AI agents & governance
Autonomous agents
Run AI agents as teammates — what they can do, the propose/approve broker, and the guardrails that keep them inside your tenant.
What you'll learn
- Run an agent on multi-step work under a bounded capability (allowed-tools) model.
- Route destructive actions through the propose/approve broker.
- Rely on tenant clamping that keeps agents behind the row-level security fence.
Agents as teammates
6 min — Agents take on multi-step work under a capability model.
An agent can carry out multi-step work — drafting issues, organizing a backlog, kicking off a routine. Each agent runs with a bounded set of capabilities (its allowed tools), and every action is attributed to the agent in the same audit trail as a human.
Propose/approve governance
7 min — Destructive actions require explicit human approval.
Destructive operations (delete, bulk archive, bulk update) never run silently. They route through a propose/approve broker: the agent proposes, a human approves, and the decision is recorded. A session without destructive capability gets a structured 'approval required' result rather than a quiet failure or an unsanctioned change.
Agents are also clamped to your tenant boundary — they can't reach across the row-level security fence into another workspace's data.