> ## Documentation Index
> Fetch the complete documentation index at: https://docs.svantic.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Guardrails

# Approval Workflows

When a policy's enforcement is `require_approval`, the operation pauses and enters a human-in-the-loop workflow. The agent stops, an approval request is generated, notifications are delivered, and the agent resumes only when a human resolves it.

***

## How Approvals Work

<img src="https://mintcdn.com/svantic/BQDiyUefGxsfzbyO/images/diagrams/approval-workflow.svg?fit=max&auto=format&n=BQDiyUefGxsfzbyO&q=85&s=b30ffded64cf219d4f96978d15799cc9" alt="Approval workflow: agent action triggers policy, generates A2UI spec, enters input-required, fans out to Dashboard and Notification channels" width="600" height="380" data-path="images/diagrams/approval-workflow.svg" />

1. An agent invokes a tool that matches a `require_approval` policy
2. The policy engine generates an [A2UI](/concepts/a2ui) spec describing what needs approval
3. The message transitions to `input-required`
4. Notifications are delivered through all channels linked to the policy
5. A human reviews and resolves — approve, deny, or provide structured input
6. The agent receives the resolution and resumes execution

***

## Resolution Surfaces

Humans can approve from any connected surface:

| Surface              | How                                                     |
| -------------------- | ------------------------------------------------------- |
| **Dashboard**        | Approval Queue → click Approve or Deny                  |
| **Slack**            | Interactive buttons in the Slack notification           |
| **Webhook callback** | External system POSTs resolution to `/webhooks/receive` |
| **In-session**       | User responds in the terminal or chat widget            |

If the same approval is resolved from multiple surfaces simultaneously, the first resolution wins. Subsequent attempts receive `409 Conflict`.

***

## Approval Types

| Type                | Scope               | Behavior                                                         |
| ------------------- | ------------------- | ---------------------------------------------------------------- |
| **Session grant**   | This session only   | In-memory, cleared when session closes                           |
| **Deny**            | This request only   | Operation blocked, agent receives denial                         |
| **Permanent allow** | All future sessions | Update the policy enforcement from `require_approval` to `allow` |

***

## ADK Tool Confirmation

ADK's `require_confirmation` and `request_confirmation()` are mapped to the same approval pipeline. An ADK tool with `require_confirmation: true` produces an A2UI form with approve/deny actions. The resolution is translated back to an ADK `FunctionResponse` with `confirmed: true/false`.

This means ADK tools get the full benefit of Svantic's notification channels — a tool confirmation can be approved from Slack, the dashboard, or any other connected surface.

***

## Approval API

| Endpoint                         | Purpose                                                        |
| -------------------------------- | -------------------------------------------------------------- |
| `POST /messages/pending`         | List messages awaiting human input (the Approval Queue)        |
| `POST /messages/{id}/resolve`    | Submit a resolution (approve, deny, form values)               |
| `POST /internal/policies/update` | Change a policy to permanently allow a previously blocked tool |

***

## Further Reading

* [Policy Architecture](/guides/policies) — how policies are structured and evaluated
* [Approvals Guide](/guides/approvals) — step-by-step walkthrough with code examples
* [A2UI](/concepts/a2ui) — the structured format for approval forms
* [Notifications](/concepts/notifications) — how approval notifications are delivered