Axis Bridge Solutions
← All capabilities
Implemented Maturity: advanced

Human-in-the-Loop & AI Governance

Approval gates, fail-closed permission engines, and privacy tiers that keep humans in command of agent actions.

Executive summary

Agents earn autonomy one permission at a time. Axis Bridge systems put a human decision in front of anything consequential — with approval queues that pause the agent at zero token cost, policies that fail closed when unconfigured, and privacy enforcement at the server, never at the model's discretion.

What this capability means

The question that decides whether an organization can actually deploy agents is not “how smart is the model” — it is “what happens when the model wants to do something it shouldn’t.” Axis Bridge treats that as a systems-engineering problem, not a prompting problem: permissions live in version-controlled policy, approvals are a first-class queue with an audit trail, and the default answer everywhere is no until a human or an explicit rule says yes.

The same philosophy runs from infrastructure (agent workstations that cannot type a password without a pend) to product (a messaging assistant that never sends a word without sign-off).

Maturity ladder

  1. 01

    Basic — Review before send

    ● demonstrated

    AI drafts, a human approves, edits, or skips before anything leaves the system.

    Inbound message AI draft Human approve / edit / skip Send
  2. 02

    Intermediate — Policy-gated actions

    ● demonstrated

    Every agent action is classified allow / ask / deny against version-controlled policy; asks pend in a queue until a human decides.

    Agent action Permission engine Ask → approval queue Human decision Execute
  3. 03

    Advanced — Fail-closed governance

    ● demonstrated

    No evaluable policy means every action denies. Unanswered approvals expire to deny. Privacy tiers are enforced at a guarded doorway so restricted content never reaches the model at all.

    Request Tier check at doorway Policy match Audit row Allow / deny

Evidence

  • Live communications loop — WhatsApp messages intercepted, AI-drafted, and approved via Telegram (Send / Edit / Skip / On-Behalf / Redraft) before any reply is sent. me-inc-os-api + me-inc-os-wa-personal (in daily use)
  • Permission engine classifying every computer-use and shell action from git-tracked policy, hot-reloaded, deny-by-default for credential fields — and fail-closed when no policy evaluates. core-workstation v0.19 / docs/PERMISSION_POLICY.md
  • Approval queue that pauses the agent at zero token cost; Telegram push and dashboard approvals race, first decision wins; unanswered asks remind then hard-deny at 30 minutes. core-workstation v0.20 approval queue
  • Privacy tiers enforced at the knowledge doorway — content above a client's tier never leaves the database, so a cloud model never gets the chance to "be good." me-inc-os-knowledge / PLAN.md §5
  • Multi-tenant group resolution that fails closed — a message from an unrecognized group maps to no client and gets no data. whatsapp-concierge / ARCHITECTURE.md
  • Human review queues for conflicts the system cannot safely decide. me-inc-os-knowledge review_items; project-manager review queue