Bailing AI does not bypass your permission model. It signs tool calls, carries the on-behalf-of subject, records trace and audit data, and lets your backend make the final business decision.
Each route exposes only the tool scopes it explicitly allows.
Use low, medium, high, confirm-required, and parameter-level rules to model business risk.
Tool calls include HMAC signatures, timestamps, job id, tool name, and on-behalf-of subject.
Every important runtime event is recorded for debugging, compliance review, and replay analysis.