Glossary of scopes used by the runner and agent manifests.
File IO (blocked unless inside allowlist).
Spawn child processes (still within allowlist constraints).
Playwright automation (demo targets only).
Agents must require explicit approval flags for sensitive actions.
Secrets travel via time-limited handles; values never logged.
Local signing uses ed25519 keys stored under .agentx/keys/
Risk tiers: low (read-only) • medium (write) • high (signing, auth gates).