Keeping AI agents safe: how the approval flow works
Autonomous agents that can run commands are only useful if you never lose control. Here’s how Rysh keeps the human in charge.
The moment an AI can run bash, edit files, or push git, “oops” gets expensive. Rysh’s design assumption is simple: the model proposes, a human disposes.
Approve, always, or reject with a reason
Every tool call that touches your system pauses for a decision. You can approve it once, approve always for that tool (so routine reads stop nagging you), or reject with a reason — and the agent has to respect that reason on its next attempt. Nothing runs unattended unless you say so.
Stopping runaways
Agents can get stuck repeating themselves. Rysh has loop detection and a last-prompt-wins rule so a misbehaving agent can’t spin forever or trample a newer instruction. Approval panes surface pending decisions clearly instead of burying them in scrollback.
Secrets stay secret
When you share a pane with a teammate, the output passes through a secret-redaction layer first — so tokens and keys don’t leak into someone else’s view. Combined with per-workspace isolation and a self-hostable backend, that’s what makes agentic AI usable in security-conscious and regulated settings.
Related: Tool approval flow · Regulated workflows