SSyncropel Docs

Trust-gated auto-approval

Let high-trust actors ship without blocking on human review; require review for low-trust ones. One AITL rule, one threshold, no per-task configuration.

Problem

You dogfood Syncropel for real work. High-trust agents (the ones with dozens of approved completions in a domain) should not wait for you to manually approve every small change — the review wastes your attention and the agents' momentum. But you still want the gate when trust is low. You don't want to maintain a per-actor approval list by hand.

Recipe

One AITL rule that auto-applies proposals from actors above a trust threshold, and surfaces everything else for human decision.

# Author the rule: auto-apply when the proposing actor has trust ≥ 0.80
# in the task's domain AND at least 10 observations (proves the score
# isn't noise from a handful of lucky hits).
spl config add-aitl-rule \
  --name "auto-apply-high-trust" \
  --action auto_apply \
  --priority 200 \
  --expression '
    trust(record.actor, record.body.domain) >= 0.80 &&
    trust_count(record.actor, record.body.domain) >= 10
  '

# Default rule: everything else goes to human review.
spl config add-aitl-rule \
  --name "present-for-review" \
  --action present \
  --priority 10 \
  --expression "true"

# Verify.
spl config list-aitl-rules

Priority 200 runs first. If the predicate holds, the proposal is auto-applied — the routing rule it suggests lands as a LEARN on th_engine_config immediately, and future records matching the proposed rule route automatically. Priority 10 runs last and catches everything else, surfacing it via spl aitl list for manual disposition.

Try it:

# Dispatch work. If the routing cascade hits intelligence and the
# proposing actor clears the threshold, the proposal auto-applies.
# Otherwise it appears here:
spl aitl list

# Decide manually if needed:
spl aitl approve <id>
spl aitl reject <id>

The trade-off

Auto-apply is real automation. A proposal from a high-trust actor that has the wrong shape can create a bad routing rule that subsequently misroutes records. Two mitigations:

  1. Watch the CUSUM alerts for the actor's domain. If trust starts drifting downward because auto-applied rules are producing bad outcomes, the feedback loop catches it — but only after some damage.

  2. Set a higher priority rule for high-stakes namespaces. In acme-corp/payments/prod you may not want any auto-apply regardless of trust:

    spl config add-aitl-rule \
  --name "never-auto-apply-in-prod-payments" \
  --action present \
  --priority 1000 \
  --expression "record.body.namespace.startsWith('acme-corp/payments/prod')"

    Priority 1000 runs before the 200-priority auto-apply, so production namespaces always surface for review.

The threshold of 0.80 is arbitrary. Tune to your risk tolerance — 0.90 is more conservative, 0.70 is aggressive, and trust_count >= 50 (instead of 10) raises the bar further.

See also

Route by domain

Dispatch code work to one agent and ops work to another, using a single CEL rule per domain. No rule explosion, no per-user config.

Federate one thread

Share a single task thread with a collaborator on a different `spl` instance — and nothing else. The minimal federation recipe.

On this page

ProblemRecipeThe trade-offSee also