Skip to main content
The Trusted only check on an action or lookup input locks that input to verified values. With it on, the AI Agent runs the tool only when the mapped context variable arrived through a trusted path on this conversation. When the path can’t be trusted, the tool doesn’t run: the AI Agent either asks the customer for proof (for user_email) or hands off to a Human Agent. This lets your external system validate permissions against real identity: that a customer is refunding their own order, editing their own account, or reading their own data.

The model

For each input on an integration action or integration lookup, you pick how the value is filled:
  • Auto (default): the AI Agent fills the input from the conversation.
  • Static: a fixed value you set.
  • A context variable: the value of a declared variable, taken from this conversation.
When you map an input to a context variable, you can also enable Trusted only on that input. The check enforces that the value arrived through a verified path at runtime. Use Trusted only on every input that decides who the action runs for. Use Static for fixed configuration (API region, default priority). Leave inputs on Auto only when the customer is the legitimate source of the value (an order number for their own order, a free-form reason).

Trusted paths per channel

A value is trusted only when it arrived through a verified path. The path depends on the channel.
  • Chat widget: variables your backend signs as a JWT (passed in twConfig.signedVariables) are trusted. Unsigned values in twConfig.variables are not. See Chat identity verification.
  • Email: only the sender’s address is verified, and only after proof of receipt. Typewise confirms the sender received a prior response before treating their address as user_email.
Set up the trust path for every channel you use before turning on Trusted only on its actions and lookups. See How a value becomes verified in Context Variables for the steps.

Runtime behavior

When a Trusted only input can’t be satisfied, the outcome depends on which variable is missing. user_email triggers customer verification (email reply or a one-time code on chat). Any other variable hands off to a Human Agent. See the full table. The Trusted only check is not a substitute for permission checks in your integration. A “Refund order” tool must still confirm the user_email has access to the order_id. Typewise guarantees only that the value is trustworthy.

See also