Agent Approvals: Human-in-the-Loop for Production AI

Your AI agent just deleted 2,000 customer records. The prompt was clear, the tool call was valid, the agent did exactly what it was designed to do. But the input was wrong. A malformed API request, a hallucinated parameter, a user who typed the wrong ID. By the time anyone noticed, the damage was done.

This is the reality of running AI agents in production. They're fast, autonomous, and increasingly capable. But autonomy without oversight is a liability. The more powerful your agents become, the more critical it is to keep a human in the loop for actions that can't be undone.

Connic Approvals solve this. When an agent reaches a sensitive tool call, execution pauses. A human reviews the action and its parameters, approves or rejects it, and the agent resumes. No data is lost, no context is forgotten. The agent picks up exactly where it left off.

Why Agents Need Human-in-the-Loop

AI agents aren't traditional software. They make decisions based on probabilistic reasoning. The same input can lead to different tool calls across runs. A perfectly written prompt doesn't guarantee a perfectly executed action every time. Unlike a REST API that returns a 400 error, an agent with access to a delete endpoint will use it if it believes that's the right thing to do.

Connic Approvals let you draw the line exactly where you need it. Low-risk tool calls execute instantly. High-risk ones pause and wait for a human decision. Your agents stay fast where speed matters and safe where safety matters.

How It Works

The approval flow is built into the agent execution pipeline. When a gated tool is called, the runner pauses execution, creates an approval request, notifies your team, and waits. The full conversation history and agent state are preserved. Once a decision is made, the agent resumes exactly where it stopped.

If approved, the tool executes with the exact parameters that were reviewed. The agent continues its workflow as if nothing happened. Every subsequent tool call proceeds normally unless it hits another gated tool.

If rejected, the default behavior terminates the run with a clear error message that includes the rejection reason. Nothing executes. Alternatively, set on_rejection: continue and the agent receives the rejection as a tool response. It can then adapt: inform the user, try a different approach, or skip the action entirely. Either way, the reviewer can provide context on why the action was denied, which is logged for audit purposes.

If nobody responds, a configurable timeout keeps the run from hanging indefinitely. After the timeout expires, the run fails safely with a clear timeout error. Or, with on_rejection: continue, the agent resumes and treats the timeout as a rejection. The default timeout is 1 hour, but you can set it to whatever makes sense for your workflow.

Configuration

Approvals are declared in your agent's YAML configuration. You define which tools require approval, an optional timeout, and a message that gives reviewers context about why this action needs human oversight.

name: order-processor
model: anthropic/claude-sonnet-4-5-20250514
description: "Processes customer orders and handles refunds"
system_prompt: |
  You handle incoming customer orders...
tools:
  - orders.process
  - orders.delete_order
  - orders.process_refund
  - inventory.check

approval:
  tools:
    - orders.delete_order
    - orders.process_refund
  timeout: 600
  message: "This order action requires manager approval before execution."

In this example, orders.process and inventory.check execute instantly. But when the agent calls delete_order or process_refund, the run pauses and waits up to 10 minutes for a human decision.

By default, rejected approvals terminate the run. If you want the agent to adapt instead, set on_rejection: continue. The tool call returns a rejection message and the agent can try an alternative approach or inform the user. See the rejection behavior docs for details.

Conditional Approvals

Not every refund needs approval. A $5 refund is routine. A $5,000 refund needs a second pair of eyes. Conditional approvals let you define expressions that determine when a tool call requires review, based on the actual parameters being passed or the context of the request.

approval:
  tools:
    # Always require approval for deletions
    - orders.delete_order

    # Only require approval for refunds over $50 or non-admin users
    - orders.process_refund: param.amount > 50 and not context.is_admin

    # Only require approval for bulk operations
    - inventory.bulk_update: param.count > 100
  timeout: 600
  message: "High-value action detected. Please review before proceeding."

Conditions have access to two data sources: param.* for the tool's parameters and context.* for values from your middleware. You can gate approvals on amounts, user roles, resource types, or any business logic you need. If the condition evaluates to false, the tool executes immediately. If it evaluates to true, approval is required.

Notifications That Reach the Right People

An approval request is only useful if someone sees it. Connic notifies your team through three channels the moment one comes up:

Notification routing is configurable per agent and per team member. Your order processing team reviews refund approvals. Your infrastructure team reviews deployment approvals. Each group only sees what's relevant to them.

Full Audit Trail

Every approval decision is recorded with complete context: who reviewed it, when they decided, what they approved or rejected, and why. This isn't just logging. It's a compliance-grade audit trail.

EU AI Act: Why This Matters Now

If you deploy AI systems in the European Union, human oversight is no longer optional. The EU AI Act is the world's first comprehensive AI regulation, and its requirements for high-risk AI systems become enforceable on August 2, 2026. Non-compliance carries fines of up to €15 million or 3% of global annual turnover.

Article 14 of the EU AI Act mandates that high-risk AI systems must be designed so humans can effectively oversee them during operation. That's not a vague aspiration. The regulation spells out specific capabilities that must be available to human overseers:

Beyond Approvals: A Complete Compliance Stack

Human oversight is one piece of the compliance puzzle. The EU AI Act also demands risk mitigation, data governance, transparency, and ongoing monitoring. Connic gives you the building blocks for all of these:

Together, these features form a defense-in-depth approach. Guardrails prevent harmful inputs and outputs, approvals gate high-risk actions behind human review, judges evaluate output quality, observability provides the transparency layer, and A/B testing validates changes safely. That's not just good engineering. It's what regulators expect.

Real-World Scenarios

A few approval configurations teams run in production:

Getting Started

Adding approvals to an existing agent takes minutes:

• 1.Identify the tools in your agent that perform destructive, financial, or irreversible actions
• 2.Add an approval block to your agent YAML listing those tools, with optional conditions
• 3.Deploy your agent. The next time a gated tool is called, the run will pause and create an approval request
• 4.Open the Approvals page in your dashboard to review, approve, or reject pending requests
• 5.Configure notification routing so the right team members are alerted via email or webhooks

Start with your most dangerous tool. The one that makes you nervous every time your agent calls it. Gate that one, see how the approval flow feels, then expand to other sensitive operations as needed.

For the complete configuration reference, check the Approvals documentation. New to Connic? Start with the quickstart guide to deploy your first agent, then come back here to add human oversight where it matters most.