Definition
Agent proposal
An agent proposal is a consequential action an AI agent wants to take, packaged as a described, reviewable intent that waits for approval before it executes — rather than running on the model's own decision. It is the concrete unit of propose/approve governance: a record of exactly what the agent intends, surfaced to a human or policy that grants or denies it.
Key takeaways
- An agent proposal is a consequential action packaged as a reviewable intent that waits for approval before executing.
- It is the concrete unit of propose/approve — a record of exactly what the agent intends and to which records.
- It does double duty: a checkpoint during the run and audit evidence of what was tried and sanctioned after.
- Planoda enforces proposals via the broker and writes each proposal and approval to the audit trail.
When an agent reaches a destructive step — delete these issues, archive this project, send this message — propose/approve doesn't let it act directly. Instead the action becomes a proposal: a structured description of what would happen, to which records, with what effect, held in a pending state. A human reviews and approves or rejects, or a policy auto-approves it within set bounds. Either way the agent's intent is made explicit and reviewable before anything changes.
Modeling intent as a proposal does double duty. During the run it's the checkpoint that contains irreversible actions; afterward it's the evidence — the proposal and its resolution become an audit record of what the agent tried and what was sanctioned. The agent never gets to act and explain later; it has to declare first, which is exactly what makes governed autonomy trustworthy.
In Planoda an agent's destructive tool calls become proposals enforced by the broker, and every proposal and its approval — including auto-approved ones — is written to the audit trail as an `agent.proposal.*` row, so intent and decision are both preserved.
Related terms
- Propose / Approve (AI Governance)Propose/approve is a governance pattern for autonomous software: instead of executing a consequential action directly, an AI agent emits it as a proposal that a human or policy must approve before it runs. It keeps fast, read-only work autonomous while gating destructive or irreversible operations — the practical way to give agents real power without surrendering control.
- Agent broker (propose/approve broker)An agent broker is the runtime component that sits between an AI agent and the actions it wants to take, deciding per call whether to execute inline, require human approval, or refuse. It is where propose/approve governance is actually enforced — the gate is code in the request path, not a guideline in a prompt — so an agent literally cannot run a destructive tool without passing through it.
- Destructive action gatingDestructive action gating is the practice of classifying agent actions by reversibility and requiring explicit approval for the irreversible ones — delete, bulk-archive, bulk-update, external sends — while letting safe, read-mostly actions run freely. It is the operational core of agent governance: the boundary is drawn around the action, so no amount of clever prompting lets an agent quietly do something it can't undo.
- Agent audit logAn agent audit log is an immutable, append-only record of everything an AI agent did and proposed — each action, who or what approved it, when, and against which records — written to the same trail as human actions. It turns 'the agent did something' into an accountable, replayable history, and is what makes governed autonomy verifiable rather than merely promised.
- Human in the LoopHuman in the loop (HITL) is a design pattern where a person reviews, approves, or corrects an automated or AI system's actions before or while they take effect. Instead of fully autonomous operation, the system pauses at consequential points for human judgment. It balances the speed of automation with the accountability and oversight of human control.