Last week we talked about the Delegation Contract — how to hand work to an agent without handing it your judgment. This week is the harder question, and the more important one: what should the agent ever be allowed to do in the first place?

That is the part most people still skip.

A lot of the public conversation around AI is still stuck in the chatbot era. People argue about whether AI should be “allowed at work” or whether it is acceptable to use for drafting or brainstorming, as if we were still talking about a text box that only spits out words. But once an agent can read files, browse the web, send messages, and act across real tools, the question changes. It is no longer just what answer did it generate? The question becomes what authority did we give it?

That is the real shift.

If Part 6 was about handing off work cleanly, Part 7 is about deciding what the system is ever allowed to touch, change, send, approve, or spend. In other words: not just what job is it doing? but what power does it have while doing it?

That is what policy means now.

You do not have an AI policy problem. You have an authority problem.

This sounds abstract until you translate it into ordinary life.

Imagine a personal shopping agent.

Maybe you want it to keep your shopping list tidy, compare prices, build a cart, and remind you when you are low on toothpaste or coffee. Fine. That already sounds useful.

But now ask the real questions.

Can it read your calendar and infer when guests are coming over?
Can it look through old receipts and learn your spending habits?
Can it save a cart?
Can it place the order?
Can it switch the store to get a better deal?
Can it start a subscription?
Can it change your payment method?
Can it ship to a different address?
Can it buy a gift on your behalf?
Can it spend money without asking you first?

That is the Authority Matrix in plain English.

The issue is not whether the agent is “smart.” The issue is whether you were disciplined enough to decide what it may do before it starts doing it.

The Matrix

Here is the simplest version.

For any agent you are thinking about using, walk down this list and mark each line as one of four levels:

Never
Draft only
Human approval required
Autonomous inside guardrails

Now apply that to each category:

Read — What data may it see?
Draft — What may it prepare but not send or submit?
Send — What is it allowed to communicate outward?
Change — What records, settings, lists, or orders may it modify?
Approve — What can it finalize?
Spend — What money, credits, or commitments may it trigger?
Audit — What must be logged or shown back to you?
Stop — What automatically kicks the issue back to a human?

That is the whole framework.

Not glamorous. Very useful.

A simple example

Take that same personal shopping agent.

You might decide:

Read — your shopping list, pantry notes, saved preferences, budget, and calendar
Draft — product comparisons, carts, reorder suggestions, and gift ideas
Send — may send you a summary or shortlist, but not message stores or other people on your behalf
Change — may update your list and save a cart, but not alter payment methods, delivery addresses, or subscriptions
Approve — never
Spend — only on pre-approved repeat purchases under a fixed limit
Stop — any purchase above the limit, any gift, any medical or sensitive item, any subscription, or any change to payment or delivery details comes back to you

That is already a real policy.

Notice what happened there. We did not ask, “Is AI allowed?” We asked, “What is this agent allowed to touch, and where does the line stop?”

That is a much better question.

Start lower than your ego wants to

Most people will be tempted to jump too high too fast.

That is the same mistake every wave of automation makes.

The safer ladder is obvious:

Tier 1: read and draft
Tier 2: act with human approval
Tier 3: limited autonomous action inside explicit guardrails

That order matters.

If you cannot clearly define what the system may read, what it may change, and what triggers a stop, then you are not ready for autonomous action. You are barely ready for drafting.

The boring controls are the real controls.

Clear identity.
Least privilege.
Approval thresholds.
Audit trail.
Kill switch.

That is not anti-innovation. That is what competence looks like once the software stops being passive.

Shared agents mean shared power

This gets even more important the moment more than one person is involved.

A single personal agent is one thing. A shared household agent is another. The moment two or three people can all drive the same system, they are effectively steering the same permission set.

That means “shared convenience” is also shared authority.

If one person can ask the system to reorder groceries, another can potentially nudge it toward different stores, different products, different timing, different spending, or different delivery decisions. If the boundaries are sloppy, the system does not know whether it is helping or overstepping. It simply uses the authority it was given.

The problem is not malice. The problem is unclear power.

This is where the whole series cashes out

Part 1 was about jagged intelligence — why these systems can be brilliant in one moment and blind in the next.
Part 2 was about why you do not trust them with your secrets.
Part 3 was about why the human in the loop matters.
Part 4 was about the collapse of interfaces.
Part 5 was about what happens when voice and video stop counting as proof.
Part 6 was about the handoff.

Part 7 is where all of that turns into something practical.

If the agent is now part of the workflow, the real question is no longer whether it sounds smart. The real question is whether you were disciplined enough to decide:

What may it read?
What may it change?
What may it send?
What may it approve?
What may it spend?
And when must it stop?

That is what policy means now.

Not fear.
Not hype.
Not “AI good” or “AI bad.”

Authority.