> ## Documentation Index
> Fetch the complete documentation index at: https://docs.glasswarp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Safety and consent

> The guardrails around every API session.

Glasswarp drives a real machine, so consent and observability are built into the
platform — not left to the agent. Glasswarp provides the **controls**; you remain
responsible for your agent's **behavior**.

## Per-rig consent

API access is **off by default**. The rig owner must explicitly enable
`api_access_enabled` in **Console → Rigs**. No session can route to a rig
without it.

```python theme={null}
rig = next(
    (r for r in gw.list_rigs() if r.online and r.api_access_enabled),
    None,
)
```

## Visible session indicator

While an API session is active, the host shows an on-screen **"API session
active"** indicator on the real machine. The owner always sees when an agent has
eyes and hands.

## Kill switch and safety\_restore

The owner can end any session from the host or Console. On **every** exit path —
disconnect, launch failure, `EXIT_GAME`, `FORCE_QUIT`, and API `END_SESSION` —
the host runs `safety_restore` to return the machine to a safe state.

## Audit log

Every API session creates an audit row. Sessions are observable live via
[Live View](/guides/live-view) and after the fact via the Console.

## What's yours vs ours

<Columns cols={2}>
  <div>
    **Glasswarp provides**

    * Consent gate (per-rig API access)
    * Visible indicator
    * Owner kill switch
    * Audit log + Live View
    * Key scoping and rate limits
  </div>

  <div>
    **You are responsible for**

    * What your agent decides to do
    * Prompts, guardrails, and human-in-the-loop in your app
    * Not exfiltrating or misusing screen contents
  </div>
</Columns>

<Note>
  Glasswarp is the safe, observable I/O layer — not an AI-safety layer for your
  agent's decisions. Design your own review and approval flows on top.
</Note>
