Module 6 — Permission, Approval & Safety

Permission, Approval & Safety

The harness's safety model. Who decides what the agent can do?

60
minutes
6
artifacts
Injection bypasses the MODEL but not the GATE. Decoupled permission — the gate checks the action, not the reason — is what catches an injected 'delete everything' regardless of why the model requested it.
Key Claims
Load-Bearing Claims

Decoupled permission — the gate checks the action, not the reason

Six defense layers (Modules 2, 4, 5, 6, 11) — defense in depth

Risk-tiered is the production default; when in doubt, escalate

After This Module
01
Map the permission design space (auto-approve, deny-default, risk-tiered, plan-mode, per-flag, HITL) and choose for a use case.
02
Design human-in-the-loop checkpoints that avoid alert fatigue, and budget the latency they cost.
03
State prompt injection as a permission bypass and apply the harness-level defenses.
04
Connect Module 6 to Modules 2 (capability permissions), 4 (write gating), 5 (scoping gates) — the unified safety model.
Artifacts