Risk-Tiered Action Autonomy
Set an agent's permitted action class by the financial materiality of the action, letting it read and draft freely while requiring a different human principal to release material postings, payments, or filings.
Problem
Treating autonomy as a single switch forces a bad choice: granted wholesale, the agent can post journals, release payments, or file returns on its own, collapsing the segregation of duties that controls depend on; withheld wholesale, every trivial reconciliation waits on a human and the agent is not worth running. A single global approval step does not help either, because it makes a human rubber-stamp thousands of low-risk drafts while giving a high-value payment the same shallow glance. Worse, if the human approver is the same identity that launched the agent, the four-eyes control exists only on paper.
Solution
Define a small set of risk tiers over the action surface, keyed on materiality rather than on cost or model confidence: for example read and analyse freely, draft and stage with full logging, and hold-for-release for anything that moves money or alters the books above a threshold. Classify every proposed action into a tier before it executes, using deterministic rules — amount thresholds, account sensitivity, counterparty, jurisdiction — rather than the model's own judgement of its risk. Actions in the autonomous tiers run and are logged; actions in the release tier are written as drafts and placed on a queue that only a human can clear. Bind that release step to a different identity than the one that initiated the agent run, so the maker (agent plus its operator) and the checker (the approver) are structurally separate. Record initiator, approver, tier, and the rule that set the tier in an immutable trail so the control is auditable after the fact.
When to use
- The agent's actions span a wide range of financial materiality, from harmless reads to irreversible payments.
- Controls or regulation require that the approver of a material action differ from its initiator.
- A uniform approval gate would either bottleneck low-risk volume or rubber-stamp high-risk actions.
- Materiality can be decided by deterministic rules such as amount, account, counterparty, or jurisdiction.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.
Related
- Cost-Aware Action Delegation
- Autonomy Slider
- Progressive Delegation
- Approval Queue
- Human-in-the-Loop
- Session-Scoped Payment Authorization
- Policy-as-Code Gate
- Compensating Action
- Tenant-Scoped Tool Binding
- Canonical-Entity Grounding
- Mandatory Red-Flag Escalation
- Semantic-Layer Query Guardrail
- Reversibility-Aware Action Filter
- Determinism-Tiered Replay Gate