Policy outcomes
Every action resolves into one of three outcomes:Allow
Action is in scope and policy-safe.
Block
Action violates hard constraints.
Escalate
Action requires explicit operator approval.
Policy design guidelines
- Use clear ownership boundaries per agent and environment.
- Separate read-safe operations from state-changing operations.
- Require approval for cross-environment writes and privileged tool calls.
- Prefer explicit exceptions over broad allowlists.
Approval workflow basics
For escalated actions, reviewers should see:- Requesting agent identity and owner.
- Requested tool action and inferred intent.
- Relevant policy clauses and risk rationale.
- Proposed blast radius and downstream impact.
Good approvals are evidence-first: reviewers should never approve without clear scope comparison and policy context.