SyntrumDocs

Guardrails & sensitive actions

The Safety page (titled AI Governance) is the workspace floor — the default policy every agent inherits unless it's pinned in its own Permissions tab. It's enforced server-side on every action, and its blocks can never be loosened downstream.

Open it from the sidebar under Permissions & Governance. The page opens with the promise it keeps: "these defaults apply to every agent unless pinned in its Permissions tab, and they're enforced server-side on every action. Block never loosens."

This is the base of the three-plane cascade: Workspace floor → Agent mode → Tool pin. Everything here is the floor. An agent can be made stricter than the floor, never looser. Changes hot-sync to running agents within a minute.

Global AI Independence (presets)#

At the top, three one-click presets set the whole policy bundle at once. Picking one writes the approval rules and sensitive-action policies below and changes how every agent behaves:

Preset Philosophy Highlights
Strict Ask before every external action Every outgoing message needs approval; CRM changes gated; payments blocked; deletions and user changes need approval
Balanced (default) Act on routine, ask on risk New contacts and new tools ask once then run; destructive ops and exports need approval; payments and reset links blocked
Autonomous Act unless genuinely dangerous Routine messages and CRM updates run automatically; new tools/contacts run without asking; password-reset links stay blocked — always

Fine-tune anything after choosing a preset and the level becomes Custom (shown as a badge) — you're no longer on a named preset, you're on your own tuned policy.

Even the Autonomous preset keeps a safety floor: security links stay blocked, and payments stay gated. The presets are curated so "maximum independence" never means "no brakes."

The four tabs#

Below the presets, four tabs expose the policy in detail.

1. Approval Rules#

Toggle "Require approval when:" — gated actions land in your Approvals feed and run automatically once approved.

Rule Asks before…
Messaging someone new Messaging a never-seen recipient — asked once, then remembered
Any external message Every outgoing message (strictest setting)
Changing CRM / customer data Creating or updating CRM records
First use of a new tool The first action on a newly connected tool — asked once per tool

2. Sensitive Actions#

This is the heart of the floor: six high-risk categories, each set to Allow, Require Approval, or Block. Allow lets it run, Require Approval gates it behind your review, and Block physically refuses the action.

Category Covers
Payments & financial actions Transfers, charges, refunds
Destructive operations Deleting records, channels, or files
Data export Bulk exports of workspace or customer data
User management Inviting, removing, or changing member roles
External messaging Outbound email, chat, and DMs
Security links Outgoing messages containing password-reset links

These six categories are exactly what an agent's supervision mode reads. Balanced applies them as-is; Autonomous acts on the "approval" ones without asking but still honors "block"; Strict gates every write regardless. See Supervision & modes.

3. Learning Behavior#

Control how your workforce improves over time:

Toggle Effect
Learn from my decisions Agents remember your approve/reject patterns
Learn tool skills automatically Agents teach themselves how to use connected tools
Remember chat guidance Substantive chat replies become durable memory
Adapt its own schedule Agents may change their timing — every change is approval-gated

See Memory & learning for how this feeds each agent's Knowledge.

4. Automatic Safeguards#

Circuit breakers that pause an agent when something looks wrong. An auto-pause stops the agent, drops a high-priority card in your Inbox, and pings you — the agent's Start button un-pauses it.

  • Pause after consecutive failures — set a threshold (2–20 failures) to stop a failure loop before it burns the queue.
  • Pause on unusual activity spike — set a ceiling (10–500 tasks/hour) as a circuit-breaker for runaway loops.
  • Alert when an agent stalls — notifies you when work stops moving.
  • Auto-merge duplicate work — collapses duplicate tasks before they run twice.

Two protections are always on and can't be toggled off: agents never react to their own messages, and audit logging is always enabled.

Who can change it#

Editing guardrails requires an Owner or Admin role. Everyone else sees the page View only with a note to ask an owner or admin. Because policy editing is itself a governance permission, Operators live inside these rules but can't rewrite them. See Team & roles.

Changes save instantly (a Saved flash confirms), apply to every agent within a minute, and are optimistic — if a save fails, the setting reverts to server truth. Another admin editing the floor, or an agent-pin cascade, updates this page live.

What happens to blocked and gated attempts#

Blocked and gated attempts don't vanish — they appear in the agent's activity with a human-readable reason, and gated ones become cards in your Approvals queue. Every decision is recorded with provenance in the Audit log.

What's next#