Skip to content

Approvals

The Approvals page is the queue where your team reviews AI agent tool calls that require human sign-off before (or after) they run.

An approval request is created automatically when an agent tries to use a tool covered by a policy that has approvers assigned. You do not need to do anything to trigger it - the system routes the call here and notifies the right people.

A badge on the Approvals item in the sidebar shows how many requests are currently pending.

What you see in a request

Each pending request shows:

  • Which agent made the call
  • Which tool it is trying to use
  • The arguments the agent supplied - the exact inputs it was going to pass to the API
  • Why the agent made this call - the instruction or prompt that caused it to choose this tool
  • The policy that flagged this call for review
  • Who is assigned to review it

Reviewing a request before execution

When a policy is set to review calls before they run, the tool call is held until an approver acts. The agent waits.

If you approve, the call executes immediately. If you reject, the call is cancelled and the agent receives the rejection reason.

Reviewing a request after execution

Some policies are configured to let calls run first and require sign-off retrospectively. In this case the call has already executed by the time it appears in your queue. Approving or rejecting creates an auditable record of the decision, which is useful for compliance and oversight without adding latency to the agent's workflow.

Approving a request

Click Approve on a request. You can approve without any restrictions (permanent and unlimited) or add constraints:

Set an expiry - the approval automatically expires after a date and time you choose. After it expires, the next call from this agent to this tool creates a new pending request. Use this for time-sensitive access: for example, approving a sensitive operation only during a maintenance window.

Set a use limit - the approval expires after a number of authorized uses you specify. A limit of 1 is a one-time approval. Use this when you want to allow a specific operation to happen a fixed number of times before requiring another review.

You can combine both - the approval expires when the first limit is reached.

Rejecting a request

Click Reject and enter a reason. The reason is sent back to the agent as part of the blocked response, and is stored with the request record. Write a reason that explains what needs to change - this helps the agent's operator understand whether to modify the request, use a different tool, or escalate through a different channel.

What happens when an approval expires

When an approval reaches its expiry date or use limit, it is automatically closed. The next time the agent attempts the same tool call, a new pending request is created and approvers are notified again.

Notifications

Approvers are notified in Slack when a new request arrives. You can also configure notifications for when a request is resolved (approved or rejected) and when an approved tool call subsequently fails during execution.

Notification settings are managed in the Settings page of the Control Plane. If you are not receiving notifications, check that the Slack integration is configured and that you are listed as an approver on the relevant policy.

Released under the MIT License.