Team & Governance

Control who can deploy, require approvals for production, track every action, and set budget limits to prevent runaway costs.

Approval Gates

Approval gates add a human-in-the-loop checkpoint before deployments reach sensitive environments. When enabled, deployments pause at the gate and wait for an authorized approver to review and approve.

Configuring approval gates

Configure gates per environment in your project settings or via the poc.config.json file at the root of your project:

{
  "approvals": {
    "preview": {
      "required": false
    },
    "staging": {
      "required": true,
      "approvers": ["team-leads"],
      "minApprovals": 1,
      "timeoutHours": 24
    },
    "production": {
      "required": true,
      "approvers": ["team-leads", "platform-eng"],
      "minApprovals": 2,
      "timeoutHours": 48
    }
  }
}

How it works

A deployer triggers a deployment to an environment with approval gates enabled.
The deployment enters a pending_approval state.
Designated approvers receive a notification (email, Slack, or dashboard).
Once the required number of approvals is met, the deployment proceeds automatically.
If the timeout expires without sufficient approvals, the deployment is cancelled.

Tip: Preview environments typically do not need approval gates. Keep them fast and friction-free for developer iteration.

Role-Based Access Control (RBAC)

POC.ai uses three built-in roles to control access across your organization. Roles are assigned per-member in the dashboard under Settings → Members.

Role	Deploy Preview	Deploy Staging	Deploy Production	Approve	Manage Members	Billing
Admin	Yes	Yes	Yes	Yes	Yes	Yes
Deployer	Yes	Yes	Requires approval	Yes	No	No
Viewer	No	No	No	No	No	No

Assigning roles

Roles can be assigned via the dashboard or the API:

# Via CLI (admin only)
poc team add user@example.com --role deployer

# Via API
curl -X POST https://api.poc.ai/v1/team/members \
  -H "Authorization: Bearer poc_your_token" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "role": "deployer"
  }'

Important: Viewers can see deployment status, logs, and URLs, but cannot trigger any write operations. Use this role for stakeholders who need visibility without deployment access.

Audit Trails

Every action in POC.ai is logged with a timestamp, actor, action type, and metadata. Audit logs are immutable and retained for 90 days on Pro plans and 1 year on Team and Enterprise plans.

What gets logged

Event	Details captured
Deployment created	Who deployed, source repo, branch, environment, framework detected
Deployment promoted	Who promoted, from/to environment, approval chain
Rollback triggered	Who rolled back, target version, reason (if provided)
Approval granted/denied	Approver, deployment ID, decision, timestamp
Env variable changed	Who changed it, variable name (value masked), environment
Member added/removed	Admin who made the change, target member, role assigned
Login/logout	User, IP address, device, timestamp

Viewing audit logs

Access audit logs from the dashboard under Settings → Audit Log, or query via the API:

curl https://api.poc.ai/v1/audit-log?limit=50 \
  -H "Authorization: Bearer poc_your_token"

Response:

{
  "events": [
    {
      "id": "evt_a1b2c3",
      "action": "deployment.promoted",
      "actor": "jane@example.com",
      "target": "dep_7xk2m9",
      "metadata": {
        "fromEnv": "preview",
        "toEnv": "production"
      },
      "timestamp": "2026-03-17T11:00:00Z"
    }
  ]
}

Budget Guardrails

Prevent unexpected costs by setting per-project spending caps, usage alerts, and auto-pause thresholds. Budget guardrails ensure AI agents and team members cannot consume more resources than approved.

Configuration

Set budgets in the dashboard under Settings → Billing → Budgets, or in your project config:

{
  "budget": {
    "monthlyCapUsd": 500,
    "alertThresholds": [50, 80, 95],
    "autoPauseAtPercent": 100,
    "notifyEmails": ["platform-team@example.com"]
  }
}

How guardrails work

Feature	Description
Per-project caps	Set a monthly dollar limit for each project. When reached, new deployments are paused.
Alert thresholds	Receive email and Slack notifications at configurable percentages (e.g., 50%, 80%, 95%).
Auto-pause	Automatically pause all deployments when usage hits the configured threshold. Existing services remain live.
Admin override	Admins can resume paused projects and adjust caps at any time from the dashboard.

Tip: Start with generous caps and tighten them as you understand your usage patterns. The dashboard shows real-time spend per project.

Next steps

See plan limits and pricing in Billing & Usage.
Set up automated deployment workflows with Integrations.