Back to Patterns

Approval-Gated Actions

Agent Patterns

Summary

Approval-gated actions is a safety pattern that pauses agent execution before sensitive operations and requires explicit human or policy-based approval to proceed. The agent classifies each action, requests approval for high-risk operations, and only continues when approval is granted.

How it works

  1. Action classification -- each tool call is classified as auto, manual, or blocked based on a predefined policy.
  2. Approval request -- for manual actions, the agent presents a summary of the intended action and waits for approval.
  3. Pause and resume -- execution pauses at the gate and resumes only upon approval signal.

Action categories

  • Auto: Non-sensitive actions that execute without approval (read queries, simple lookups).
  • Manual: Actions that require approval before execution (writes, deletes, external API calls).
  • Blocked: Actions that are never allowed regardless of context.

Escalation

If an approval request times out, the agent either retries with a simpler request or falls back to a safe default. Urgent operations may include a bypass mechanism that logs the action for audit.

Build This Pattern

Copy this prompt and paste it into Claude Code, OpenCode, Codex, or Cursor to implement this pattern.

Build me an approval-gated action system. Architecture: define action categories: auto-approve, require human approval, always blocked. When a model requests a gated action, pause execution, create an approval request, and resume only when approved. Error handling: handle approval timeouts, expired approval requests. Edge cases: handle cascading approvals (approve once for a batch), urgent bypass (override with audit). Best practices: always log who approved, what was approved, and when. Testing: verify gated actions are correctly blocked without approval.