Resolve the queue,
keep the keys
Support teams give resolution agents real tools — order lookups, credits, account changes — through scoped credentials instead of the admin panel, so an agent can close a ticket without being able to close an account.
Where autonomy breaks down today
The agent logs in as an admin
Most support automations authenticate as a superuser because that is the only credential that reaches every tool. One agent, one prompt injection, and the whole helpdesk is exposed.
Goodwill spend drifts unmeasured
Credits and comp shipments issued by automation accumulate quietly. Without per-agent budgets, nobody sees the drift until finance flags the quarter.
Disputes turn into he-said, bot-said
A customer claims the bot promised a refund it never issued — or issued one twice. Without signed records per action, the escalation costs more than the original ticket.
Ticket #4172, closed with proof
A customer writes in about a late delivery and a billing error in the same message. resolve-agent untangles both — and gets stopped exactly once.
resolve-agent picks up the ticket
PassportIt authenticates with its own passport, scoped to read orders and subscriptions, post replies, and issue credits — a fraction of what the human admin role can do.
A $35 credit flows through instantly
BudgetThe shipping delay qualifies under the goodwill policy. The credit is inside the per-ticket limit and the agent's $600 daily budget, so it executes in 8 ms with no human involved.
A subscription cancellation is held
PolicyFixing the billing error, the agent decides to cancel and rebuild the subscription. support-guardrail treats destructive account changes as approval-required, so the action pauses.
A team lead approves the safe path
ApprovalPriya sees the proposed change with full context, approves the plan-swap instead, and the agent completes it. Total human time: about twenty seconds.
Receipts land on the ticket
ReceiptThe credit, the held cancellation, the approval, and the plan change each carry a signed receipt chained into the trail and linked from the ticket timeline.
Give agents tools, not the admin panel
Every helpdesk action becomes an individually permissioned, individually receipted operation — so autonomy expands one scope at a time.
Grant read, reply, and credit scopes without account deletion, data export, or billing admin. The agent's blast radius is the scope list, not the platform.
Per-ticket limits and daily caps keep automated generosity aligned with what the CX budget actually planned for.
Held actions arrive in Slack with the ticket, the agent's reasoning, and the exact call it wants to make — approvals take seconds, not context reloads.
When a customer disputes what the bot did, the answer is a signed, timestamped chain — not a search through conversation logs.
Representative outcomes reported by govern.sh customers in customer support.
Customer data on a need-to-know basis
Scoped passports keep agents inside the customer records a ticket actually requires, supporting GDPR data-minimization obligations, while the receipt chain gives you a verifiable processing record per interaction. The same trail doubles as SOC 2 evidence that automated access to customer data is controlled and reviewed.
Before govern.sh our bot used a shared admin login and everyone quietly hoped for the best. Now it has four scopes and a budget, and when a customer challenges an interaction I paste the receipt chain into the escalation and it ends there.
Related use cases
Put a verified agent to work in customer support.
Mint a passport, attach a policy, and watch the first signed receipt land — free for your first three agents.