$ head -n 1
A note on the runtime boundary in LLM Trader: committee agents can generate proposals, but the risk gateway owns policy, quote freshness, audit records, and signing.
$ grep -i "boundary"
The central rule is simple: LLMs do not sign. They do not hold wallet secrets, build raw transaction payloads, or bypass policy. They produce structured opinions and an orchestrated proposal.
The risk gateway is the authority. It validates committee shape, checks policy, refreshes market data at submit time, records an audit trail, and is the only live signing path.
$ grep -i "lanes"
Lane separation keeps authority explicit. Live trading, shadow evaluation, research/mutation, and promotion/rollback have different permissions and failure costs. The live lane has financial exposure; shadow and research lanes do not.
Promotion should be slow and deterministic. Rollback should be fast. That asymmetry keeps experimental lanes from inheriting live-trading authority by accident.
$ grep -i "design principle"
The design principle is to use language models for interpretation and proposal generation, then use deterministic code for authority. The more consequential the action, the more explicit and testable the final gate should be.