Actions: agents can act on the world — through the gate
The write half of the runtime. A narrow, typed action (send an email, update a record) that an agent proposes and a human approves — the same permission model as everything else, now applied to mutation.
Vocion could read the world — six connectors on a durable pipeline. It
could reason and draft. What it couldn't do was act: the action step was a stub. This release makes
actions real (v1.39), and does it the careful way — every write runs through the permission model.
The write half of the runtime
An action is the mutation counterpart to a connector. It's a small
plugin that declares its typed input, the authz grant it needs, whether it's external, and
which source's vault credentials to run with — then does one write. The first one is gmail.send:
send an email, or (the safe default) create a draft for you to send, as the connected Gmail user.
Propose → gate → execute
Actions don't just fire. An actor proposes one:
- A human (or a token) holding the grant acts directly.
- An agent teammate is subject to the autonomy gate — an external action at low autonomy needs approval. It's persisted and surfaces in the team review queue, routed to the right person. On approval, the runtime resolves the credentials and runs it; rejection never executes.
So a teammate that drafts your follow-up doesn't send it — the send lands in your queue, and you approve. Discovery is free; mutation is earned. Same authz principal, same queue, same audit trail as everything else — mutation just got added to the model, not bolted onto the side.
Why it matters
This is the capability that turns a system that reports into one that does the work — with you still in the loop on anything that leaves the building. It's the load-bearing piece under real revenue work: drafted replies you approve, CRM fixes you sign off on, proposals that go out on your say-so. HubSpot writes and more actions ride the same rails next.