approval_gate
Human approval step for risky operations.
What it mitigates
- Irreversible actions without human context
- Over-blocking when controlled exceptions are needed
- Blind autonomous execution in high-impact flows
Recommended defaults
| Profile | enabled | onTimeout |
|---|---|---|
local | true for high-impact actions | deny |
standard | optional by policy | deny |
unbounded | optional / monitor mode | alert or deny |
Minimal config
approval:
enabled: true
mode: sync_wait
waitTimeoutSec: 300
onTimeout: deny
onConnectorError: deny
channels:
telegram:
enabled: true
transport: polling
botToken: "${TELEGRAM_BOT_TOKEN}"
allowedChatIds: []
approverUserIds: []Operational notes
- Keep approver identity explicit (
approverUserIds). - Keep timeout fail-closed for production-like use.
- Audit every approval/deny event.