Approvals
Manual confirmation queue for sensitive tool calls. When an agent wants to run a mutation-permission tool, the gateway can require your explicit OK before execution.
Flow
- Agent invokes a tool marked
permission: "mutation" - Gateway checks approval rules
- If
auto-allowmatches, tool runs immediately - If
auto-denymatches, tool fails - Otherwise, gateway adds to pending queue
- You decide via
/approvals/:id/decide(Telegram buttons, CLI prompt, etc.) - Default timeout: 5 minutes โ auto-deny
Pending queue
curl http://127.0.0.1:18789/approvals/pending
# [
# {
# "id": "a_173...",
# "sessionKey": "user-123",
# "agent": "defi-strategist",
# "channel": "telegram",
# "toolName": "raydium_swap",
# "toolInput": {"in":"USDC","out":"SOL","amount":100},
# "permission": "mutation",
# "createdAt": ...,
# "expiresAt": ...
# }
# ]Deciding
curl -X POST http://127.0.0.1:18789/approvals/a_173.../decide \
-d '{"decision":"allow","decidedBy":"alice"}'
# Decision values:
# "allow" โ run this call only
# "deny" โ reject
# "allow-and-remember" โ run + add auto-allow rule for futureRules
# Auto-allow telegram_send for all agents
curl -X POST http://127.0.0.1:18789/approvals/rules \
-d '{
"toolPattern": "telegram_send",
"agent": "*",
"policy": "auto-allow",
"reason": "I trust this tool"
}'
# Auto-deny anything matching raydium_*
curl -X POST http://127.0.0.1:18789/approvals/rules \
-d '{
"toolPattern": "raydium_*",
"agent": "*",
"policy": "auto-deny",
"reason": "no DEX swaps"
}'Storage
Decisions: ~/.openvesper/approvals.json (last 1000)
Rules: ~/.openvesper/approval-rules.json
Both mode 0600.
Source
Implementation: apps/gateway/src/approvals.ts