Roles & Permissions
Onoots distinguishes between human actors (brokerage members and buyers), the AI swarm (autonomous non-human actors), and the technical roles that govern data access. Every sensitive action β closing a commission, approving compliance, switching an AI agent on β is gated by a specific authority.
Actor hierarchy
βββββββββββββββββββββββββββββββ
β ACCOUNT / BUSINESS (owner) β β creates the brokerage
β creates the brokerage + β and the first broker
β first broker β
ββββββββββββββββ¬βββββββββββββββ
β
ββββββββββββββββββββββΌβββββββββββββββββββββ
β BROKERAGE β
β βββββββββββββββββββββββββββββββββββββββββββ£
β BROKER (principal Β· top authority) β
β β approves deals/equity/compliance β
β β AI kill-switch Β· settings Β· $ β
β βΌ β
β TEAM LEAD (agent + supervises/recruits)β
β β earns sponsor_share on recruits β
β βΌ β
β AGENT (lists Β· qualifies Β· closes) β
βββββββββββββββββββββ€βββββββββββββββββββββββ
β serves
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DEMAND (buyers) β
β β’ Lead β anonymous prospect (no account) β
β β’ Client β authenticated buyer (in chat) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββ AI SWARM βββββββββββββββββββββββββββ
β Marketer Β· Qualifier Β· Scheduler Β· Nurture Β· Concierge Β· β¦ β
β everything passes β π‘οΈ COMPLIANCE GUARDIAN (hard gate) β
β allow / prepare / escalate / block β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββBrokerage human roles
Every brokerage member holds exactly one of three roles:
| Role | Description |
|---|---|
| Broker | Brokerage principal/owner. Top authority: finalizes commissions, approves compliance and equity, manages billing, settings, and the AI swarm kill-switch. Sees the whole brokerage. |
| Team Lead | An agent who also supervises other agents. Inherits agent permissions and can sponsor recruits, earning sponsor_share on their deals. |
| Agent | Individual sales agent. Creates listings, qualifies leads, manages their own deals, and drives them to close. |
The founder who creates the brokerage during onboarding is materialized as the first Broker β it is not a separate role.
The demand side: buyers
| Actor | How theyβre represented |
|---|---|
| Dreamer | The lightest actor of all: an anonymous visitor who couldnβt find their property and leaves one message describing their dream home + an email, no account. Dreams go to a global platform registry. When a new listing matches, the Nurture agent emails them. |
| Lead | Prospect with no account. Arrives via a listing form, a referral link, the AI chat, or manual entry. Moves through states: auto-assigned β pool β broker-assigned β closed. |
| Client | Authenticated buyer who joins a lead or deal chat. Can message their agent and keep exploring properties without being part of the brokerage. |
Onoots Dreams turns latent demand into opportunity: the dreamer describes what they want, and when supply appears the swarm matches it (AI scoring, gated by the Compliance Guardian) and emails them β with an unsubscribe link. The brokerage that published the listing pays for that reach (itβs their property).
The AI swarm (non-human actors)
AI agents act autonomously on business events (a published listing, a new leadβ¦), but no action runs without passing the Compliance Guardian.
| AI agent | Function |
|---|---|
| Marketer | Generates listing content and posts to social media. |
| Qualifier | Buyer concierge in the chat: replies and qualifies intent. |
| Compliance Guardian | Hard gate. Evaluates every swarm action and decides: allow, prepare, escalate (request human approval), or block. |
| Scheduler Β· Nurture Β· Concierge Β· Onboarder Β· Orchestrator | Showing scheduling, follow-up, post-offer, pre-listing, and coordination (evolving per roadmap). |
The Broker controls the swarm: toggles each agent on/off (kill-switch) and sets the Autonomy Policy (how much the AI may do without human intervention).
Permissions matrix
Legend: β allowed Β· π own only Β· π read-only Β· β denied
| Action | Visitor | Lead/Client | Agent | Team Lead | Broker |
|---|---|---|---|---|---|
| View public listings | β | β | β | β | β |
| Leave a dream (Dreams) | β | β | β | β | β |
| Submit lead / request showing | β | β | β | β | β |
| Chat with the Qualifier | β | β | β | β | β |
| Create/view own listings | β | β | π | π | β |
| View own assigned leads | β | β | π | π | β |
| View the lead pool | β | β | β | β | β |
| Move a dealβs stage | β | β | π | π | β |
| Finalize commission (money close) | β | β | β | β | β |
| Compliance queue / PDF | β | β | β | β | β |
| Finance / exports / audit-trail | β | β | β | β οΈ exports | β |
| Checklist templates (CRUD) | β | β | π | π | β |
| Recruit / view recruits | β | β | π | β | β |
| AI kill-switch / Autonomy Policy | β | β | β | β | β |
| Billing & credits | β | β | β | β | β |
Relationship roles
Beyond the primary role, actors connect to one another:
- Recruitment: a sponsor (Team Lead or Broker) recruits an agent and earns
sponsor_shareon their deals. - Referrals:
agentβagent,recruitment, orclient_link(a public link for a client to refer someone they know). - Conversations: each participant has an
owner,participant, orobserverrole (the Broker typically joins as a read-only observer). - Signatures: each document defines signers (
buyer,seller,agent, and custom roles per checklist).
Technical roles (data access)
Under the hood, Onoots enforces row-level security (RLS) over three roles:
| Technical role | Who it is | Access |
|---|---|---|
| anon | Public visitor | View listings, submit leads, request showings (rate-limited). |
| authenticated | Logged-in user (broker/agent/client) | Brokerage-scoped access via is_agent_of / is_broker_of. |
| service_role | System (cron Β· worker Β· swarm) | Internal operations; never exposed to the client. |
Money and compliance actions have a double barrier: validation at the API layer and in the database (e.g. finalizing a commission requires being a Broker of that brokerage in both the route and the SQL function).