Approvals & safety

How HISAB decides what runs automatically and what needs your nod.

Operating modes

Set in Settings → Operating mode. Three options trade speed for safety:

• Strict — Every write needs explicit approval. The AI proposes; you click ✓ for each. Use during month-end close on live books.
• Default — Cell writes auto-execute (and are journaled). Destructive operations — deletes, ERP pushes, macro runs — need approval. Best for daily use.
• Auto — Everything runs. Still journaled, still reversible via the audit log. Use for established skills you trust completely.

What counts as "destructive"

• Deleting rows, columns, or entire sheets
• Pushing journal entries to your ERP
• Running VBA macros
• Overwriting existing values in non-empty cells (configurable)
• Calling external HTTP APIs

Approvals queue

When an action needs approval, an inline card appears above the chat input. The card shows: what the AI wants to do, the exact target (sheet + range or API endpoint + payload), why it wants to do it, and an "Approve" / "Reject" button. Approvals are non-blocking — you can chat about other things while one waits.

Write journal

Every cell HISAB writes is recorded with before/after values, sheet, address, timestamp, chat-turn ID, and (on Team plans) the user. View it in Settings → Review Changes, or export per period for auditor review.