Approvals

Manual confirmation queue for sensitive tool calls. When an agent wants to run a mutation-permission tool, the gateway can require your explicit OK before execution.

Flow

  1. Agent invokes a tool marked permission: "mutation"
  2. Gateway checks approval rules
  3. If auto-allow matches, tool runs immediately
  4. If auto-deny matches, tool fails
  5. Otherwise, gateway adds to pending queue
  6. You decide via /approvals/:id/decide (Telegram buttons, CLI prompt, etc.)
  7. Default timeout: 5 minutes โ†’ auto-deny

Pending queue

curl http://127.0.0.1:18789/approvals/pending
# [
#   {
#     "id": "a_173...",
#     "sessionKey": "user-123",
#     "agent": "defi-strategist",
#     "channel": "telegram",
#     "toolName": "raydium_swap",
#     "toolInput": {"in":"USDC","out":"SOL","amount":100},
#     "permission": "mutation",
#     "createdAt": ...,
#     "expiresAt": ...
#   }
# ]

Deciding

curl -X POST http://127.0.0.1:18789/approvals/a_173.../decide \
  -d '{"decision":"allow","decidedBy":"alice"}'

# Decision values:
#   "allow"               โ€” run this call only
#   "deny"                โ€” reject
#   "allow-and-remember"  โ€” run + add auto-allow rule for future

Rules

# Auto-allow telegram_send for all agents
curl -X POST http://127.0.0.1:18789/approvals/rules \
  -d '{
    "toolPattern": "telegram_send",
    "agent": "*",
    "policy": "auto-allow",
    "reason": "I trust this tool"
  }'

# Auto-deny anything matching raydium_*
curl -X POST http://127.0.0.1:18789/approvals/rules \
  -d '{
    "toolPattern": "raydium_*",
    "agent": "*",
    "policy": "auto-deny",
    "reason": "no DEX swaps"
  }'

Storage

Decisions: ~/.openvesper/approvals.json (last 1000)
Rules: ~/.openvesper/approval-rules.json
Both mode 0600.

Source

Implementation: apps/gateway/src/approvals.ts