Skip to content
Trakli Docs

What it can do

The agent’s abilities come from its tools. Each tool is a typed action with a permission level. This page describes the kinds of tools the agent has and what they let it do.

Query your data

Section titled “Query your data”

The agent can read your finances through a read-only query tool. This is how it answers questions like “how much did I spend on groceries last month” or “what is my biggest expense this week.”

Two rules make this safe:

  • Allowlist. Nothing is queryable unless it has been declared as readable. Models, and the columns within them, are opted in explicitly. Anything not on the list does not exist as far as the tool is concerned.
  • Owner-scoped. Every read is filtered to the acting user. The agent cannot read another person’s data, even if it tried to ask for it.

Create and categorise transactions

Section titled “Create and categorise transactions”

When writes are enabled, the agent can create and update records: add a transaction, set its category, attach it to a wallet. This is how “add a 12.50 coffee expense to my cash wallet” turns into a real entry.

The same guardrails apply:

  • Owner forced to you. On create, the owner is set to the acting user. The agent cannot create data owned by someone else.
  • Writable columns only. Only fields that have been marked writable can be set. Sensitive or computed fields are off limits, regardless of what the model asks to write.
  • Off by default. Writes are disabled unless the instance turns them on and a user is present. See Permissions and safety.

Answer questions and do the arithmetic

Section titled “Answer questions and do the arithmetic”

The agent can reason over what it reads and explain it back to you. For exact numbers it has a calculator tool, so totals and rates do not depend on the model doing mental math. It also has a clock tool for the current date and relative anchors like “last month,” so date-based questions resolve correctly.

External tools (optional)

Section titled “External tools (optional)”

The package also defines external tools, such as fetching an allowlisted URL or searching the web through a pluggable driver. These are external-permission tools and are constrained the same way: an allowlist that denies everything by default. A Trakli instance enables them only if it has a reason to.

What it will not do

Section titled “What it will not do”
  • It will not read or change another user’s data.
  • It will not write anything if writes are disabled on the instance.
  • It will not touch fields or models that have not been opted in.
  • It will not act on a guess about who you are; it acts as the authenticated user, full stop.