Durability, observability & control

What is an Approval Gate?

Also called: approval checkpoint, human approval

Updated June 24, 2026
Quick Definition

An approval gate is a checkpoint in an agent’s run where execution stops and waits for an explicit human decision before a sensitive action is allowed to proceed. It is the concrete mechanism behind human-in-the-loop: a defined point where the agent pauses, surfaces what it is about to do, and resumes only once a person approves or rejects.

Why approval gates matter

Some actions should never happen without a person signing off — moving money, sending an external message, deleting data, deploying code. An approval gate makes that requirement explicit in the agent’s control flow rather than relying on a reviewer to catch the action after the fact. It places the pause precisely where the consequence is, so the model can reason freely up to that point but cannot cross it alone.

Gates also make an agent’s authority legible. By marking exactly which steps require approval, a team can describe what the agent may do on its own and what it may only propose. The hard part is that a gate can stay open for a long time, so it must hold the run’s state without tying up a process and without losing its place if the system restarts while it waits.

How it works

A common way to express a gate is to mark a specific tool as approval-required, so the gate triggers whenever the model tries to call it:

  1. A sensitive capability — a tool the agent can call — is designated as requiring approval.
  2. During the run, the model decides to call that tool as its next action.
  3. Instead of executing, the run records a waiting state that captures the proposed call and its arguments, and stops advancing.
  4. That state is persisted durably, so the gate can remain open without a process holding it in memory.
  5. A person approves or rejects. On approval the tool call executes and the run continues; on rejection the call is skipped and the agent proceeds from the gate with the denial in hand.

Because the gate is just a durable waiting state, an agent can have several gates, and each can be resolved by a different reviewer at a different time.

Approval gate vs. guardrail

A guardrail and an approval gate both constrain what an agent does, but they differ in who decides. A guardrail evaluates an action automatically against a rule and allows or blocks it with no human present. An approval gate hands the decision to a person and waits. The two often work in sequence: a guardrail can determine that a particular action is high-risk and therefore must pass through an approval gate, while routine actions clear the guardrail and never pause.

In practice

A durable runtime implements an approval gate as a persisted pause on a sensitive step — often a tool call marked as approval-required — so the run holds its place server-side until a person responds. This is the building block of human-in-the-loop control, complements automated guardrails, and stays reliable because of durable execution. For a worked example, see the human-in-the-loop walkthrough.

Frequently asked questions

What is the difference between an approval gate and a guardrail?

A guardrail is an automated check that passes or blocks an action with no person involved. An approval gate routes the decision to a human, who must explicitly approve before the run proceeds. A guardrail can decide that a step needs an approval gate, but only a person clears the gate.

What happens when a human rejects at an approval gate?

The pending action does not run. The agent receives the rejection, usually with a reason, and continues from that point — it can choose a different action, return a result that notes the denial, or stop, depending on how it is defined.

How long can an approval gate wait?

Indefinitely, when the waiting state is held durably. Because the run's position is persisted outside the process, a gate can stay open for minutes or days and still resume correctly after a restart.

See also in the docs

Related terms

Human-in-the-Loop (HITL) Human-in-the-loop pauses an agent so a person can review, approve, or correct an action before the run continues on high-stakes steps. Guardrails Guardrails are validation checks on an agent's inputs and outputs that enforce rules at runtime, blocking or correcting unsafe behavior. Durable Execution Durable execution persists an agent's state server-side so a run survives crashes and restarts, resuming from the last completed step instead of starting over. Tool Use (Function Calling) Tool use lets a language model call external functions — APIs, code, databases — by emitting a structured request the runtime then executes. Orchestration Agent orchestration is the layer that coordinates an agent's steps, tool calls, and sub-agents, deciding what runs when and recovering from failures. Evaluation (Evals) Agent evaluation measures how well an agent performs by scoring its runs against criteria such as task success, tool-call accuracy, and faithfulness.