Autonomy & Trust
Eden starts supervised. It earns autonomy in public.
The approval system is trust infrastructure. It turns repeated human decisions into standing policies, veto windows, receipts, and undo where the action is reversible.
The dial
Choose how much Eden asks before it acts.
The dial changes how work is gated. It does not bypass credit ceilings, prompt-injection defense, or workspace scoping.
Copilot
New action classes ask for approval every time. Existing standing permissions still run inside their ceilings.
Autopilot with checkpoints
Reversible actions can run after a veto window. Irreversible or outbound moves still ask first.
Full Autopilot
Coming soon. The stop is visible, but disabled until undo coverage is ready.
Controls
Every autonomy feature has a way back.
Standing permissions
Approve a repeated action once, then let Eden run that class of work without blocking on the same question again.
Credit ceilings
A permission is not open-ended. Eden carries the ceiling with the policy and re-checks spend before execution.
Veto windows
Reversible actions can be scheduled to run unless someone vetoes before the countdown ends.
Receipts
Activity records show the persona, action, cost, evidence, and where to inspect the full log.
Undo where reversible
Publish undo appears in activity receipts, and the policy console has undo for revoked standing permissions.
Safety floor
Spend caps, prompt-injection defense, and tenant boundaries are enforced beneath every dial position.
Permission lifecycle
From approval card to standing policy.
A repeated action starts as a steering card. You can approve once, revise, veto, or grant a standing permission with a credit ceiling. The policy console shows what is allowed, where it came from, last use, usage count, and revoke.
See the Engine RoomStanding permission
Safety floor
The floor is not a setting. It is enforced underneath the dial.
Spend caps
Eden works against credit estimates, per-action ceilings, and weekly envelopes before work runs.
Prompt-injection defense
Untrusted tool outputs and external content are treated as evidence, not instructions. Injection-grade taint withholds risky proposals.
Tenant boundaries
Identity comes from the app session, API key, or OAuth grant. Agents cannot pass their own team or project identity fields to cross scopes.
Autonomy
Let Eden do more when the policy is clear
Declare an objective, approve the first repeated action class, and turn the next decision into a standing permission with a ceiling.
Full access for 7 days. Card required, cancel anytime.