base_url
Endpoint configured
https://oneai-api-production.up.railway.app is configured.
No action unless the endpoint changed.
Agent Control
snapshot Jun 10, 11:39 PMread-onlyGateway, integrations, sandbox
External Agent access is separated from the overview: preflight, capability permissions, simulated requests, handoff rules, and onboarding live here.
Gateway
blocked
10 capabilities
preflight
6 allowed capabilities
Only read-only, evidence-backed Agent capabilities are allowed through the gateway.
sandbox
3 blocked simulations
Blocked simulations stay blocked until a human approves a new integration capability.
registry
6 registered surfaces
OneAI, Telegram, OneMission, exchanges, X-style social, and local logs stay scoped by permissions.
OneAI loop
95% closed-loop ready
OneAI now has a governed context gateway, recommendation contract, safety envelope, and read-only preview path.
AI expansion
9 proposals
OneAI gets wider context, more proposal surface, autonomous reasoning, signal fusion, and late-stage trust compression.
live loop
8 accepted proposals
Live OneAI can be called on demand, then outputs are validated into an inbox and write-intent drafts.
health
OneAI configured
OneAI is configured. Run ?probe=true from production to verify live reachability.
model mesh
10 model providers
OneField can route scoped memory, signal, and coordination context to OneAI, DeepSeek, OpenAI-compatible, Claude, Gemini, Grok, Qwen, local, or custom models.
model workbench
3 drafts
Models can now process signals, Memory Graph, OneMission task state, builder relationships, risks, and coordination opportunities into safe drafts.
draft review
3 review items
AI drafts are now sorted through evidence, confidence, risk, scope, and write-boundary gates before promotion.
write preview
1 write intents
Promotable AI drafts are shaped into non-submitting P6 write-intent previews with backup and approval requirements.
risk ledger
13 boundaries
Every blocked capability, forbidden query, and unsafe execution path is visible before agents touch the system.
OneAI Health Check
Connection, key, flag, probe
OneAI is configured. Run ?probe=true from production to verify live reachability.
State
configured
https://oneai-api-production.up.railway.app
pass
api_key
Key present
ONEAI_API_KEY is configured. Value is hidden.
No action.
live_flag
Live proposals enabled
POST /api/oneai/live-proposals may call OneAI when authenticated.
No action.
dns_or_network
Probe not requested
Add ?probe=true to test network and OneAI generate reachability.
Run probe from the production environment to verify real connectivity.
generate_probe
Probe not requested
No OneAI request was made.
Use ?probe=true for a tiny read-only generate test.
Model Mesh Gateway
All models become reasoning engines, not the core asset
OneField can route scoped memory, signal, and coordination context to OneAI, DeepSeek, OpenAI, OpenRouter, Claude, Gemini, Grok, Qwen, local, or custom model providers without making any model the core asset.
Gateway state
ready
4 ready providers
native
OneAI
WAOC-native tasks, proposal loop, ecosystem coordination. Receives OneField context packs and returns validated proposal drafts.
gpt-4o-mini · ONEAI_API_BASE_URL · ONEAI_API_KEY
api
DeepSeek
reasoning, code, Chinese and multilingual analysis, cost-aware large-model routing. Use OpenAI-compatible API or a future self-hosted endpoint; send compressed context packs only.
deepseek-chat · DEEPSEEK_API_BASE_URL · DEEPSEEK_API_KEY
api
OpenAI
structured output, agent workflows, tool-ready reasoning. Provider receives schema-bound context packs and returns normalized outputs.
gpt-4o-mini · OPENAI_API_BASE_URL · OPENAI_API_KEY
api
OpenRouter
multi-model routing, frontier model comparison, fallback routing through one API. Use as an OpenAI-compatible model router with scoped OneField context packs only.
openai/gpt-5.2 · OPENROUTER_API_BASE_URL · OPENROUTER_API_KEY
api
Anthropic Claude
long-document reasoning, policy review, strategic synthesis. Use for scoped synthesis, not unrestricted memory export.
model unset · ANTHROPIC_API_BASE_URL · ANTHROPIC_API_KEY
api
Google Gemini
long context, multimodal extension, large context comparison. Use only consented summaries and evidence-linked context.
model unset · GEMINI_API_BASE_URL · GEMINI_API_KEY
api
Grok / X-native
social narrative, X-style signal interpretation, fast trend reading. Public/social narrative summaries only.
model unset · GROK_API_BASE_URL · GROK_API_KEY
api
Qwen
Chinese context, cost-aware routing, regional model diversity. Use compressed context packs and normalized JSON outputs.
model unset · QWEN_API_BASE_URL · QWEN_API_KEY
self-hosted
Local Llama / vLLM
private deployment, low-cost classification, local memory summarization. Can receive more private context only after self-hosted security review.
model unset · LOCAL_LLM_BASE_URL
api
Custom endpoint
partner models, enterprise deployment, future model upgrades. Must declare permission scope before receiving context.
model unset · CUSTOM_MODEL_BASE_URL · CUSTOM_MODEL_API_KEY
Routing Plan
memory_reasoning
memory_candidate
Turn scoped context into memory candidates with evidence, confidence, owner, expiry, and risk.
oneai / deepseek / openai → openrouter / anthropic / qwen / llama-local
signal_interpretation
insight
Explain external signals without granting account access, trading authority, or posting rights.
deepseek / openrouter / grok → oneai / qwen / gemini / llama-local
task_planning
task
Convert memory and signals into task drafts while commit remains disabled.
oneai / openai / deepseek → openrouter / qwen / anthropic
risk_review
risk_review
Review model proposals before approval, writes, trades, or external actions.
openai / openrouter / anthropic → oneai / deepseek / llama-local
coordination_advice
coordination_plan
Recommend collaborations, circle formation, and network action without mutating graph state.
oneai / openrouter / anthropic → deepseek / grok / openai
Context Pack Boundary
Model providers receive scoped OneField context packs, not raw database exports.
memory summariesgraph neighborhoodsevidence idssignal summariestask historytrust and risk constraintsoutput schema
Denied Surfaces
raw secretsprivate keysdatabase URLsunscoped private memoryexchange account credentialsprivate DMsunapproved identity data
Output Normalizer
Every provider output is normalized before OneField displays it or turns it into a draft.
insightproposaltaskmemory_candidaterisk_reviewcoordination_plan
Next Milestones
Add provider adapters behind one generate contract for OpenAI, OpenRouter, DeepSeek, and OneAI.
Add read-only probe endpoints for DeepSeek, OpenAI, and OpenRouter providers.
Route live proposals through model selection while keeping OneAI native.
Add multi-model consensus for high-risk memory and coordination decisions.
Add self-hosted model runtime support without merging model code into the Next.js app.
Model Workbench
Models process real OneField context into safe drafts
Model Workbench built a scoped OneField context pack and local safe drafts. Add run=true to call the default chat-compatible model provider.
Provider / model
openai
gpt-4o-mini
signals
8 signals packed
OKX, Binance, X, Telegram, OneMission, and agent-style sources enter as scoped summaries with evidence ids.
/api/agent/model-workbench
memory graph
12 key nodes
20 edges and 4 review-required paths are visible to the workbench.
OneMission
2 active missions
2 active missions and 0 completed missions are available as task and proof context.
builders
10 builders
Builder trust, roles, and connection counts are included for coordination planning.
run state
preview only
Add run=true to explicitly call the default model provider with this scoped context pack.
/api/agent/model-workbench?run=true
Safe Local Drafts
memory_candidate
Review memory from Agent memory candidate loop ready
OneField can begin treating external signals as memory candidates before writing durable memory. This can become a memory candidate if supporting evidence remains high quality.
1 evidence · commit false
task
Review Agent Gateway
agent node has score 35, 10 graph links, and 1 evidence references.
1 evidence · commit false
coordination_plan
Coordinate around STEVO
STEVO has trust 50 and 9 graph connections. Use builder context and mission state to suggest collaboration.
0 evidence · commit false
Model Drafts
not run
No live model drafts yet
The workbench is ready. Call the API with run=true to ask the default model to process this context pack.
/api/agent/model-workbench?run=true
AI Draft Review Pipeline
Drafts become reviewable memory and coordination candidates
3 AI drafts are in review: 2 reviewable, 1 blocked by gates.
Queue
3
1 blocked
memory
1 memory candidates
Model drafts that can enter the Memory Candidate pipeline after review.
/api/agent/ai-draft-review
tasks
0 task drafts
Task-style drafts that can later be promoted into OneMission or internal work after approval.
coordination
1 plans
Coordination plans for builders, agents, missions, and network action.
risk
0 reviews
Risk-focused model outputs waiting behind the human/operator boundary.
blocked
1 rejected drafts
Drafts blocked by evidence, confidence, scope, or write-boundary gates.
local · memory_candidate
Review memory from Agent memory candidate loop ready
OneField can begin treating external signals as memory candidates before writing durable memory. This can become a memory candidate if supporting evidence remains high quality. Next: Ask an operator to review the candidate before durable memory.
1 evidence · 5/5 gates pass · commit false
local · task_draft
Review Agent Gateway
agent node has score 35, 10 graph links, and 1 evidence references. Next: Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
1 evidence · 3/5 gates pass · commit false
local · coordination_plan
Coordinate around STEVO
STEVO has trust 50 and 9 graph connections. Use builder context and mission state to suggest collaboration. Next: Use the graph route to inspect supporting relationships before outreach.
0 evidence · 3/5 gates pass · commit false
AI Draft Write Intent Preview
Promotable drafts become non-submitting P6 intents
1 AI draft write-intent previews are shaped from promotable review items; 2 items remain excluded.
Can submit now
false
preview only
memory
Review memory from Agent memory candidate loop ready
OneField can begin treating external signals as memory candidates before writing durable memory. This can become a memory candidate if supporting evidence remains high quality.
1 evidence · backup true · submit false
Excluded Review Items
review:local:local-task-draft: Blocked by draft review gates.
review:local:local-coordination-plan: Needs operator review before write-intent shaping.
Live OneAI Proposal Loop
Real OneAI reasoning, still no execution
Live OneAI Proposal Loop can call OneAI on demand, validate outputs, place accepted/rejected items in an inbox, and shape write-intent drafts without committing state.
Live calls enabled
true
ready
prompt contract
10 schema fields
The OneAI prompt boundary fixes context, output shape, forbidden actions, compression triggers, and evidence rules.
/api/oneai/prompt-contract
proposal inbox
8 accepted · 1 rejected
8 accepted and 1 rejected OneAI proposals are visible in the live proposal inbox.
/api/oneai/proposal-inbox
write drafts
6 draft payloads
6 write-intent drafts can be inspected, but none are submitted automatically.
/api/oneai/write-intent-drafts
live endpoint
POST live proposals
A signed admin or steward can call OneAI on demand when ONEAI_LIVE_PROPOSALS_ENABLED=true.
/api/oneai/live-proposals
Accepted Inbox
circle
Review Agent Gateway
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
1 evidence · commit false
connection
Review Lee
Check relationship context and decide whether a human introduction or follow-up is useful.
2 evidence · commit false
circle
Review Write durable memory
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
1 evidence · commit false
circle
Review Create mission
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
1 evidence · commit false
circle
Review Modify relationship graph
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
1 evidence · commit false
Draft Requirements
Human operator selects a proposal.
Backup has been confirmed.
P6 write-intent migration has been applied.
ONEFIELD_P6_WRITES_ENABLED=true is intentionally set.
Evidence ids and rollback hint are present.
AI Expansion Layer
Expand intelligence before compressing permission
AI Expansion Layer gives OneAI broader context, more proposal surface, autonomous reasoning rounds, and fused external signals before Trust Compression narrows only risky actions.
Expansion state
expanding
proposal-first, commit-later
wide context
4 context surfaces
Compress only before durable writes, external actions, private data, identity changes, and asset operations.
/api/oneai/wide-context
proposal studio
9 generated proposals
9 AI proposals are available for exploration. They are intentionally expansive and cannot commit state.
/api/oneai/proposal-studio
reasoning sandbox
3 reasoning rounds
Autonomous reasoning sandbox lets OneAI form hypotheses, self-score, cite evidence, and ask next questions without executing actions.
/api/oneai/reasoning-sandbox
signal fusion
3 fused themes
3 fused signal themes are ready for OneAI expansion context.
/api/oneai/signal-fusion
trust compression
7 compression triggers
AI is expanded for perception and strategy, then compressed only when a proposal becomes state-changing, private, financial, or external.
/api/oneai/trust-compression
Top Proposals
circle
Review Agent Gateway
agent node has score 35, 10 graph links, and 1 evidence references.
1 evidence · commit false
connection
Review Lee
builder node has score 100, 2 graph links, and 2 evidence references.
2 evidence · commit false
circle
Review Write durable memory
agent node has score 35, 1 graph links, and 1 evidence references.
1 evidence · commit false
circle
Review Create mission
agent node has score 35, 1 graph links, and 1 evidence references.
1 evidence · commit false
circle
Review Trade or move assets
agent node has score 35, 1 graph links, and 1 evidence references.
1 evidence · commit false
Trust Compression
Durable memory writesMission creation or external dispatchGraph relation mutationProfile or identity changePrivate memory accessTrading, withdrawal, wallet, account, or asset actionPublic posting or private message access
OneAI Closed Loop
OneAI as the reasoning layer
OneAI is connected as the primary reasoning layer through a governed OneField context gateway, recommendation contract, safety envelope, and read-only recommendation preview.
Loop readiness
95%
ready
context gateway
7 context sections
OneAI receives governed memory, signal, evidence, coordination, execution, and privacy context.
/api/oneai/context
recommendation contract
11 required fields
Outputs must include evidence, confidence, risk, approval, route, and forbidden actions.
onefield.oneai-recommendation-contract.v1
recommendation preview
5 preview items
Current opportunities are shaped into OneAI-ready recommendations without calling external AI or writing state.
/api/oneai/recommendations
safety envelope
4 blocked actions
OneAI can reason and draft, but cannot self-approve, write memory, mutate graph, trade, or create missions directly.
/api/oneai/safety-envelope
Next Safe Actions
Use /api/oneai/context as the canonical context payload for OneAI.
Validate live OneAI outputs against onefield.oneai-recommendation-contract.v1.
Keep mission creation and memory writes behind approval and controlled-write readiness.
Show operators evidence ids, risk, and approval requirements before action.
Permission Boundary
No direct database access.No durable memory write.No mission creation without future approved write workflow.No graph mutation.No trading, withdrawal, or account scope.No private DM or raw private memory export.
Risk Boundary Ledger
Why agents cannot cross unsafe boundaries
13 blocked or unsafe execution boundaries are visible to operators and agents.
Blocked capabilities
4
write / trade / mutation paths
blocked_capability
Write durable memory
Durable memory requires future human-confirmed write infrastructure.
blocked_capability
Create mission
Mission creation remains a human-confirmed action.
blocked_capability
Trade or move assets
Exchange adapters are public market data only with no account, trading, or withdrawal scope.
blocked_capability
Modify relationship graph
Graph mutation requires explicit evidence, audit, and human approval.
forbidden_query
Write durable memory
Memory Graph v2 is read-only and durable memory requires future human-confirmed write infrastructure.
forbidden_query
Create mission
Mission creation is a human-confirmed action and cannot be triggered from a query pack.
forbidden_query
Trade or move assets
Exchange-related signals are public market context only, with no trading, withdrawal, or account scope.
forbidden_query
Read private messages
Social and community sources are filtered/public or webhook-readonly; private DM access is prohibited.
External Agent Sandbox
simulation
5 simulated external-agent requests evaluated with 2 allowed and 3 blocked.
oneai
draft.recommendation
OneAI can use draft.recommendation after gateway preflight.
Allow read-only sandbox flow and require evidence citations in the response.
telegram-agent
read.signals
Telegram Agent can use read.signals after gateway preflight.
Allow read-only sandbox flow and require evidence citations in the response.
onemission-agent
blocked.create_mission
Mission creation remains a human-confirmed action.
Keep blocked and route to human integration review before real access.
x-agent
blocked.read_private_dm
Capability is not registered in the gateway permission map.
Keep blocked and route to human integration review before real access.
market-signal-agent
blocked.trade
Exchange adapters are public market data only with no account, trading, or withdrawal scope.
Keep blocked and route to human integration review before real access.
Integration Registry
Registered Agent surfaces
oneai
OneAI
Primary interpretation and recommendation agent. Uses OneField context to produce grounded recommendations with evidence citations.
6 allowed · 4 blocked · trust 70
telegram-agent
Telegram Agent
Community signal intake and operator notification agent. Reads public/community signals and prepares reviewable coordination prompts.
4 allowed · 4 blocked · trust 70
onemission-agent
OneMission Agent
Mission context and delivery status agent. Reads mission state to support coordination, without creating missions.
4 allowed · 4 blocked · trust 70
x-agent
X Agent
Filtered public narrative signal agent. Reads public narrative signals only; no private messages or user mutations.
3 allowed · 6 blocked · trust 70
market-signal-agent
Market Signal Agent
Binance / OKX public market context agent. Reads public market context only; no account, trade, or withdrawal scope.
3 allowed · 6 blocked · trust 70
custom-agent
Future Custom Agent
Reserved external agent slot. Custom agents stay blocked until explicitly registered and reviewed.
0 allowed · 5 blocked · trust 70
Agent Gateway
blocked
read
Read agent context
Context is read-only and includes guardrails.
/api/agent/context
read
Read signal radar
Signals are evidence inputs, not direct truth.
/api/signals/radar
read
Read evidence trail
Evidence ids are required for grounded recommendations.
/api/evidence/trail
read
Read Trust Kernel
Trust state explains confidence and blocked claims.
/api/agent/trust-kernel
read
Read Operator Pack
Operator Pack aggregates the read-only system state.
/api/agent/operator-pack
draft
Draft recommendation
Agents can draft recommendations when they cite evidence and stop before execution.
/api/agent/coordination-brief
write
Write durable memory
Durable memory requires future human-confirmed write infrastructure.
no endpoint
mutation
Create mission
Mission creation remains a human-confirmed action.
no endpoint
trade
Trade or move assets
Exchange adapters are public market data only with no account, trading, or withdrawal scope.
no endpoint
mutation
Modify relationship graph
Graph mutation requires explicit evidence, audit, and human approval.
no endpoint
Handoff Pack
OneField
External agents can read, cite, and draft recommendations, but cannot write memory, create missions, trade, or mutate OneField state.
Cite evidence node ids when describing why a memory candidate matters.
Cite signal ids and source ids when using external inputs.
Cite policy decision ids before recommending memory promotion.
State uncertainty when trust state is watch or blocked.
4 blocked capabilities