Going to production
Sundae and Scout work on your laptop. Shipping them means two things the conductor and localhost were letting you skip: real mail and real security. This chapter is the pre-launch checklist.
Choose a mail transport
In development you used the Action Mailbox conductor and the in-app console — no mail server. In production, inbound mail arrives through an Action Mailbox ingress and replies go out over Action Mailer SMTP. There are two paths:
- An email provider (recommended, config-only) — point the ingress at the provider's inbound webhook and SMTP at its servers. No infrastructure to run, and the provider handles SPF/DKIM signing.
- Self-hosting an MTA — run the Postfix + OpenDKIM image Protege scaffolds with
rails g protege:postfix. More control, but you own deliverability (rDNS, port 25, reputation).
Either way, publish the DNS records for thescoop.com shown on its Domains page. The full walkthrough for both paths — config, DNS table, and verification — is in Mail transport.
The security checklist
Protege enforces a lot for you — routing, the recursion guard, reply identity, bounded loops — but a few things are yours to own before you expose an agent to the world. (The full model is in Security.)
Wrap the mount in authentication. This is the big one. The engine ships no auth, so an unwrapped
mount Protege::Engine => "/protege"exposes every persona, thread, and trace to anyone who finds the URL. Wrap it in your app's auth:ruby# config/routes.rb authenticate :user, ->(u) { u.admin? } do mount Protege::Engine => "/protege" endSet the inbound access ceiling. Decide the org-wide boundary with
config.inbound_access, and confirm the per-persona rules from chapter 5 are in place — Scout locked to*@thescoop.com, Sundae open to customers.Review each tool's blast radius. A tool is your app's full power in the agent's hands. Re-read your tools with an adversarial eye: does
ProcessRefundrefund any order, or only one that warrants it? Treat customer email as untrusted input and enforce authorization in the tool, not in the prompt.Confirm attachment limits (
config.attachment_policy) fit what you actually want to accept.
You shipped The Scoop
That's the whole arc. Starting from rails new, you:
- mounted the engine and registered
thescoop.com; - hired Sundae (a
CustomerServicePersonarecord) and gave her tools to look up orders, issue refunds, check stock, and handle photos; - gave her the right context and memory with resolvers;
- hired Scout (an
OperationsPersonarecord), scoped her tools and senders, and put her on a schedule; - learned to watch both agents through the introspection panel and tracing.
Where to go from here:
- Extensions — the authoring reference for tools, providers, resolvers, and hooks.
- Reference — every config option, model, and generator.
- Architecture — how the gateway, harness, and scheduler fit together under the hood.

