NotSolo
    About NotSoloOur ApproachMeet the SquadWeekly CyclesKanban & Squad ChatExecution DisciplineSelf-LearningYour First WeekAutonomy & ApprovalsBring Your Own KeysFrom Signals to ShippedMetrics & PrioritiesWho It's ForWorking with a TeamSecurity & PrivacyLLMs (OpenAI, Anthropic)Email Providers (Resend)StripeApifySEO (Serper.dev, GSC)Cursor Cloud AgentsFirst Weekly CycleConnect Your StackReview-First WorkflowsDiscovery PlaybookFriday Metrics

    Review-First Workflows: What to Approve Before Anything Goes Live

    AI agents that act without oversight are a liability. But agents that require approval for everything become a bottleneck. This guide explains how NotSolo's review-first model strikes the balance — and how trust builds over time so you stay in control without doing all the work.

    The Problem with Autonomous AI

    The AI agent narrative often goes like this: "Set it up, let it run, come back to results." In practice, this is dangerous for a startup. An AI that sends the wrong email to a customer, posts an off-brand comment on Reddit, or generates a blog post with inaccurate claims can do real damage — damage that's hard to undo when you're a small team with a fragile reputation.

    But the opposite extreme — requiring manual approval for every single agent action, including research and analysis — defeats the purpose. If you're reviewing every Reddit scan and every classification decision, you're not saving time; you're adding a layer of overhead.

    NotSolo solves this with a clear distinction: internal actions run freely; external actions require review. This gives you the safety of human-in-the-loop governance without the friction of approving things that don't matter.

    What Runs Freely vs. What Requires Approval

    Understanding this distinction is key to using NotSolo effectively. Here's the complete breakdown:

    Actions that run without approval

    These are internal, non-destructive actions that inform but don't act on the outside world:

    • Research and scanning: Scout scanning Reddit, X, and Facebook groups for relevant threads. Forge scanning user signals for feedback patterns. Quill researching SEO keywords. These are read-only operations.
    • Classification and analysis: Agents classifying posts by relevance, analyzing user behavior patterns, evaluating keyword difficulty. This is internal reasoning.
    • Kanban task creation: Agents creating tasks, adding comments, updating task status. These are internal workflow actions visible in your dashboard.
    • Squad Chat messages: Agents posting updates, flagging insights, asking for your input. This is internal communication.
    • Metrics collection: Atlas pulling metrics from Stripe, GSC, and other connected sources. This is data gathering for the weekly report.

    Actions that require your approval

    These are external, potentially destructive actions that touch the real world:

    Scout — Outreach

    Posting Reddit replies, sending DMs, engaging on X. Scout drafts these and puts them in the Review queue. You check the wording, ensure it matches your tone, and approve. This is critical because a bad outreach message can get your account flagged or damage your brand.

    Pulse — Emails

    Sending lifecycle emails to users. Pulse drafts the email with recipient, subject, and body — you see the full text before it goes out. This matters because emails represent your brand directly and are hard to "unsend."

    Quill — Content

    Publishing blog posts or content pieces. Quill drafts them as tasks with the full content attached. You review for accuracy, tone, and strategic alignment before publishing.

    Forge — Code Changes

    Generating pull requests via Cursor Cloud agents. Forge creates the PR; you review the code diff and merge. This is the highest-stakes action — code changes affect your product directly.

    The design principle: Agents should be able to think, research, and plan without asking permission. They should always ask permission before speaking or acting on your behalf. This mirrors how a good human employee works — they gather information independently but check with you before sending the email or publishing the post.

    Your Daily Review Routine

    With a review-first setup, your daily check-in is quick and structured. Here's the workflow, step by step:

    1. Open the Kanban board

    Go to Dashboard → Mission Queue. Your Kanban board has five columns: Inbox, Assigned, In Progress, Review, and Done. Focus on the Review column — these are completed tasks waiting for your sign-off.

    2. Review each task

    Click on a task to see its details. Each task includes:

    • Title: What the agent did (e.g., "Draft reply to r/SaaS thread about onboarding tools").
    • Description: Context and reasoning — why the agent took this action and what it expects to achieve.
    • Agent comments: The agent's notes, often including the draft text, links to the source, and relevance scoring.
    • Tags: Labels like the agent name, task type, and priority level.

    Read the draft or output carefully. For outreach replies, check: Is the tone helpful and not salesy? Does it accurately describe your product? Would you be comfortable if a potential customer saw this with your name on it?

    3. Take action

    You have three options for each task:

    • Approve: Move the task to "Done." The agent executes the external action (posts the reply, sends the email, etc.).
    • Edit and approve: Modify the draft text in the task comments, then move to Done. The agent uses your edited version.
    • Reject: Move the task back to "Assigned" with a comment explaining what to change. The agent will revise on its next heartbeat.

    This entire process typically takes 5–10 minutes per day. On busy weeks with lots of outreach or content, it might take 15. On quiet weeks, it might take 2. The key is consistency — checking daily prevents a backlog of stale tasks that lose relevance.

    The Trust Ladder: Graduating Agent Autonomy

    The review-first model is the starting point, not the permanent state. As you build confidence in an agent's judgment for specific types of work, NotSolo lets you gradually increase its autonomy. This is configured in Dashboard → Settings under the autonomy settings.

    There are three autonomy levels, and they can be set independently per agent and per workflow type:

    Level 1: Ask (default)

    The agent drafts everything and puts it in your Review queue. Nothing external happens without explicit approval. This is where every agent starts, and it's the right level when you're still learning how the agent thinks, what tone it uses, and how well it understands your product.

    Stay at this level until: You've approved 10+ actions of the same type without making significant edits. If you find yourself rubber-stamping without reading, that's a signal you trust the output — time to consider elevating.

    Level 2: Suggest

    The agent executes low-risk actions automatically but flags them for retrospective review. You see what it did after the fact and can reverse or correct if needed. This is a good middle ground for actions where the downside is low — for example, Scout replying to a Reddit thread with a helpful comment that doesn't mention your product.

    Best for: Research engagement, internal data analysis, low-stakes social interactions. Not recommended for emails or code changes until you have extensive trust.

    Level 3: Full

    The agent acts independently within configured rate limits. It still logs everything — you can review in the heartbeat logs and weekly report — but it doesn't wait for your approval. This is appropriate for mature workflows where the agent has demonstrated consistent quality over many cycles.

    Rate limits matter: Even at Full autonomy, you can set a maximum number of actions per day. This prevents runaway execution — if an agent misinterprets a signal and tries to send 50 emails, the rate limit catches it after 5.

    How trust builds: NotSolo tracks your approval rate per agent per workflow type. If you consistently approve Scout's Reddit replies without edits, the system marks that workflow as "auto-eligible" — a suggestion that you might want to elevate it to Suggest level. You always make the final call; the system just surfaces the data. This approach mirrors how you'd build trust with a human team member: observe their work, provide feedback, and gradually give more independence as quality proves consistent.

    Practical Autonomy Configurations

    Here are some common configurations that founders settle into after a few weeks:

    Conservative (recommended for first 2–4 weeks)

    • All agents: Ask for all workflow types
    • Daily review time: ~10 minutes
    • Best for: Learning the system, calibrating agent output

    Balanced (typical after week 4)

    • Scout research/scanning: Full
    • Scout outreach replies: Ask
    • Quill content drafts: Ask
    • Pulse lifecycle emails: Ask
    • Forge product specs: Suggest
    • Daily review time: ~5 minutes

    High-trust (after 8+ weeks with consistent quality)

    • Scout all workflows: Full (rate limit: 10/day)
    • Quill content: Suggest
    • Pulse emails: Suggest (rate limit: 5/day)
    • Forge code changes: Ask (always keep code review manual)
    • Daily review time: ~2 minutes (mostly retrospective)

    Why Review-First Beats "Set and Forget"

    The review-first model isn't just a safety feature — it's a learning accelerator. Every time you review an agent's work, two things happen:

    1. You stay informed. You see what's happening in your market — which Reddit threads are trending, what users are asking for, how your content is performing. The review process keeps you connected to your business even when you're not doing the work yourself.
    2. The system improves. Your edits, rejections, and comments are signals. When you rephrase Scout's draft reply, you're teaching it your voice. When you reject a task as "not relevant," you're sharpening its classification. Over time, the agents get better at producing work you approve on the first try — which is when autonomy elevation makes sense.

    "Set and forget" AI tools save you time in the short term but disconnect you from your business. Review-first saves you time and keeps you in the strategic driver's seat. That's the difference between delegation and abdication.

    Related Guides & Docs