Skip to main content

Guardrails & Safety

Guardrails define the boundaries of your agent’s autonomous behavior. Your Hubify workspace runs 24/7, accesses tools, communicates on your behalf, and executes workflows without your constant supervision. Guardrails ensure it does all of this within limits you control.

Draft-Only Mode

Draft-only mode is the most important safety mechanism in Hubify. When enabled for an integration, your agent creates drafts for all external communications but does not send them automatically. You review each draft, edit if needed, and approve before anything goes out.

How It Works

1

Agent creates a draft

When your agent needs to send an email, post on LinkedIn, or message a client, it writes the content and saves it as a draft in your workspace.
2

You get notified

A notification appears in your dashboard (and optionally via Telegram or Slack) that a draft is ready for review.
3

You review and edit

Open the draft, make any changes, and decide whether to approve, edit, or discard it.
4

Approved drafts are sent

Only after your explicit approval does the message leave your workspace.

Configuring Per-Integration

Draft-only mode is configured per integration in your HUB.yaml: 
integrations:
  - id: linkedin
    status: connected
    mode: draft-only    # Agent drafts, you approve before posting

  - id: twitter
    status: connected
    mode: draft-only    # Same for social media

  - id: gmail
    status: connected
    mode: draft-only    # Email always goes through review

  - id: telegram
    status: connected
    mode: auto          # Trusted channel — agent sends immediately

  - id: github
    status: connected
    mode: auto          # Code comments and PR reviews go directly

Default Behavior by Template

TemplateDraft-Only ChannelsAuto Channels
Founder OSLinkedIn, Twitter, GmailTelegram, GitHub
Client OSClient email, deliverablesInternal Slack
MyOSNone by default (user configures)All
Dev OSNone by defaultGitHub, Slack
When in doubt, start with draft-only mode enabled for all external-facing channels. You can switch specific integrations to auto mode once you trust the agent’s output quality for that channel.

Action Approval Workflows

Beyond draft-only mode for communications, Hubify supports approval gates for high-impact actions — operations where a mistake could be costly or irreversible. Examples of actions that benefit from approval gates:
ActionRisk LevelRecommended Mode
Sending an email to a clientMediumDraft-only
Posting on social mediaMediumDraft-only
Deploying code to productionHighManual approval
Modifying infrastructureHighManual approval
Processing a paymentHighManual approval
Deleting dataHighManual approval
Publishing a skill to the registryMediumDraft / review
Hubify includes a multi-layer safety system today: draft-only mode for communication channels, the 5-Gate Trust Gateway for skill installation (schema validation, provenance checks, content scanning, reputation checks, and E2B sandbox testing), scoped API tokens, and vault access control.
Fine-grained approval gates for specific action types (deploy, billing, infrastructure changes) are planned. For now, use AGENTS.md instructions to tell your agent which actions require your explicit sign-off.

Workaround: AGENTS.md Instructions

Until granular approval workflows ship, you can define action-level guardrails in your AGENTS.md: 
## Actions Requiring Approval
The following actions must NEVER be executed without explicit user approval:
- Deploying to production
- Modifying DNS or infrastructure
- Sending invoices or processing payments
- Deleting any repository, database, or persistent data
- Publishing anything under my name to a public platform

When any of these actions are needed:
1. Draft the action plan
2. Send me a summary via Telegram
3. Wait for my explicit "approved" before proceeding

Scope Limits

API Token Scopes

When connecting integrations, use the principle of least privilege. Grant your agent only the permissions it needs for its specific tasks.
IntegrationRecommended ScopesAvoid
GitHubrepo:read, pull_request:write, issues:writeadmin:org, delete_repo
Slackchat:write, channels:readadmin, users:write
Gmailgmail.compose, gmail.readonlygmail.settings.basic
Always use scoped API tokens rather than admin tokens. If your agent only needs to read repositories and create pull requests, do not give it organization admin access.

Vault Access Control

The Hubify vault stores encrypted credentials. You control which agents and which workspaces can access specific vault entries. 
vault:
  id: "vault_abc123"
  entries:
    - service: github
      granted_agents: ["agent_cloud", "agent_local"]
    - service: stripe
      granted_agents: ["agent_cloud"]   # Only cloud agent, not local
Each vault access is logged. You can review who accessed what and when from your dashboard.

Per-Agent Permissions

Different agents in your workspace can have different permission levels:
AgentRolePermissions
Cloud orchestratorOrchestratorFull access to all integrations and vault
Local coding agentBuilderGitHub only, no communication channels
Automation agentAutomationRead-only access, notification channels only

Safety Best Practices

Follow these guidelines to keep your workspace secure while maximizing your agent’s autonomy.
1

Start with draft-only mode for all external communications

Enable draft-only for LinkedIn, Twitter, Gmail, and any channel where your agent speaks on your behalf. Switch to auto only after you’ve reviewed enough drafts to trust the output.
2

Use scoped API tokens

Never give your agent admin-level tokens. Create service-specific tokens with the minimum permissions needed. If a token is compromised, the blast radius is limited.
3

Enable 2FA on your Hubify account

Your workspace has access to your integrations, vault, and agent actions. Protect the account with two-factor authentication.
4

Review vault access logs regularly

Check which agents accessed which credentials and when. Unexpected access patterns may indicate misconfiguration or a compromised agent token.
5

Keep sensitive operations in manual-approval mode

Deployments, billing actions, infrastructure changes, and data deletion should always require your explicit sign-off. Define these in AGENTS.md until granular approval gates ship.
6

Set up alerts for agent actions

Configure Telegram or Slack notifications for high-impact agent actions. Even when an action is auto-approved, you want visibility into what your agent is doing.

Security Architecture

Hubify’s security model is built on multiple layers:
LayerProtection
Workspace isolationEach workspace runs on its own Fly.io machine with no shared filesystem
Vault encryptionAES-256 encryption for all credentials; Hubify never stores decryption keys
Scoped tokensAgents receive short-lived, scoped tokens — never raw credentials
5-Gate Trust GatewayAll skills pass through schema validation, provenance checks, content scanning, reputation checks, and E2B sandbox testing before installation
Audit loggingAll vault access and agent actions are logged
SSL/HTTPSAutomatic SSL via Let’s Encrypt on all *.hubify.com subdomains
For a deeper dive into workspace security and the Trust Gateway, see the Workspace Isolation and Trust Metrics documentation.

Next Steps

Customizing Templates

Edit personality, skills, model routing, and integrations

Hub Files & Structure

Understand every file in your workspace and how agents use them

Trust Metrics

How the 5-Gate Trust Gateway protects your workspace

Workspace Isolation

How workspaces are isolated from each other