RAVEN. / runtimeRAVEN. / runtimeRaven is a read-only preflight tool. Machine-readable: /agent-runtime-policy.json.
No wallet signer access. No private keys. Raven never submits transactions, never routes trades, never chooses allocation. After this year's agent wallet-drain incidents (runbook), this matters: a tool that cannot touch your wallet cannot drain it.
Run Raven BEFORE any wallet-capable, swap-capable, listing-capable, or routing-capable tool. Recommended sandbox: network egress limited to the verifier endpoint (or local MCP); no wallet handles in the Raven tool's scope; receipt storage as the only write path. Verify the receipt signature against /pubkey before using any verdict; store the exact receipt; apply decision policy; re-verify before material delayed actions.
rpcUrl and issuerIdentity are rejected. Never send private keys or seed phrases — Raven neither needs nor logs them. No secrets in browser code or logs, enforced by tests.