Autonomy Levels#
Autonomy levels control how independently a managed agent acts. Five levels range from passive monitoring to full autonomous operation. The level determines what the agent does on its own versus what it asks you about first.
The Five Levels#
| Level | Name | Behavior |
|---|---|---|
| 1 | Observer | Monitor and report only. Never takes action. |
| 2 | Advisor | Suggests actions and waits for your approval before executing. |
| 3 | Helper | Auto-approves low-risk actions (monitoring, documentation). Asks before changes. Default. |
| 4 | Partner | Auto-approves medium-risk changes (configuration updates). May create PRs for review instead of applying directly. |
| 5 | Autonomous | Full autonomy within policy scope. Executes high-impact changes. Alerts on major decisions only. |
How to Set the Level#
Through conversation#
Set your autonomy to level 2.
Be more autonomous — I trust you to make config changes.
Switch to observer mode. I only want reports, no actions.
Through direct configuration#
Autonomy level is also editable directly on the agent's configuration. Changes take effect immediately.
How Autonomy Relates to Security#
Autonomy levels and policy enforcement work together in a defense-in-depth model:
Autonomy levels are a behavioral control layer. They shape the agent's decision-making about when to act versus when to ask. They are enforced through LLM system prompt instructions.
Policies, sandbox isolation, and credential scope are the hard security boundary. They are enforced at the platform level. Even at level 5 (Autonomous), the agent is still bounded by:
- Network policy — can only reach approved domains
- Credential scope — can only use credentials bound to its policies
- Sandbox isolation — runs in an isolated environment
- Team/project access — can only access systems its team is granted
The key distinction: autonomy levels control what the agent decides to do. Policies control what the agent is able to do. An agent at level 5 with a read-only policy still can't make changes — it just won't ask permission to try.
Choosing the Right Level#
| Use case | Recommended level |
|---|---|
| New agent, still building trust | 1 (Observer) or 2 (Advisor) |
| Day-to-day monitoring and reporting | 3 (Helper) — the default |
| Mature agent managing configuration | 4 (Partner) |
| Well-established agent with tight policies | 5 (Autonomous) |
| Compliance or audit agent | 1 (Observer) — observe and document only |
Start at level 2 or 3. Increase as you build confidence in the agent's behavior and your policies are well-defined. The policies are the safety net — they limit what the agent can access regardless of autonomy level.
Verbosity#
Separate from autonomy, the verbosity setting (1–5) controls response detail level:
- 1 — minimal, just results
- 3 — balanced (default)
- 5 — detailed, includes reasoning and context
Set through conversation:
Be more concise in your reports.
Set verbosity to 1.
Related#
- Creating a managed agent — default settings and initial configuration
- Workspace files — Agent Guide controls hard behavioral boundaries
- Security model — how autonomy fits into the security model
- Policies — the hard security boundary