What Problem Do Batch Approvals Solve?
Once you add approval requirements, you inevitably hit a new problem: some tasks generate multiple write operations.
Example task: "Clean up the failed rollout and redeploy"
This might trigger:
- Patch a ConfigMap
- Restart a Deployment
- Apply a new manifest
Approving each individually is correct but tedious during an incident. Batch approvals address this—but the challenge is obvious:
How do you make "Approve All" safe?
What Are the Design Rules for Safe Batch Approvals?
Skyflo's batch approvals follow three strict rules:
| Rule | Implementation |
|---|---|
| Only approval-required tools | Read-only tools are excluded from batches |
| Ordered, visible execution | You see which tool is currently executing |
| No conflicting actions | Individual approve/deny disabled during batch |
This makes "Approve All" less of a bulk button and more of a bulk workflow with clear boundaries.
Why Is Idempotency Critical for Batch Operations?
Bulk operations introduce edge cases that single approvals don't have:
| Edge Case | Risk Without Idempotency |
|---|---|
| Approval sent twice (network retry) | Same operation executes twice |
| Partial execution (tool 2 fails) | Inconsistent state |
| User cancels mid-batch | Half-applied changes |
The Engine must ensure idempotent behavior:
- Each approval request has a unique ID
- Duplicate approval attempts are no-ops
- Partial failures are clearly reported
Architecture principle: The UI can be fancy, but the Engine owns correctness. Idempotency is enforced at the Engine level, not the UI.
How Should Batch Approval Progress Be Displayed?
When batch approving, the interface should behave like a safe deployment tool:
Required UI elements:
| Element | Purpose |
|---|---|
| Total pending count | "Approving 4 operations" |
| Current step indicator | "Executing 2 of 4: restart deployment" |
| Per-tool results | Success/failure status for each |
| Halt on failure | Clear indication if sequence stopped |
This visibility prevents blind approvals. Users see exactly what's executing and can intervene if something looks wrong.
What Does a Safe Batch Approval Flow Look Like?
Agent: I need to perform 3 operations:
1. ✎ Patch ConfigMap api-config (write)
2. ✎ Restart Deployment api-server (write)
3. ✎ Apply Service api-lb (write)
[Approve All] [Review Individually]
User: [Clicks "Approve All"]
UI: Executing 1/3: Patch ConfigMap api-config... ✓
Executing 2/3: Restart Deployment api-server... ✓
Executing 3/3: Apply Service api-lb... ✓
All operations completed successfully.If step 2 failed:
UI: Executing 1/3: Patch ConfigMap api-config... ✓
Executing 2/3: Restart Deployment api-server... ✗
Error: ImagePullBackOff
Batch halted. 1 succeeded, 1 failed, 1 not attempted.
[Retry Failed] [Continue Remaining] [Abort]Related articles:
- Why Human-in-the-Loop Is Non-Negotiable for AI in Production Ops
- v0.3.1: Chat Queueing + Server-Side History Search
FAQ: Safe Batch Approvals in AI Agents
What is batch approval in AI agents? Batch approval allows operators to approve multiple pending write operations at once instead of clicking approve for each individually.
Are read-only tools included in batch approvals? No. Batch approvals only include tools that require approval (write operations). Read-only tools execute immediately without batching.
What happens if one operation in a batch fails? The batch halts at the failure point. Completed operations remain applied, and the user can choose to retry, continue with remaining operations, or abort.
How do you prevent duplicate executions in batch approvals? Each approval has a unique ID. The Engine tracks executed approvals and treats duplicate requests as no-ops, ensuring idempotent behavior.