Docs

Category 09 of 12

Trust, Governance & Security

Production controls for autonomous agents: budgets, human approvals, audit trails, prompt-injection defense, secret redaction, and the extension sandbox.

Pages in this category

Budgets & the Runaway Circuit Breaker

Workspace/day and agent/month spend ceilings, pre-spend assertion, and an AbortSignal-threaded circuit breaker that actually stops a run.

Budgets
Approvals: Human Gates & Revise

Human gates for overruns, outbound safety, and workflow decisions; a revise decision sends work back with feedback.

Approvals
Audit: No Anonymous Spend

Action attribution with node-level token accounting from a single sink — no anonymous spend.

Audit
Autonomy Modes

Ask, Plan, and Auto, plus deployment + per-workspace autonomy toggles that decide how much a run can do unsupervised.

Autonomy
Observability: Live Reasoning, Token Pills & OpenTelemetry

Every run streams reasoning, a live activity tail back-fills a surface opened mid-run, and a realtime token pill shows spend as it accrues.

Observability
Experiments: Measuring Outcomes, Not Guessing

The Experiment primitive: define, assign, record, and read results — A/B-style assignment and outcome tracking, feeding the same trust + learning loop the Brain uses.

Experiments
Auth & Secrets

AES-256-GCM credential encryption, hashed API keys, and an auto-generated RS256 JWT keypair with workspace–user ownership re-checked on every request.

AuthSecrets
Prompt Injection Defense

Scanning untrusted ingested content for injection carriers, neutralizing invisible characters, and raising approval friction rather than pretending pattern-matching is complete.

Prompt injectionSecurity
Secret Redaction in Logs & Transcripts

Key-name and value-pattern redaction that masks vault values, API keys, and JWTs out of logs, transcripts, and the realtime event bus.

Secret redaction
The Extension Sandbox

node:vm by default, isolated-vm or opt-in Docker to harden it further — least-privilege permissions for agent-authored code.

Sandbox
Outbound & Network Safety

SSRF protection on every outbound call, secrets resolved from the vault at call time, and rate limiting plus security headers at the edge.

Network safety

Continue