Guardrails & policies

Guardrails are an organization-wide policy that controls how much the Remediation Queue is allowed to do on your behalf. The key setting decides whether approving a fix also merges it.

The “Do not auto-merge” setting

Your organization has a Do not auto-merge policy that is on by default. It changes what the approve action does on a Review card:

• On (default) — approving is approve-only. The card advances, but a human merges the pull request in your version-control provider. This keeps the final merge decision with your team.
• Off — approving becomes approve-and-merge. Approving a card both approves and merges the pull request automatically.

The approve button on each card reflects the current policy. With auto-merge off, the action won’t say “merge” — it only approves. Turn the policy off when you’re comfortable letting the queue merge approved fixes for you.

Tip

Start with Do not auto-merge on while you build confidence in the AI fixes, then turn it off once you trust the workflow and want fewer manual steps.

Who can change the policy

Changing the guardrail policy is gated by an allow-rule. Members without that permission can work the board but can’t alter how auto-merge behaves — which keeps a sensitive, organization-wide setting in the hands of the people you choose.

Related

• Reviewing & approving fixes — how the policy shows up in the approve action.
• Allow-rules — the permission model behind the controls.