Blog

Human-in-the-loop approvals

ai-agentstool-useverificationsdk

AI Agent Action Approval: Gate Side Effects Before Execution

Approve, verify, or block tool calls, API writes, and file ops with verifyAction(). Patterns for LangChain, MCP, and custom agents.

May 19, 20267 min read

Tool-using agents are production systems. Each tool call is a commit: send Slack, delete repo, charge a card. Action approval before execution is how you keep autonomy without blind trust.

The three decisions

  • Approve — low risk, policy allows, execute immediately
  • Verify — hold until a human approves (console or mobile PWA)
  • Block — deny and log; optionally alert ops

Integration patterns

Middleware — wrap every tool executor with verifyAction().

protectAgent() — agent adapter for LangChain-style loops.

Webhooks — fire verification.required to Slack or PagerDuty.

Example: high-value transfer

// Policy: transfer_funds → REQUIRE_VERIFICATION
// Runtime holds until operator approves in console or mobile app
// Audit row: actor, risk score, decision, timestamp

Clone the open-source runtime on GitHub or read what is a runtime trust layer.

Guides: agentic AI risk · MCP security · runtime authorization · HITL approvals · coding agents · get startedMore: all posts · AI trust layer · open Sanctum Console

Give every agent action a trust boundary.

Start with Connect Agent, keep the SDK path for deeper fleets, and prove exactly what was approved, blocked, or contained.