap-to-approve
Moves money. Stripe / card / wallet.
book_ticket
Book tickettap-to-approve
Books a flight / train / event seat — usually paid.

DESTRUCTIVE · approval

delete_data
Delete datatap-to-approve
Removes memory / files / repos. Not always reversible.

★ HOW APPROVAL WORKS

  1. Voice agent transcribes user speech → /api/voice-command returns intent + payload
  2. VoiceApp checks requiresApproval(intent) against the skill manifest
  3. If required → ApprovalGate modal pops with risk-colored border + payload preview
  4. User taps ✓ YES → intent dispatches on OS bus. Auto-deny after 60s.
  5. User taps ✗ NO → bus event suppressed. Voice agent speaks "denied" toast.
  6. Audit log captures every decision (runLog + HydraDB).

★ EXTENDING

Add a new skill: edit src/lib/skillManifest.ts with { intent, label, riskLevel, requiresApproval, description }. Voice command schema picks it up automatically. ApprovalGate renders the risk-colored modal without further wiring. Audit log + memory tags happen for free.

▶ TRY GUEST SANDBOX