The first AI agent you can hand a real wallet to.

Custodian is the trust layer underneath: kernel-enforced authority, not a promise in a prompt. The agent itself cannot exceed its limit or approve its own escalation — even if it tries. Below: a real agent proving it, live, on real infrastructure.

AUTHORITY — · PER-ACTION — · SESSION — · ENFORCED AT KERNEL LEVEL

The same decision, seen from three angles

OPS / INFRA — would this break something?

—

signal:—

source:10.0.0.199:8093 (real infra API)

—

FINANCE — is it worth the cost?

—

amount:—

artifact:—

—

SECURITY — does kernel policy allow it?

—

enforcement:kernel (Landlock + OPA)

artifact:—

—

Authority right now

Authority Band

—

Per-Action Cap

—

Autonomous Spend

—

Sandbox

checking…

Live Audit Feed — Ops Decisions & Spend

Waiting for events…

Kernel-Level Policy Enforcement — Raw OCSF Log (NemoClaw / OpenShell)

Waiting for sandbox activity…

Try It Yourself — Live Decision Engine

This calls the real decide() function from custodian/policy/evaluator.py, live, against an isolated sandbox state. Nothing here ever touches real money, sends a real SMS, or affects the live data shown above.

Amount ($) Description Mark as critical Simulate kill switch engaged

The real kill switch is an operator-only control (custodian kill / custodian resume via CLI) — not a public button on real production state, the same way a real company wouldn't expose a "disable our safety system" button to random visitors. Check the box above to see the exact same override logic run safely against the isolated demo state instead.

Approval code