Skip to content
AthenAI AthenAI Help Center

Approvals, control, and the kill switch

AthenAI is an AI cofounder with hands. It can send email, send SMS, charge cards, post content, update CRM records, and run multi-step workflows on a schedule. That’s a lot of leverage to give to software.

We treat the trust gap as a real problem, not a marketing line. This article explains exactly how the control plane works.

The core principle

Section titled “The core principle”

AthenAI proposes. You approve. It executes.

That’s the contract. It’s the same on Free, Solo, Growth, Scale, and Custom — the capacity changes per tier, but the control model doesn’t.

What requires approval

Section titled “What requires approval”

By default, every meaningful action requires explicit one-tap approval before it ships. “Meaningful” includes:

  • Outbound messages — every email, SMS, WhatsApp message, push notification
  • Content publishing — every post to your site, blog, or social
  • CRM mutations — every contact create/update/delete, every pipeline stage change, every tag write
  • Money — every charge, every refund, every invoice send, every payment-link generation
  • Integrations — every third-party API write (GoHighLevel, Stripe, Google, etc.)
  • Workflow runs — every workflow execution that touches any of the above

What doesn’t require approval (because it’s read-only or local):

  • Reading data from connected sources
  • Drafting (without sending)
  • Internal AthenAI computations (analytics, summaries, idea generation)
  • Anything that happens entirely inside the chat surface without external side effects

What an approval looks like

Section titled “What an approval looks like”

When AthenAI wants to do something, it surfaces an approval card. You see:

  1. The action. “Send this email to 47 contacts” or “Charge $99 to Acme Co” or “Publish this post to the homepage.”
  2. The full diff. Exactly what’s going to happen. Email body, recipient list, subject. CRM field old value → new value. Charge amount, invoice line items.
  3. The reasoning. Why AthenAI thinks this is the right move (one or two lines).
  4. Two buttons: Approve · Reject. (“Edit before approving” is on the roadmap; for now, reject and ask AthenAI to redraft.)
  5. Audit metadata. Timestamp, the user/workflow that proposed it, your eventual response.

You can approve from web or mobile (push notification → tap). Mobile push is the most common in practice — most operators clear approvals during commute time.

The kill switch 🟦 Coming soon

Section titled “The kill switch 🟦 Coming soon”

A full per-workflow kill switch — with mid-action halt, side-effect rollback, and audit-log integration — is on the near-term roadmap. It’s not yet shipped.

What exists today: per-workflow enabled toggle in Settings → Workflows. Flip it off and AthenAI won’t run that workflow again until you flip it back on. Runs already in progress complete normally; there’s no mid-action halt yet.

What’s coming (target: this quarter):

  1. One-tap halt of any in-flight workflow run.
  2. Best-effort rollback of pending side effects (queued sends cancelled before they fire; uncommitted CRM mutations dropped).
  3. Already-shipped side effects (emails that left our gateway) stay shipped — we can’t un-send them, but we’ll stop the next step.
  4. Every kill is logged with reason, timestamp, and what could/couldn’t be rolled back.

If you need to stop something right now before the feature ships, email support@athenaigrowth.com — we can manually halt anything on your behalf within minutes during business hours.

Auto-approval rules 🟦 Coming soon

Section titled “Auto-approval rules 🟦 Coming soon”

A full auto-approval rule engine — stackable rules, per-channel thresholds, VIP-tag overrides — is on the roadmap.

What exists today: the per-workflow enabled toggle (Settings → Workflows). Everything else routes through manual one-tap approval.

What’s coming: rules like “auto-approve newsletter sends under 5,000 recipients,” “auto-approve CRM tag updates,” “manual approval for any charge ≥ $50,” stackable and overridable per-action. New accounts will default to 100% manual until you opt in.

Until it ships, every action that requires approval gets one — from you, in real time.

Audit log

Section titled “Audit log”

Everything is logged. Everything is queryable. Everything is exportable.

For each action you’ll see:

  • What happened (action type, target, payload diff)
  • Who proposed it (workflow ID, AI version, chat conversation, manual user action)
  • Who approved it (you, an auto-rule, a teammate on Custom)
  • When it happened (UTC + your local time)
  • What the side effects were (HTTP status from the integration, message ID returned, charge ID returned)
  • Whether anything failed and what the error was

The log retains for 1 year on Free/Solo/Growth, 7 years on Scale/Custom, and bespoke retention on Custom contracts.

Reversibility

Section titled “Reversibility”

Most actions are reversible eventually. Some aren’t. Honest table — with explicit labels for what’s shipped today vs. on the roadmap:

ActionReversible?How
Outbound email/SMS (already sent)❌ Once sent, it’s goneNot recoverable
Outbound message scheduled✅ TodayDisable the workflow before its scheduled run
CRM create/update/delete🟦 Coming soonAudit log captures the change today; one-tap revert is roadmap. For now, contact support to revert.
Content publish🟦 Coming soonOne-tap unpublish is roadmap. For now, contact support to roll back published content.
Stripe charge🟡 Partial — refundable, not undoableIssue refund from action’s audit entry
Stripe subscription change🟦 Coming soonStripe-native cancel works today; “revert from audit log within billing window” is roadmap.
GoHighLevel write🟦 Coming soonAudit log captures the change today; inverse-write tooling is roadmap. Contact support to revert.
Workflow run🟦 Coming soonPer-workflow disable works today (stops future runs). Mid-action kill is roadmap.

When something is genuinely not undoable, the approval card says so explicitly: “⚠️ This cannot be reversed once approved.”

Channel-level controls 🟦 Coming soon

Section titled “Channel-level controls 🟦 Coming soon”

Channel-level pause (“halt all outbound email for 24 hours,” “halt all SMS until Friday”) is on the roadmap. It will live alongside the kill switch.

What exists today: per-workflow disable (Settings → Workflows). For broader “stop everything” needs — going on vacation, troubleshooting a misbehaving workflow, switching providers — email support@athenaigrowth.com and we’ll halt outbound on your account manually.

Internal-only / shadow mode

Section titled “Internal-only / shadow mode”

For testing, the platform supports a shadow mode where outbound sends are intercepted and rerouted to a single internal address (typically todd@athenaigrowth.com for AthenAI itself). This is for development and debugging — you (the customer) won’t normally interact with it. If you’re doing a high-stakes test and want to verify the workflow logic without anyone actually receiving the message, ask support to flip your account into shadow mode for a window. We routinely do this for customers about to launch a big campaign.

What we don’t do

Section titled “What we don’t do”

A few explicit nos:

  • We don’t sell your data. Ever. Not to advertisers, not to “partners,” not to AI training. Your data trains your model only.
  • We don’t surprise-charge. Tier upgrades are explicit. Overage charges (rare — only on Custom contracts) are flagged in the audit log before they post.
  • We don’t auto-approve. Today, every action that requires approval routes through you manually. The auto-approval rule engine is roadmap, and when it ships it will be opt-in (new accounts 100% manual by default).

What to do if something fires that shouldn’t have

Section titled “What to do if something fires that shouldn’t have”
  1. Disable the workflow to stop future runs. Settings → Workflows → [the one that misfired] → toggle off.
  2. Check the audit log for the action. Everything is logged.
  3. Email support@athenaigrowth.com with the audit-log entry. We can issue refunds (for Stripe charges), revert CRM/GHL writes, and unpublish content manually while the one-tap revert tooling is being built.
  4. Open chat and tell AthenAI what happened. It can help draft the cleanup (apology email, follow-up, whatever’s needed) — and you’ll approve that draft the same way you approve everything else.
  5. If you think the AI made a bad call, flag the action in the audit log. That feedback shapes future proposals.

If something serious goes wrong (charge fired that shouldn’t have, message sent to the wrong list, etc.), email support immediately. Scale and Custom tiers have a 2-hour SLA on incidents like this.

Section titled “Related”

[IMG-APPROVAL-CARD: phone screenshot of an approval modal with the diff visible. Product surface.]