Skip to main content

Overview

The approval system ensures humans maintain oversight of agent actions. Each squad defines what agents can do automatically vs. what requires human approval. Three levels of autonomy:
LevelActionsHuman Involvement
autoSafe, reversible operationsNone - agent proceeds
approveSignificant but routineAsync approval (Slack/GitHub)
confirmHigh-impact decisionsSync confirmation required

Configuration

Each squad’s SQUAD.md contains an approvals: section: 
approvals:
  channel: "#squad-engineering"
  notify: ["@jorge"]

  policy:
    auto:
      - memory.update
      - goal.set
      - branch.create
      - issue.create
      - pr.create
      - agent.run.readonly

    approve:
      - pr.merge
      - release.draft
      - trigger.fire
      - agent.run.write

    confirm:
      - deploy.production
      - schema.migrate
      - secret.rotate

  thresholds:
    spend_approval: 15.00
    bulk_actions: 5
    files_changed: 20

Action Categories

Auto Actions

Agents execute immediately without human intervention:
ActionDescription
memory.updateUpdate squad memory files
goal.setSet or update squad goals
branch.createCreate feature branches
issue.createOpen GitHub issues
issue.commentComment on issues
pr.createCreate pull requests
commit.pushPush commits to branches
build.runRun build commands
test.runRun test suites
agent.run.readonlyExecute read-only agents

Approve Actions

Require async approval via Slack or GitHub:
ActionDescription
pr.mergeMerge pull requests
release.draftCreate release drafts
release.publishPublish releases
trigger.fireManually fire triggers
infra.changeInfrastructure modifications
agent.run.writeExecute write-capable agents

Confirm Actions

Require synchronous confirmation before proceeding:
ActionDescription
deploy.productionProduction deployments
schema.migrateDatabase migrations
secret.rotateRotate secrets
mission.changeMission statement changes
org.restructureOrganizational changes
budget.exceedOver-budget decisions

Thresholds

Automatic escalation based on impact: 
thresholds:
  spend_approval: 15.00    # USD - actions exceeding this need approval
  bulk_actions: 5          # Operations affecting >N items
  files_changed: 20        # PRs touching >N files

How Thresholds Work

  1. Spend Threshold: Agent tracks cumulative spend. When approaching threshold, pauses for approval.
  2. Bulk Actions: Creating >5 issues? Closing >5 PRs? Requires approval.
  3. Files Changed: Large PRs automatically require squad lead review.

Approval Flow

Slack Approval

Agent: "I need to merge PR #123 (15 files changed)"

Slack message to #squad-engineering:
┌────────────────────────────────────────┐
│ 🔔 Approval Request                     │
│                                         │
│ Agent: engineering/issue-solver         │
│ Action: pr.merge                        │
│ Target: PR #123 - Add user auth         │
│ Files: 15 (threshold: 20)               │
│                                         │
│ [Approve] [Reject] [View PR]            │
└────────────────────────────────────────┘

Human clicks [Approve]

Agent receives approval, proceeds

CLI Approval

# Send approval request
squads approval send pr.merge --target "PR #123"

# Check status
squads approval check approval-abc123

# List pending approvals
squads approval list

# Cancel request
squads approval cancel approval-abc123

Escalation

Some actions escalate to higher-level channels: 
confirm:
  - deploy.production    # Escalate to #company
  - schema.migrate       # Escalate to #company
When an action is in confirm, it escalates from the squad channel to the company channel, requiring explicit confirmation before proceeding.

Timeout Behavior

Approvals have configurable timeouts:
TypeDefault TimeoutOn Timeout
approve4 hoursReminder, then abandon
confirm1 hourAbandon, create issue

Per-Squad Examples

Engineering Squad

approvals:
  channel: "#engineering"
  notify: []  # GitHub watched directly

  policy:
    auto:
      - issue.create
      - pr.create
      - commit.push
      - release.draft
    approve:
      - pr.merge
      - release.publish
    confirm:
      - deploy.production  # → #company

Company Squad

approvals:
  channel: "#company"
  notify: ["@jorge"]

  policy:
    auto:
      - memory.update
      - goal.set
    approve:
      - sprint.approve
      - strategy.update
    confirm:
      - mission.change
      - org.restructure

Best Practices

1. Start Restrictive

Begin with most actions in approve, move to auto as trust builds.

2. Use Thresholds

Don’t make everything require approval. Use thresholds to catch outliers.

3. Clear Channels

Each squad should have a dedicated approval channel. Don’t mix with general chat.

4. Timely Responses

Blocked agents waste compute. Respond to approvals quickly or adjust policies.

5. Document Exceptions

If you approve something unusual, note why in the approval response.

Monitoring Approvals

# View approval statistics
squads approval stats

# See approval response times
squads autonomy --period week
Slow approval times indicate policies may be too restrictive.