Waveguide

Approvals & policies

The approval system is the heart of Waveguide’s safety model: anything irreversible or financial requires you, by construction. This page explains the tiers, the flow, and how to tune how often you’re asked.

Risk tiers

Every action your agent takes is classified before it executes:

TierMeaningExamplesGate
T0Read-onlyread campaign stats, read calendarnone — free
T1Low-risk internal writesupdate the lead ledger, save a draftlogged, no approval
T2External side effectssend an email, change a budget, publish a postapproval or standing policy
T3Irreversible / financialpayments, deletions, large commitmentsalways requires a human

The tier gate is enforced in the egress proxy — outside the model, outside the prompt. A T2/T3 request without a valid approval token is refused at the door.

The approval flow

  1. The agent proposes an action and the session parks (compute suspends — you’re not billed for waiting).
  2. An approval card goes to your channels — Slack buttons, Telegram buttons, an email with a review link — and appears in Dashboard → Approvals. Approval emails are on by default so a request can never silently rot because you didn’t set up Slack.
  3. You approve, deny, or ignore it. Ignored requests expire in 15 minutes: the agent skips the action, notes it in the brief, and carries on. Expiry is safe by design — nothing is left half-done.
  4. On approval, the session resumes with a single-use token scoped to exactly that action. The agent can’t reuse it, stockpile it, or apply it to anything else.

Cards show the risk tier, a plain-language summary, and a taint warning when the action was influenced by untrusted content (an email body, a scraped page, a webhook payload). Taint means: read twice before approving — someone else’s words are in the loop. See Security.

Standing policies

Approving the same thing every day is noise, and noise trains you to click “approve” blindly. Standing policies fix that: after approving something, choose “Always allow actions like this” to create a policy, e.g.:

  • auto-approve budget changes under $50/day,
  • auto-approve first-touch replies to new leads,
  • always deny posting outside business hours.

Policies apply to T2 only — T3 always requires a human, no exceptions, no policy can override it. Policies can have expiry dates, and every policy creation is itself an audit-logged event. Manage them from the Approvals page.

Strictness presets

The setup wizard (and Settings) offers three presets, which are just bundles of standing policies:

  • Conservative — everything T2+ asks first. Best for the first week.
  • Balanced (default) — routine low-stakes T2 actions (small budget nudges, templated first-touch replies) run alone; everything else asks.
  • Trusting — most T2 runs alone within your caps; T3 still always asks.

You can start Conservative and loosen as trust builds — most customers do.

The interrupt budget

The agent has a daily interrupt budget (8 by default): the maximum number of times per day it will ping you. Beyond that, non-urgent questions accumulate into the next brief instead of interrupting you. Urgent approvals always come through.