Approval workflow
An approval workflow is the agent pattern where high-impact actions (send email, make purchase, delete data) pause for human approval before executing — the production-safe alternative to fully autonomous agents.
Fully autonomous agents are still too risky for high-stakes actions in 2026 — hallucination, prompt injection, edge cases bite. Approval workflows split agent execution into auto-approved cheap actions (search, read, draft) and pause-for-approval expensive actions (send, buy, delete, deploy). The agent surfaces the proposed action with reasoning, the human approves/rejects/edits, the agent continues. Implementations: Claude's MCP servers can declare which tools need approval; Cursor/Claude Code 'Plan mode' shows the full plan first; n8n's 'Manual approval' node; Slack/Discord prompts for human-in-the-loop. The opposite of 'YOLO mode'. Often combined with [[agent-sandbox]] for defense in depth.
When to use approval workflow
- Anything irreversible: send email, charge card, delete data, deploy.
- Anything regulated: PII access, financial transactions.
Common mistakes
- Approving by default — turns into rubber-stamping; show the reasoning + diff.
- Approval fatigue — too many low-stakes prompts trains the user to click yes; auto-approve cheap actions.
FAQ
What is approval workflow?
An approval workflow is the agent pattern where high-impact actions (send email, make purchase, delete data) pause for human approval before executing — the production-safe alternative to fully autonomous agents.
When should I use approval workflow?
Anything irreversible: send email, charge card, delete data, deploy. Anything regulated: PII access, financial transactions.
What are the most common mistakes with approval workflow?
Approving by default — turns into rubber-stamping; show the reasoning + diff. Approval fatigue — too many low-stakes prompts trains the user to click yes; auto-approve cheap actions.
Related terms
- Human-in-the-loop — Human-in-the-loop is the design pattern of placing human approval checkpoints inside an AI workflow — gating destructive actions, low-confidence outputs, or high-stakes decisions on explicit human review.
- Agent sandbox — An agent sandbox is the isolated execution environment where an LLM-driven agent runs code, browses, or controls a desktop — the safety boundary that contains prompt-injection blast radius.
- Plan-first workflow — Plan-first workflow is the agent pattern of explicitly drafting and (sometimes) confirming the plan before executing — catching misunderstandings before code is changed, instead of after.
Last updated: 2026-06-01. Raw markdown: https://promtable.com/glossary/approval-workflow.md.