Toolstack is a risk-management architecture for agent tools: agents get useful actions, not broad access. The broker centralizes authorization, approval, revocation, routing, and audit. Toolyard isolates tool execution and keeps downstream secrets out of the agent host.
trust-agents-with-action-not-access.md- the thesis and threat model.
design/01-architecture.md- the four-component system shape.design/00-principles.md- the operational rules behind the design.user-guide.md- how agents and operators use the system.deployment/README.md- how the current deployment is assembled.
trust-agents-with-action-not-access.mdis the project thesis: separate intent from authority.design/00-principles.mdturns the thesis into concrete design constraints.
design/01-architecture.mdexplains the broker, Toolyard, Discord approver, tool containers, and trust boundaries.
design/10-broker.mdspecifies broker auth, policy, request lifecycle, approval endpoints, and audit.design/20-toolyard.mdspecifies tool lifecycle, container conventions, and descriptor handling.design/21-tool-template.mdshows how to build a server-side tool.design/22-agent-skill-convention.mddescribes the matching thin client skill: broker caller config, stable CLI entry points, and direct broker action calls.design/30-approver-discord.mdspecifies the human approval surface.design/40-secrets.mdexplains per-tool secret resolution and writable secret updates.
user-guide.mdis the day-to-day operator and agent guide.deployment/README.mdis the deployment walkthrough.end-to-end-testing.mdvalidates broker, Toolyard, tools, and approval flow together.