Approving Requests

When a policy has the Ask action, tool calls that match are sent to the approval queue for manual review.

The Approval Queue

The approval queue shows all pending requests across your organization. Each request displays:

• Tool name: The tool being called
• Input summary: Key parameters of the tool call
• Session: Which session generated the request
• Device: Where the agent is running
• Time waiting: How long the request has been pending

Reviewing a Request

Click on a pending request to see full details:

Context

• Full tool input: All parameters passed to the tool
• Session context: What the agent has been doing
• Matched policy: Which policy triggered the ask

Making a Decision

When you approve or deny:

1. Your decision is recorded with timestamp
2. The agent receives the response immediately
3. The decision appears in the session timeline

Best Practices

Review the Full Context

Before approving, check:

• What exactly is the tool trying to do?
• Is this consistent with the agent's task?
• Are there any red flags in the input?

Use Deny Messages

When denying, add a message to help the agent understand:

Deny: "Please don't delete test files. Use the staging
      directory for cleanup operations instead."

Consider Creating Policies

If you find yourself approving/denying the same patterns repeatedly:

• Always approve? → Create an Allow policy
• Always deny? → Create a Deny policy
• Sometimes approve? → Keep using Ask with refined rules

Timeout Behavior

If a request isn't reviewed within the timeout period (default: 5 minutes):

• The agent receives a timeout error
• The request is marked as "Timed out"
• The agent may retry or handle the error

Audit Trail

All approval decisions are logged:

• Who approved or denied
• When the decision was made
• Any message provided

This creates a complete audit trail for compliance and review.

Next Steps

• Creating Policies - Automate common decisions
• Actions - When to use Allow vs Deny vs Ask