Approval
Control when agents require your approval before executing operations. Configure tool-level permissions to balance automation with safety.Tool Settings
Configure which tools agents can use and whether they require approval.1
Open Connections
Navigate to Connections and select the Built-in Connections tab
2
Select Connection
Find the connection you want to configure (e.g., Amazon Web Services)
3
Open Tool Settings
Click Tool Settings to open the configuration modal
4
Configure Each Tool
For each tool, set:
- Enabled: Allow or disallow agents from using this tool
- Requires User Approval: Require manual approval before execution
Approval Modes
| Mode | Description | Use Case |
|---|---|---|
| Auto-Approved | Agent executes without asking | Read-only analysis, safe operations |
| Requires Approval | Agent pauses and waits for confirmation | Write operations, infrastructure changes |
| Disabled | Agent cannot use this tool | Restrict sensitive capabilities |
Recommended Configuration
Read-Only Tools
Enable without approvalSafe for autonomous analysis:
aws_use_cli_read_onlygcp_use_cli_read_onlyazure_use_cli_read_only
Write Tools
Enable with approval requiredRequire confirmation for changes:
aws_use_cli_write_onlygcp_use_cli_write_onlyazure_use_cli_write_only
Agent Interruption
When an agent attempts an operation requiring approval, it pauses and presents an approval prompt.
What You’ll See
| Element | Description |
|---|---|
| Operation | What the agent wants to do (e.g., “Restart EC2 instance”) |
| Reasoning | Why the agent is taking this action |
| Details | The exact command or script to be executed |
| Cancel | Stop the operation |
| Proceed | Approve and execute |
Approval Actions
- Proceed: Approve the operation and let the agent continue
- Cancel: Stop the operation and notify the agent
- Review Details: Expand to see the exact command before deciding
When Approvals Are Triggered
Agents request approval for potentially impactful operations:| Category | Examples |
|---|---|
| Infrastructure Changes | Restart instances, resize resources, modify configurations |
| Write Operations | Create, update, or delete cloud resources |
| Security Actions | IAM changes, security group modifications |
| Database Operations | Schema changes, data modifications |
| Kubernetes Changes | Scale deployments, modify configurations |
Safety Controls
| Control | Description |
|---|---|
| Per-Tool Approval | Configure approval requirements at the tool level |
| Review Before Execute | See exact commands before they run |
| Cancel Anytime | Stop operations that don’t look right |
| Audit Trail | All approvals and actions logged for compliance |
Best Practices
Start with approval required
Start with approval required
When first connecting a new service, enable approval for all write operations. As you build confidence in agent behavior, selectively enable auto-approval for routine operations.
Separate read and write permissions
Separate read and write permissions
Use different tools for read vs write operations. Enable read tools without approval for faster analysis, but require approval for any changes.
Review the details
Review the details
Always expand the Details section before approving. Verify the exact command matches your expectations.
Use for compliance
Use for compliance
Requiring approval creates an audit trail showing who approved what changes, useful for compliance requirements.