approval_gate

Human approval step for risky operations.


What it mitigates


ProfileenabledonTimeout
localtrue for high-impact actionsdeny
standardoptional by policydeny
unboundedoptional / monitor modealert or deny

Minimal config

approval:
  enabled: true
  mode: sync_wait
  waitTimeoutSec: 300
  onTimeout: deny
  onConnectorError: deny
  channels:
    telegram:
      enabled: true
      transport: polling
      botToken: "${TELEGRAM_BOT_TOKEN}"
      allowedChatIds: []
      approverUserIds: []

Operational notes