Operator → Control

Power, without losing control.

Operator is allowed to act because you decided what it's allowed to do. Capabilities, approvals, audit, and routing live at the OS layer — Spaces can't quietly opt out.

← Back to OperatorFor enterprise
Operator permissions and autonomy controls
Screenshot needed

The Control panel for a Space — toggles for Observe / Local Execute / Execute & Commit, capability allowlist (files, network, tools, automation), per-action approval rules, and the current model routing rule. Audit log row visible at the bottom.

/shots/operator-control.png

Controls

What you actually decide.

Capability declarations

A Space's manifest lists what it wants — files, network, tools, automation. Nothing else is granted.

Per-action approvals

Risky actions can require a single click, a typed confirmation, or a second signer.

Audit trail

Every action the Operator takes is logged with who, what, where, and which model — exportable.

Model routing rules

Pin a model per Space, per task type, or by data sensitivity. Never let a non-compliant model see protected data.

Local-only mode

Air-gap the Space against any cloud provider. The Operator runs on local models with the same tools.

Org policies

Set defaults for the whole org from the staff console. Spaces inherit unless explicitly overridden.