Enforgate
Start free
Browse documentation

How do I set up human-in-the-loop approvals?

A require_approval verdict holds the tool call and asks a human to decide. You choose where the request goes, how long it waits, and whether an approval can grant a temporary allowance.

What happens on require_approval

When a verdict is require_approval, the gateway:

  1. Writes the call to the audit log as pending.
  2. Creates an approval with a single-use token and notifies your channels.
  3. Holdsthe call until someone approves or denies it — or until the key's timeout elapses, at which point it auto-denies (fail closed).

Notification channels

On the dashboard Settings page, add one or more channels to a key. When a call needs approval, every enabled channel is notified in parallel; a failing channel never blocks the others. With no channels configured, the approve/deny links are logged to the gateway console (handy in development).

  • Email— delivered per the key's email mode (Enforgate-hosted, or your own SMTP server).
  • Slack and Microsoft Teams — via an incoming webhook, with Approve / Deny buttons.
  • Telegram — via a bot, with inline Approve / Deny buttons.

Use “Send test” on any channel to confirm delivery before you rely on it.

The approval timeout

Each key has an approval timeout (default 15 minutes). If no one decides within the window, the held call is denied. Set it short for interactive agents, longer for batch work where a person may not be watching.

Temporary allowlists

When approving, a person can grant a temporary allowance— once only, or for 1, 8, or 24 hours. A timed allowance auto-allows matching calls (same server and tool) for the chosen window, so the agent isn't stopped on every repeat. You can turn temporary allowances off per key, forcing every call to be re-approved.

Approving a request

You can resolve a held call three ways:

  • From the notification — click Approve or Deny.
  • From the in-app Approvals inbox (/dashboard/approvals) — see everything pending across your keys with a live countdown, and resolve inline.
  • From the Playground, when you triggered the call there.

All paths resolve the same single-use approval, so a request can only be decided once. To understand why approvals fail closed, see security & data handling.