Policy in plain English
Policy your team can read, enforced on every task.
Force-push a rewritten history to main on billing-api.
- write
github.write
branch: main (force)
The problem with all-or-nothing approval
Most agent controls offer two settings: approve everything, or approve nothing. The first is how teams end up running with permissions skipped entirely; the second buries reviewers under prompts until they rubber-stamp. Neither encodes the judgment you actually want: that a junior agent reading a repo is fine, but the same agent force-pushing to main should stop and ask. Without expressible policy, that judgment lives only in people's heads.
How governance works
Readable rules
Policies read like sentences (who, which tools, under what conditions) so they can be reviewed and reasoned about, not just executed.
Role & attribute aware
RBAC and ABAC decide outcomes by who is asking and the properties of the task, not a single global switch.
Auto-approve or hold
Low-risk, in-policy tasks flow through instantly; anything outside the rules pauses for a named human to decide.
Versioned & auditable
Policy changes are tracked, so you can see what the rules were the day any task ran.
The right tasks move fast, and only the risky ones reach a person.
It's one of six power-ups you get from approving the task instead of the tools.
Governance
Write RBAC/ABAC rules as readable policy. The same task can be auto-approved for one role and held for review for another.
Let your agents fly. Safely.
Free to start for solo developers. Sign up and put a gateway in front of your agents in minutes. No credit card required.