Never auto-approve auth-class breakpoints

automation-rule:never-auto-approve-auth

AutomationRulelifecycle/automation-rules/auto-approve-readonly-breakpoints.yaml·Open in Graph →

{
  "id": "automation-rule:never-auto-approve-auth",
  "_kind": "AutomationRule",
  "_file": "lifecycle/automation-rules/auto-approve-readonly-breakpoints.yaml",
  "_cluster": "lifecycle",
  "attributes": {
    "displayName": "Never auto-approve auth-class breakpoints",
    "triggerType": "webhook",
    "webhookPort": 4187,
    "webhookPath": "/automations/webhooks/breakpoint-elicitation",
    "webhookMethod": "POST",
    "webhookAuthType": "bearer",
    "sourceEvent": "babysitter:breakpoint.elicitation",
    "lifecycleState": "active",
    "targetProjectId": "project:babysitter-core",
    "targetBoardProjectId": "board:babysitter-default",
    "taskTemplateTitle": "Awaiting human approval (auth): {{breakpoint.id}}",
    "taskTemplatePriority": "critical",
    "taskTemplateStatus": "ready",
    "routingAction": "canonical-issue-create",
    "sourceKind": "config-file",
    "createdAt": "2026-04-28",
    "description": "Mirrors a BreakpointRule with action=never-auto-approve covering the\n`auth` ActionCategory: any breakpoint that would access or modify\ncredentials, tokens, or secrets. Routes to the human-review queue at\n`critical` priority. Source: packages/sdk/src/breakpoints/types.ts\n(ActionCategory union; ApprovalPosture).\n"
  },
  "outgoingEdges": [],
  "incomingEdges": [
    {
      "from": "agent:babysitter",
      "to": "automation-rule:never-auto-approve-auth",
      "kind": "defines_automation_rule",
      "attributes": {}
    }
  ]
}