An AI agent can now be held at the moment it tries to run a tool. When the approval gate is active, a tool invocation does not execute immediately — it suspends at the execution boundary and waits for an explicit human decision. The pending call, its target tool and its parameters are delivered to the operator over a streaming transport; the agent proceeds only on approval, and the call is discarded on rejection.
How the gate works
- Suspension at the boundary. The gate intercepts the call between the agent's decision to use a tool and the runtime's execution of it. Nothing runs until a decision is recorded.
- Streaming approval transport. Pending calls are pushed to the operator over Server-Sent Events, with a REST path for submitting the approve or reject decision, so the round trip completes without polling.
- Approve or reject per call. Each invocation is decided individually; an approval releases exactly that call, and a rejection returns control to the agent without side effects.
Why it matters
- Human-in-the-loop by configuration. High-consequence tools — writes, external calls, irreversible actions — can require sign-off without changing the agent's logic.
- Bounded autonomy. The gate complements the platform's permission perimeter: the agent still cannot exceed the user's rights, and now an operator can also confirm each action before it lands.
The approval gate is opt-in per deployment and integrates with the existing audit trail, so every approved and rejected call is recorded alongside the rest of the agent's activity.