Approvals
The approval system provides human oversight for sensitive operations, ensuring critical actions require explicit authorization before execution.
Why Approvals?
Some operations are too important to be fully automated:
- High-risk actions: Deleting users, bulk operations
- Compliance requirements: Regulated data access
- Cost control: Expensive operations need sign-off
- Quality assurance: Review AI-generated content before sending
How Approvals Work
Operation Requested → Risk Assessment → Approval Queue → Review → Execute or Reject
- Agent or system attempts a sensitive operation
- System evaluates risk level
- Approval request created and placed in queue
- Admin reviews in the dashboard
- Approved: Operation executes
- Rejected: Operation blocked
Risk Levels
| Level | Description | Default Timeout |
|---|---|---|
| Low | Minor operations | 24 hours |
| Medium | Standard sensitive ops | 12 hours |
| High | Critical operations | 4 hours |
| Critical | Emergency-level risk | 1 hour |
If no decision is made within the timeout, the request is automatically rejected.
Approval Workflow States
Pending → Approved → Executed (or Failed if execution fails)
Pending → Rejected
Pending → Expired (on timeout)
Trusted Patterns
To reduce approval fatigue, you can create trusted patterns for operations that don't need approval. For example, you might trust a specific agent to perform read operations, or auto-approve data exports under 100 records. Patterns match on agent ID, operation type, resource type, and context conditions.
- Don't over-approve -- Require approval only for truly sensitive operations. Requiring approval for everything creates fatigue.
- Set reasonable timeouts -- Shorter for critical operations (1 hour), longer for low-risk (24 hours).
- Provide context -- When agents request approval, the risk reason and context help reviewers make faster decisions.
- Use trusted patterns -- Reduce approval fatigue for safe, frequent operations.
Next: Learn about Audit Logs for tracking all activity.