Human Oversight
Agents in Dominir are not autonomous. Every action they take that could affect real-world records passes through a policy layer that decides whether to proceed, pause for your approval, or block the action entirely. This is not optional — it is built into the Kernel and cannot be disabled by a prompt.
The three outcomes
When an agent takes an action, the Kernel evaluates it and produces one of three outcomes:
Proceed. The action is within the agent's authority and consistent with the policy. It executes immediately and the agent continues.
Pause for approval. The action touches data that requires a human decision before it can proceed. The agent stops, the Kernel surfaces an approval request to the relevant person, and the agent resumes only after you act on it. You can approve or reject. If you reject, the agent is informed and can adjust its approach.
Block. The action is outside what the agent is permitted to do. It does not execute. The agent receives an error and the run continues — the agent can try a different approach, but cannot retry the blocked action in the same form.
What always requires approval
The Kernel distinguishes between two categories of record types: operational (records the agent creates as part of doing its job — summaries, deliverables, workflow bookkeeping) and sensitive (records that represent real-world entities or financial positions).
Operational records are written without interruption — they are the expected output of an agent doing its work.
Sensitive records always pause for approval. Examples include:
- ▸Person records
- ▸Payment and banking records
- ▸Financial transactions
- ▸Settlements and liens
- ▸Case and matter records
- ▸User accounts
- ▸Incident and insurance claim records
The risk level of the approval request reflects the record type. Modifying a financial transaction is labeled as critical. Modifying a matter record is labeled as medium. The label is set by the Kernel, not by the agent.
Session-level approval
Once you approve a write to a particular record type, that approval applies for the rest of the session. You are not asked again for the same type in the same run. This prevents repetitive interruptions during batch operations while keeping the first write into sensitive territory human-verified.
Asking the user a question
A separate mechanism exists for agents that need a decision from you before they can proceed — not a write approval, but a genuine question: "Which client does this record belong to?" or "Should I send the demand letter now or wait for the final medical record?"
When an agent uses this capability, the Kernel pauses the run and surfaces a question card to you. Your answer is fed directly into the agent's context, and the run resumes. The agent cannot proceed past this point until you respond.
This is distinct from write approval: it is the agent delegating a decision to you, not the Kernel enforcing a policy.
What cannot be requested by agents
Agents cannot request their own approval. The policy layer is owned by the Kernel and evaluated automatically — an agent cannot instruct the system to grant it elevated permissions or bypass a review. Any attempt to do so is blocked.
Audit trail
Every approval request — whether you approved it, rejected it, or it was auto-approved — is written as a record in your workspace. The record contains what the agent was trying to do, the risk level assigned, and the outcome. This log is permanent and queryable. You can see exactly which agents wrote which records and whether those writes were reviewed.