The question every owner should ask about autonomous systems is "what stops it doing something I didn't authorize?" Here is our answer, in full. It's a tighter leash than your employees are on.
Reading is always allowed. Drafting is always allowed. Acting alone is unlocked one category at a time, by you, in writing, and anything client-facing or irreversible keeps a human approval forever unless you explicitly decide otherwise. It never grants itself anything.
Policies aren't instructions the system is asked to follow, they're enforced in the machinery itself. An action outside policy doesn't get reconsidered; it gets blocked. The difference matters, and most of what's being sold today doesn't have it.
Regesta is named for the regesta: the record books in which every act of an administration was written down. Every email drafted, every task handled, every decision routed: timestamped, append-only, readable. When your compliance reviewer or your E&O carrier asks how the system is controlled, you hand them the record.
Its own account in every system, with the least privilege that does the job. Never your password, if you offer one, we'll refuse it. Your data runs under your own accounts, in your name, and your relationship with every provider stays yours.
Independent monitors check the system's pulse around the clock, with hard ceilings on volume and spend. If anything degrades, we know before you do, that's a design requirement, not a courtesy.
Disable one account and everything stops. Off-boarding is complete, verified, and attested in writing. The record stays with you, it was always yours.