Approvals, safety, and evidence
Codelit separates proposing an action from executing it. A write approval is bound to the user, run, tool, operation, and expiry so it cannot be reused for different work.
Put approval at the risk boundary
Require approval immediately before publishing, sending, merging, deleting, purchasing, or changing access. Read-only gathering usually does not need an approval unless the source is unusually sensitive.
Read the review
The approval panel names the actor, target, effect, and proposed inputs. Reject unclear work and edit the upstream card rather than repeatedly approving a weak plan.
Use receipts as evidence
The execution terminal and run receipt record step status, bounded outputs, tool attempts, approvals, cost estimates, and evidence links. Receipts are for review and replay; they are not a promise that an external system stayed unchanged afterward.