Skip to content

Security & Human-in-the-Loop (HITL)

Security is a core design principle of DomOS. Because AI agents dynamically execute tools that manipulate client interfaces or database states, DomOS enforces a strict sandboxed safety model called Human-in-the-Loop (HITL).


1. What is Human-in-the-Loop?

HITL guarantees that an AI agent cannot execute critical actions (such as placing an order, deleting user data, or transferring funds) without explicit authorization from the human user.


2. Tool Risk Levels

When declaring tools using useAgentTool (frontend) or server.tool (backend), you assign a Risk Level representing the potential impact of the action:

Risk LevelImpactUser ExperienceUse Cases
noneRead-only / PassiveInvisible execution. No user prompt.Checking product lists, reading weather, looking up tracking IDs.
lowMinor UI changeLightweight toast/badge notification.Adding items to shopping carts, opening/closing panels.
mediumNon-destructive updateAuto-closing confirm banner, easy to revert.Filling text fields, applying discount coupons.
highDestructive or FinancialModal pop-up blocking action. Requires explicit click.Redirecting to checkout, removing profile accounts.
criticalSevere / FinancialModal pop-up requiring multi-factor or secondary approval.Confirming transactions, executing payments.

Code Example: Specifying Tool Risks

typescript
import { useAgentTool } from '@domos/react';
import { z } from 'zod';

useAgentTool({
  name: 'wipe_entire_cart',
  description: 'Remove all products from the current cart',
  schema: z.object({}),
  risk: 'high' // Will block execution until the user clicks confirm
}, async () => {
  cart.clear();
  return { success: true };
});

3. Session Authentication & Security Tokens

API Key Restrictions

To protect your WebSocket servers from abuse, DomOSServer implements strict API Key validation checks:

  • Public Keys (pk_...): Loaded in browser client applications. These are rate-limited and restricted to only calling client-side declared tools.
  • Secret Keys (sk_...): Kept strictly in backend configurations. These permit server-to-server operations and full server-side tool execution.

LineTokens (Authentication Tokens)

When sessions bridge audio streams and tool executions, DomOS compiles a lightweight authorization token called a LineToken.

  • The client app exchanges credentials (public key + session attributes) for a LineToken via a secure API handshake.
  • Every WebSocket frame and WebRTC DataChannel packet includes this token in the header.
  • If the token expires or is hijacked, the server immediately severs the active connection and suspends session tools context.

Released under the MIT License.