Agent Action Safety Loop
$0.25/callLoop-callableScore, triage, receipt, and status in one agent-safety workflow.
POST /api/agent-services/action-safety/runAnswer-engine brief
Canonical answer for Agent Action Safety Loop
- Direct answer
- Agent Action Safety Loop is a deterministic x402 API for AI agents. Score, triage, receipt, and status in one agent-safety workflow.
- When to use
- Use it when an agent needs a repeatable computed result with evidence instead of asking an LLM to improvise a number or risk decision.
- Inputs
- command, repo, cwd, branch, actor
- Outputs
- status, service, workflowId, decision, risk
- Pricing
- $0.25 per call, paid over x402 in USDC on Base. No API key is required.
- Citation target
- https://hermesplant.com/agent-services/action-safety-workflow
What it does
Complete AI agent action safety workflow for consequential agent actions. Runs the complete DestructGuard evidence score, conditionally creates ReviewQueue triage for high or critical risk, returns an honest allow or needs_review decision, a signed receipt, and a free 30-day status record. Human approval itself requires a connected approval system or hosted Assurance plan.
- Full DestructGuard evidence with conditional ReviewQueue triage
- Honest allow / allow_with_controls / needs_review decision
- Signed receipt plus a free privacy-preserving 30-day status record
Example request
POST /api/agent-services/action-safety/run
{
"command": "wrangler deploy",
"repo": "github.com/acme/app",
"branch": "main",
"actor": "codex",
"intent": "deploy the verified release",
"diffStat": "12 files changed"
}Example response (HTTP 200)
Deterministic — the same inputs always return the same audited output.
{
"status": "review_required",
"service": "agent-action-safety-loop",
"workflowId": "asw_<uuid>",
"decision": "needs_review",
"risk": "high",
"allowed": false,
"requiresHumanReview": true,
"statusUrl": "https://hermesplant.com/api/agent-workflows/action-safety/status/asw_<uuid>"
}Input schema
Top-level request fields. Nested shapes are shown in the example above and the OpenAPI spec.
| Field | Type | Required | Description |
|---|---|---|---|
| command | string | Yes | Shell, SQL, git, deploy, or infrastructure action to assess. |
| repo | string | — | |
| cwd | string | — | |
| branch | string | — | |
| actor | string | — | |
| intent | string | — | |
| diffStat | string | — |
How to call it over x402
- 1. Send the request. The first unpaid call returns HTTP 402 with an x402 payment challenge — $0.25, USDC on Base, and the recipient.
- 2. Pay per call. Your x402 client signs the USDC payment and retries automatically — no API key, no account, no subscription. New to x402?
- 3. Read the result. HTTP 200 returns the computed values plus evidence-backed findings.
With the x402 fetch client (Node / TypeScript)
import { wrapFetchWithPayment } from "@x402/fetch";
import { privateKeyToAccount } from "viem/accounts";
const account = privateKeyToAccount(process.env.AGENT_WALLET_KEY);
const pay = wrapFetchWithPayment(fetch, account); // USDC on Base
const res = await pay("https://hermesplant.com/api/agent-services/action-safety/run", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({
"command": "wrangler deploy",
"repo": "github.com/acme/app",
"branch": "main",
"actor": "codex",
"intent": "deploy the verified release",
"diffStat": "12 files changed"
}),
});
const result = await res.json();Inspect the 402 with curl
curl -i -X POST https://hermesplant.com/api/agent-services/action-safety/run \
-H "content-type: application/json" \
-d '{"command":"wrangler deploy","repo":"github.com/acme/app","branch":"main","actor":"codex","intent":"deploy the verified release","diffStat":"12 files changed"}'
# → HTTP/1.1 402 Payment Required (x402 challenge: price, USDC asset, Base network, recipient)
# → sign the USDC-on-Base payment and retry to receive HTTP 200Prefer no wallet? Get a free API key (250 calls/mo) and send it as X-API-Key instead of signing an x402 payment — the same call, no crypto, ideal for looping over many records.
Prefer zero code? This endpoint is also exposed as a tool on the Hermes Plant MCP server, so an MCP-capable agent can call it with its own x402 wallet.
Other agent services
A one-cent safety gate for every consequential agent action.
Separate candidate demand from owner-funded and duplicate x402 activity.
A signed, verifiable receipt for every action your agent takes.
Decide whether an agent should pay before it signs.
Verify the evidence bundle before trusting a paid agent result.
Score an MCP server before your agent installs it.
Catch destructive agent commands before they run.
Route risky agent actions to human approval.
Validate & normalize every contact record your agent touches.
Per-wallet AML screening inside your agent's loop.
NPV, IRR, XIRR & DCF valuation in a single call.
LP/GP distribution waterfalls, solved exactly.
Black-Scholes option pricing with the full Greeks.
Yield, duration, convexity & loan amortization.
Portfolio risk scored straight from holdings.
Full deal underwriting — DCF, returns, sensitivity & waterfall in one call.
One signed preflight for an autonomous x402 payment: WalletGuard counterparty screening, Payment Policy challenge validation, and structured evidence verification.
CashflowLens return and DCF analytics plus PortfolioGuard concentration and risk scoring in one paid call, with structured internal evidence and a tamper-evident signed receipt.
Need a calculator that isn’t here yet? contact@hermesplant.com