Approvals
Your agent is powerful, but some actions need a human decision. Approvals let you set up gates so the agent asks permission before doing anything risky — deleting files, running commands, calling external APIs, deploying code.
You approve, reject, edit the request, or ask for changes — all from the dashboard.
How It Works
Section titled “How It Works”- Your agent calls a tool that requires approval
- The agent pauses and sends a request to the dashboard
- You see the request with full details — what tool, what parameters, why
- You choose: Approve, Reject, Edit Parameters, or Request Changes
- The agent continues (or stops) based on your decision
Setting Up Approval Rules
Section titled “Setting Up Approval Rules”-
Open Approval Settings
Go to the Admin Dashboard → Workspaces → select your workspace → Approvals tab.
-
Create an Approval Config
Click Add Approval Rule and configure:
- Tool Pattern — which tools need approval. Use
*for all tools, or specific patterns likegithub__delete_*for all GitHub delete operations - Risk Level — classify as low, medium, high, or critical
- Auto-Approve — optionally auto-approve for specific roles or low-risk patterns
- Tool Pattern — which tools need approval. Use
-
Save
The rule takes effect immediately. The next time your agent calls a matching tool, it will pause and request approval.
Approving a Request
Section titled “Approving a Request”When a request comes in, you see:
- Tool name — which tool the agent wants to call
- Parameters — the exact arguments the agent is passing
- Context — what the agent was doing when it made the request
- Risk level — low, medium, high, or critical
You have four options:
Approve
Section titled “Approve”The agent proceeds with the original parameters. The tool executes and the agent continues its work.
Reject
Section titled “Reject”The agent is told the request was denied. It can adjust its approach or ask you what to do instead.
Edit Parameters
Section titled “Edit Parameters”Change the parameters before approving. For example, if the agent wants to delete a directory, you can narrow it to a specific file. The agent uses your edited parameters.
Request Changes
Section titled “Request Changes”Send a message back to the agent explaining what you want changed. The agent reads your feedback, adjusts its approach, and submits a new request. This can go back and forth as many times as needed.
Multi-Round Conversations
Section titled “Multi-Round Conversations”Approvals are not just yes/no. You can have a conversation about the request:
Agent: “I want to run
rm -rf ./old-data/to clean up disk space.”You: “Don’t delete everything. Only remove files older than 30 days.”
Agent: “Got it. Updated command:
find ./old-data/ -mtime +30 -delete. Requesting approval.”You: Approve
Each round of discussion is tracked as part of the approval record, so you have a full audit trail of why decisions were made.
Example Approval Configurations
Section titled “Example Approval Configurations”Conservative — Approve Everything
Section titled “Conservative — Approve Everything”Pattern: *Risk Level: mediumAuto-Approve: noneEvery tool call requires your approval. Good for initial setup when you want to understand what your agent does.
Balanced — Read Freely, Write with Approval
Section titled “Balanced — Read Freely, Write with Approval”Pattern: *__get_*, *__list_*, *__search_*Auto-Approve: all
Pattern: *Risk Level: mediumAuto-Approve: noneRead operations (get, list, search) run without interruption. Anything that writes, creates, updates, or deletes requires approval.
Team Setup — Auto-Approve for Experienced Members
Section titled “Team Setup — Auto-Approve for Experienced Members”Pattern: *Risk Level: lowAuto-Approve: admin role
Pattern: *__delete_*Risk Level: criticalAuto-Approve: noneAdmins can auto-approve low-risk operations. Delete operations always require explicit approval regardless of role.
Timeout
Section titled “Timeout”If you do not respond to an approval request within 24 hours, it expires. The agent is notified that the request timed out and can either retry or move on.
Approval History
Section titled “Approval History”All approval decisions are logged. Go to Workspaces → Approvals to see:
- Every request, with status (approved, rejected, expired, changes requested)
- Who approved or rejected it
- The full conversation thread for multi-round approvals
- Timestamps and risk levels
This is your audit trail for compliance and review.
Next Steps
Section titled “Next Steps”- Connect OpenClaw — approvals work automatically once your agent is connected
- Activity Monitor — see all agent actions, not just approved ones
- Team Access — each team member manages their own approvals