Approvals & governance

Anytime an agent attempts a high-risk tool (sending external email, posting publicly, paying invoices, etc.) the run pauses and a row appears in /approvals. You'll also get a approval_required notification.

Per-agent autonomy rules live on the agent's detail page. Workspace defaults and tool risk classifications live in /governance.

Every tool call, every approval decision, every comment is recorded in /audit. Filter by agent, time range, or tool. Export to CSV from the same page.