Autonomy & Agent Safety
Autonomous does not mean uncontrolled.
SupraOS can find work and run approved execution because autonomy is bounded. It relies on Charters, source scopes, permissions, policies, approvals, evidence requirements, and Receipts — not prompt permission.
Autonomous Charters
A Charter is an approved business mandate. It defines:
- Objective
- Human accountable owner
- Approved sources
- Allowed autonomy mode
- Permitted actions
- Actions requiring approval
- Prohibited actions
- Evidence requirements
- Receipt requirements
- Value Ledger metrics
- Escalation rules
SupraOS-managed agents
SupraOS-managed agents are assigned to Work Objects inside approved Charters. They are not loose chatbots. Each agent receives a narrow mandate, approved source scope, permission boundary, approval rules, evidence requirements, Receipt obligations, and human escalation path.
- Research Agent
- Data Agent
- Ops Agent
- Revenue Agent
- Finance Agent
- Evidence Agent
- Comms Agent
- Integration Agent
Autonomy modes
| Mode | Description | Typical use |
|---|---|---|
| Observe | Read-only discovery and source mapping. | Company Scan, source coverage, blind spot detection. |
| Propose | Generate briefs, Charters, Work Objects, and recommended interventions. | AI Operating Review, Charter proposals. |
| Coordinate | Create tasks, route approvals, draft communications, gather evidence, follow up. | Renewal risk, incident follow-up, vendor remediation. |
| Execute | Perform approved system actions through managed agents and integrations. | CRM status updates, ticket updates, evidence attachment, approved notifications. |
| Optimize | Recommend changes to playbooks, workflows, ownership, or operating cadence. | Continuous improvement and post-action learning. |
High-risk actions require humans
- Customer-facing communications
- Contractual commitments
- Pricing or discount changes
- Production-impacting changes
- Financial approvals
- Access or permission changes
- Regulatory or legal submissions
- Deletion or irreversible actions
Unsafe-action prevention
- Policy checks before action
- Simulation or preview before commit
- Approval gates
- Least-privilege source access
- Clear human owner
- Evidence requirements
- Action class risk scoring
- Deny-by-default for out-of-scope work
- Receipt verification after execution
Need deeper diligence?
Qualified evaluators can request security review materials or start with a read-only Company Scan.