Risk levels & approvals

Every action a task can take has a risk level: low, medium, or high. The risk level is a fixed property of the action type — set when the tool is registered — not something the agent decides at runtime. This means the same action always follows the same governance path, regardless of context.

The three levels

Low — read-only or low-consequence actions. The agent executes these without interruption and logs them in the audit record.

Medium — actions with moderate consequence. These also run without a pause but are logged with additional detail and may require your role to permit them.

High — actions that are irreversible, sensitive, or have significant external effect. A high-risk step pauses the task before it happens. The agent submits a proposed action to the approvals queue and waits.

Caution

A high-risk action does not happen until a human approver explicitly approves it. Rejecting it stops that action permanently — the task will not retry it. No high-risk action is ever taken automatically.

What happens when a task pauses

When the agent reaches a high-risk step:

1. The task status changes to Waiting for approval.
2. An approval request is created describing what the agent proposes to do and why.
3. The relevant approver is notified — see Notifications.
4. The task waits. Nothing happens until the approver decides.

If the approver approves, the task resumes and the action proceeds.
If the approver rejects, the action is cancelled. The task records the rejection and stops at that point.

See Approvals for the full approver workflow.

Risk is on the tool, not the task

The risk level belongs to each tool or action type, not to the task or the goal you wrote. You don’t need to classify anything yourself. The platform enforces the correct governance path for every action the agent takes.

Screenshot

An approval request showing the proposed action and its risk level — added in a later docs update.