[Security] Add pre-action authorization to Hand tool execution pipeline

[uchibeke]

Description

Hi team, OpenFang's Hands are impressive - autonomous agents running 24/7 with multi-phase pipelines. But right now, every external call (API, browser, file write) executes with whatever credentials are in the environment, with no per-Hand identity and no declarative scope enforcement. The guardrails field in HAND.toml is a great hook structurally, but it currently only supports human approval gates - not machine-enforceable policy. The Open Agent Protocol (OAP) defines a before_tool_call authorization standard (DOI: 10.5281/zenodo.18901596) that would let you embed a policy block in each Hand's TOML, checked at the Rust executor level before any tool fires.

For the Collector Hand (OSINT-grade) and Lead Hand (external API calls), this would give users a cryptographically verifiable record of what each agent was authorized to do -critical for the enterprise customers you're clearly targeting. Would you be open to a PR that adds an optional [guardrails.oap] stanza and wires it into the tool execution path?

Alternatives Considered

Prompt-level guardrails

We've experimented with prompt-level guardrails and these can be bypassed or ignored by the model. We also ran a CTF to test this with over 1,000 hackers trying to break the guardrails. LLM level and model level guardrails were bypassed by deterministic tool level ones were not

Additional Context

The same guardrail already works for OpenClaw, Claude code and others.