Great question. You're right that pure human gates don't scale to 24/7 operations.
AXON already handles this partially: you can set auto-approve per tool and per agent. Low-risk actions like web search run without asking, while high-risk actions like shell commands always require approval. There's also session-level approval — trust the agent for a specific task, then revoke.
For the overnight scenario: scheduled tasks in AXON run at defined times and queue approvals if needed. You approve in the morning or via Telegram/Discord on your phone.
But you're pointing at exactly where we're headed. Hybrid controls — rate limits, budget caps, automatic rollback on anomalies — are on the roadmap. The audit trail already captures everything, so adding automated rules on top of that data is the natural next step.
The philosophy stays the same: default to human control, earn autonomy gradually.
I built AXON because I wanted AI agents that can actually do things — but with real security controls.
Every tool call (file ops, web search, shell commands, email, code execution) requires explicit user approval before execution. Parameters and risk level are shown, you approve or deny. Everything is logged.
Key features:
- Multi-agent system (different roles, models, permissions per agent)
- Multi-LLM: Ollama (fully local), Claude, OpenAI, Gemini, Groq, OpenRouter
- 100% on-premise, no cloud needed, GDPR-compliant
- Docker-based code sandbox with network isolation
- MCP server (works as tool provider for Claude Desktop, Cursor)
- Encrypted API key storage (Fernet)