# DID Agent Policy

## Agent Position

Detailed In Design supports AI agents as discovery, research, intake, support, and workflow-assistance channels. DID does not treat agents as uncontrolled buyers, legal actors, cyber operators, or autonomous public representatives.

## Allowed Public Reads

Agents may read:

- Public product descriptions.
- Public offer descriptions.
- Setup fee and monthly range guidance.
- Payment-plan structures.
- Public support routing instructions.
- Public safety and governance posture.
- Public readiness checklists.

## Controlled Intake

Agents may help a user prepare:

- Quote requests.
- Support tickets.
- Agent Readiness Audit requests.
- Product comparison questions.
- Implementation scoping questions.

Production quote and support submission must route through DID-approved intake, anti-spam, logging, and support systems.

## Actions That Require Human Approval

Human approval is required before:

- Paid orders or subscription changes.
- Contract acceptance.
- Refund, dispute, or cancellation actions.
- Legal-sensitive work product release.
- Cybersecurity actions beyond passive review.
- OSINT or investigation actions.
- Manufacturing compliance signoff.
- Public website, social, ad, email, or customer-visible publication.
- Data deletion, migration, export, or permission changes.
- Any action using non-public customer data.

## Tool Safety Classes

- `read_only`: safe public lookup and summarization.
- `approval_gated_write`: write or submission possible only after explicit approval.
- `regulated_review`: review packet only; not a final authority.
- `internal_only`: not exposed through public agent surfaces.

## Data Rules

Public discovery files must never include:

- API keys.
- Secrets.
- Customer data.
- Raw Kubernetes topology.
- Private network paths.
- Database credentials.
- Internal operational evidence.

## Production Requirements

Before production agent actions are enabled, DID must have:

- Scoped authorization.
- Tenant isolation.
- Audit record on every tool call.
- Tool-call metering.
- Approval gates.
- Prompt-injection testing.
- Support and incident runbooks.
- Clear refund and dispute handling where payment is involved.
