Approval Gates
Every mutating tool call pauses for explicit human approval before execution. Approval enforcement is implemented in the Engine runtime and cannot be disabled through configuration.
How It Works
-
Agent proposes: The agent analyzes your intent, discovers resources, and generates tool calls. Read operations (list, get, describe, logs) execute immediately. Mutating operations (apply, scale, delete, promote) are queued.
-
UI shows pending approval: The Command Center displays each pending operation: tool name, parameters, and context. You see what will happen before it happens.
-
Human approves or denies: You approve to proceed or deny to stop. No silent execution. No autonomous mutations.
-
Execution proceeds or stops: On approval, the tool runs. On denial, the operation is cancelled. The agent can propose alternatives or stop the workflow.
Read vs Mutate
| Type | Behavior |
|---|---|
| Read | Auto-execute. No approval. List, get, describe, logs, search, template. |
| Exec | Auto-execute by default. Behavior depends on the command executed. |
| Mutate | Pause for approval. Apply, scale, delete, promote, trigger, stop, uninstall, abort. |
The distinction is driven by MCP tool annotations. See Tool Annotations for how tools are tagged.
Bulk Approval
When multiple operations are pending, you can approve or deny them individually or in bulk. Useful for "apply these 3 manifests" or "scale these 2 deployments." Each operation remains auditable.
Why It Matters
The agent can plan complex multi-step workflows, but it cannot execute mutations without explicit operator consent. You decide whether to scale, rollback, or delete.
Flow Diagram
User request → Plan (agent) → Tool calls generated
↓
┌───────────────────────────────┐
│ readOnlyHint: true? │
└───────────────────────────────┘
│ │
Yes No
│ │
▼ ▼
Execute immediately Pause for approval
│
┌─────────┴─────────┐
│ │
Approved Denied
│ │
▼ ▼
Execute Cancel, optionally
propose alternative