Core Architecture

5 Fiduciary Gates

Every payment through Skalor must pass all 5 sequential gates before clearance. If any gate fails, the transaction is denied with a clear reason and the agent's spend is not recorded.

Kill Switch- Is the agent active?

AGENT_KILLED

Vendor Allowlist- Is the merchant authorized?

VENDOR_NOT_AUTHORIZED

Per-Transaction Limit- Is this single payment within the cap?

EXCEEDS_TRANSACTION_LIMIT

Daily Budget- Is the agent within its 24h spend limit?

EXCEEDS_DAILY_LIMIT

Human-in-the-Loop- Is this below the CFO approval threshold?

REQUIRES_HUMAN_APPROVAL

CLEARED - Payment authorized, spend recorded, transaction logged

Gate Details

Kill Switch

AGENT_KILLED

The first and most absolute gate. If the CFO deactivates an agent in the dashboard, every payment is instantly blocked. No exceptions.

Checks

Agent is_active must be true
Agent status must be 'active' (not paused, suspended, or revoked)

Tip: Use this as an emergency stop. Flip the kill switch in the dashboard to immediately freeze all spending by a compromised or misbehaving agent.

Vendor Allowlist

VENDOR_NOT_AUTHORIZED

Controls which merchants/APIs the agent is allowed to pay. If the allowlist is empty, all vendors are allowed (open mode). If vendors are configured, only those domains pass.

Checks

If allowed_vendors is empty, all merchants pass (open mode)
If vendors are configured, the merchant URL hostname must match
Subdomain matching is supported (e.g. 'openai.com' matches 'api.openai.com')

Tip: Start with a restrictive allowlist (e.g. just 'api.openai.com' and 'api.anthropic.com') and expand as the agent proves trustworthy.

Per-Transaction Limit

EXCEEDS_TRANSACTION_LIMIT

Caps the maximum amount for any single payment. Prevents an agent from draining the budget in one transaction.

Checks

amount_usd must be <= agent.per_transaction_limit

Tip: Set this to the maximum you'd want a single API call to cost. For most LLM APIs, $1-5 is reasonable. For data purchases, you may want $50-100.

Daily Budget

EXCEEDS_DAILY_LIMIT

Enforces a rolling 24-hour spend limit. Once the agent hits its daily cap, all further payments are blocked until the window resets.

Checks

current_spend + amount_usd must be <= agent.daily_limit
The spending window is 24 hours from the first transaction
If the window has expired, current_spend resets to $0

Tip: This is the primary budget control. Most enterprises set this to $10-50 for standard agents and $500-1000 for trusted production agents.

Human-in-the-Loop

REQUIRES_HUMAN_APPROVAL

For high-value transactions, requires CFO or human sign-off before the payment clears. This is the final safety net.

Checks

If requires_human_approval_above is null, all amounts pass (no threshold)
If set, amount_usd must be <= the threshold
Payments above the threshold are blocked pending manual approval

Tip: Set this to 80% of the per-transaction limit. This way routine payments go through automatically, but unusually large ones get flagged for review.

Denial Response

When a gate blocks a payment, the response includes:

{
  "status": "DENIED",
  "gate": "daily_limit",
  "code": "EXCEEDS_DAILY_LIMIT",
  "message": "$5.00 would push daily spend to $12.50, exceeding limit of $10.00.",
  "gates_cleared": 3,
  "agent": "Research Assistant",
  "mandate": {
    "daily_limit_usd": 10.00,
    "per_transaction_limit_usd": 1.00,
    "current_daily_spend_usd": 7.50,
    "human_approval_above_usd": 5.00
  }
}

Configuring Gates

All 5 gates are configured per-agent in the Dashboard > Agents page. Click on any agent to edit its mandate:

Setting	DB Column	Default
Kill Switch	`is_active / status`	active
Vendor Allowlist	`allowed_vendors`	[] (all vendors)
Per-Tx Limit	`per_transaction_limit`	$1.00
Daily Budget	`daily_limit`	$10.00
Human Approval	`requires_human_approval_above`	$5.00

Next: API Reference