Home Missions & Approvals Guardrails: how AOS stays safe and on-track

Guardrails: how AOS stays safe and on-track

Last updated on May 30, 2026

Guardrails are how AOS lets an agent company move fast without letting it do something you would not want. The whole design assumes the team is capable and that a small number of decisions must always belong to you. This article explains the guardrails and how to tune them.

The five approval points

These are the only places work crosses your boundary, and each one waits for your explicit sign-off:

  • Money over your cap. Any spend, refund, or commitment above your limit (default 1,000 dollars per move, 10,000 dollars per week).
  • Public claims under your company name. Anything published, sent, or stated publicly that represents the business.
  • Customer data leaving the boundary. Integrations, exports, shares, and training opt-ins that move real customer data.
  • Production-touching changes. Deploys, infrastructure, billing, and security policy changes that affect live systems.
  • Audit-trail edits. Any change to the evidence record itself.

Everything that stays inside these lines runs autonomously. Everything that would cross one stops and asks.

The self-review loop

Before anything even reaches an approval point, it passes a four-step review: the builder self-checks against the acceptance bar, QA tests against that bar, a department reviewer reads it fresh, and security scans for boundary crossings. Risky or low-quality work gets caught and sent back before you ever see it. By the time something waits on you, it has already survived four passes.

Non-goals as a guardrail

Every mission carries three explicit non-goals. They keep the team inside the lane you set, stop scope creep, and keep token spend predictable. A guardrail is not only about danger. It is also about staying on the thing you actually asked for.

The evidence trail

Every artifact, draft, decision, and reviewer verdict is captured and is two clicks away. This is the guardrail that makes the others trustworthy: if you ever need to know why something happened, the record is there. Nothing important is a black box.

Tuning your guardrails

Guardrails are dials, not walls you can never move:

  • Lower your money caps early when you want more control, then raise them as trust builds.
  • Keep public-claims approval on if your brand voice matters, which for most founders it does.
  • Tighten non-goals on any mission that drifted last time.
  • Start token caps conservative and adjust once you know your real burn.

The point is calibration. Set the guardrails where you are comfortable, watch a few missions, and adjust. AOS is built to earn autonomy gradually so you are never surprised by what it did on its own.

What guardrails are not

They are not bureaucracy for its own sake. A good guardrail stops exactly the things that should stop and gets out of the way for everything else. If you find too much routing to you, that is a signal to raise a cap, not a flaw. You are in control of how tight the rails are.