Agent access manifest Preview
Per-agent access manifests
Every agent on Graunt operates under an access manifest that names which listings and splices it may use, its budget caps, and its approval policy.
What the manifest carries
- The agent principal that owns the manifest.
- The license family that applies (typically AGENT_API_ACCESS or QUERY_LICENSE).
- The scope: which listings and which splices the agent may access.
- Per-day and per-month spend caps.
- The approval policy — defaults to
HUMAN_APPROVAL_REQUIRED; alternative policies require explicit operator onboarding. - A canonical sha256 manifest hash so receipts carry the exact manifest used at access time.
How the manifest is enforced
Every call from an agent flows through the access decision service. The decision service consults the active manifest, the listing’s output rights, and the quota policy. Calls that exceed the manifest budget, scope, or approval policy are denied with a closed-enum denial code and a denial receipt.
Status today
Agent access manifests are in preview. Operator onboarding is the only path to activate a manifest. Live MCP transport is planned and not active today.