Approvals & audit log
This is the safety model in one sentence:
Gray drafts freely. Gray asks before it sends, spends, deletes, or changes anything that touches the real world.
How approvals work
Section titled “How approvals work”When Gray wants to do something consequential, a decision card shows up in the Talk feed:
- What it wants to do
- Why it wants to do it
- The exact payload (the email, the SQL, the API call)
- Approve or Cancel
Approve runs it. Cancel doesn’t. Gray waits.
The hard guardrail
Section titled “The hard guardrail”There are some things Gray’s brain is blocked from doing at the code level — not by prompt policy, by an enforced check:
- Reading
.env, SSH keys,.pemfiles, or anything containing an API key string. - Running
rm -rf,mkfs,dd if=,shutdown,reboot. - Modifying
/etc/ssh,authorized_keys,sudoers, UFW, Tailscale,passwd,shadow.
These don’t even reach the approval card — the brain can’t try.
The audit log
Section titled “The audit log”Every action Gray takes — and every approval you gave or denied — is logged to your History. Search it, export it, share it.
On self-host, the audit log is yours. On hosted, it’s in your per-user volume.
Standing rules (paid tiers)
Section titled “Standing rules (paid tiers)”You can configure rules in Settings → Approvals:
- “Always approve replies to my own address.”
- “Always ask before posting on X.”
- “Never act on Slack messages from outside my workspace.”
The default is conservative: ask for everything consequential.
What you can’t disable
Section titled “What you can’t disable”You cannot turn off approvals for irreversible actions (deletes, money movement, public posts). That’s a product invariant, not a setting.