Skip to content

Agents: approvals & human control

Agents are powerful, so humans stay in control of risky actions and spend.

Capabilities

Tool approvals

Risky mutations pause the run in a "waiting for approval" state and surface an approval card until a human approves or rejects.

Default auto-approved tools

A curated set of low-risk tools (reads, many VM and browser operations) is auto-approved by default. Higher-risk actions — merging a PR, deleting a task, running external tools that write — require approval.

User auto-approval rules

Users can create rules to auto-approve a specific tool for an agent within a room, avoiding repeated prompts for trusted actions.

Role prompt proposals

Agents can propose additions to their own role prompt in conversation; humans accept or reject. See Memory & learning.

Agent spend limits & blocking

Per-agent USD limits (and the org limit) block a thread when exceeded, entering a "blocked by limit" state. See Usage, limits & billing.

Last updated 2026-07-04