Autonomy policies and tool-call approvals

Autonomy policy decides which actions Sidekick can take on its own and which require human approval. Trust levels (Supervised, Balanced, Autonomous, Custom) are presets over a tool-call gate, a budget gate, and an approval-required tool list. Risky writes always route to the Approvals inbox before Sidekick proceeds.

What policy controls#

Every Sidekick action is checked against three gates before it runs:

  1. Tool-call gate — is this tool allowed at all in this workspace?
  2. Approval-required list — does this specific tool need a human OK?
  3. Budget gate — would this action exceed the workspace cost or token cap?

If all three pass, Sidekick runs the action. If any fail, Sidekick either pauses for approval or refuses, depending on the policy.

Trust levels#

Trust levels are presets that wire the three gates for common operating shapes:

LevelTool-call gateApproval-required toolsBest for
SupervisedRead-only by defaultAlmost everythingNew workspaces, sensitive data
BalancedReads + low-risk writesDestructive writes, external sendsMost teams
AutonomousMost tools allowedProduction deploys, financial actionsTrusted internal use cases
CustomYou defineYou defineWhen presets don't fit

Choose a level in Sidekick → Settings → Trust level. You can switch any time; the new policy takes effect on the next action.

What's always approval-gated#

Regardless of trust level, the following always require human approval:

  • Production deploys
  • Sending external email or messages outside connected channels
  • Any action a Custom Policy marks as risky
  • Any tool the model is told to run that's not on the workspace tool-call allowlist

Sidekick can never raise its own autonomy — it can only ever ask for tighter checks, not looser ones.

Tool-call approval flow#

When an action needs approval:

  1. Sidekick pauses and surfaces an entry in the Approvals inbox
  2. The entry shows the tool, the inputs, and the policy basis
  3. An owner or admin approves or rejects
  4. Sidekick resumes (or aborts) based on the decision
  5. The full approval trail lands in the Evidence Vault

Budget-driven approvals#

Budget gates trip when an action would push the workspace over its cost or token cap (configured in Settings → Spending limits). The approver sees the projected spend and can approve, reject, or raise the limit.

info See Approvals governance for the approver-side workflow and Approval workflows for cross-team routing.