Approval Workflows

When a policy requires approval, Airlock creates a pending request and notifies designated approvers.

How Approvals Work

AI Agent calls tool
       │
       ▼
Policy evaluates to REQUIRE_APPROVAL
       │
       ▼
Pending request created
       │
       ▼
Approvers notified by email
       │
       ▼
Approver reviews and decides
       │
       ├── APPROVED → Execute operation
       ├── REJECTED → Return error to agent
       │
       └── EXPIRED → Auto-expire after timeout

Configuring Approvers

Approval Rules

Set up who can approve requests for specific operations:

Go to your server's detail page
In the Policy Configuration section, find the tool that requires approval
Click Add Approver next to the tool
Select approvers:
- Individual users from your organization
- Groups for team-based approval

Multiple approvers can be assigned — any one of them can approve the request.

Self-Approval

For lower-risk operations, policies can enable self-approval. This allows the user who triggered the request to approve it themselves — useful as a confirmation step rather than a second-person review.

Default Approvers

If no specific rule matches, the server owner can approve.

User Groups

Create groups to manage approvers at scale:

Navigate to Settings in the main navigation
Click the Groups tab
Click Create Group
Add members to the group
The group will be available when assigning approvers to tools

The Approval Process

For Approvers

When a request needs approval:

Email Notification: Receive an email with request details
Click to Review: Link takes you to the request page
Review Details: See the operation, parameters, and requester
Decide: Click Approve or Reject

For AI Agents

When a tool call requires approval, Airlock returns a structured PENDING_APPROVAL response with a requestId, a statusUrl, an approvalUrl, and a suggested pollIntervalSeconds. The agent observes the decision in one of three ways depending on what its MCP client supports:

SEP-1686 Task polling — if the client implements MCP tasks, Airlock returns a taskId and the agent polls tasks/get until the task resolves.
SEP-1036 Elicitation — if the client implements URL elicitation, Airlock asks the human user to open the approval URL directly.
Plain polling — otherwise, the agent re-issues the tool call (or calls the status URL) every pollIntervalSeconds.

Once the approver decides:

Approved: The operation executes and returns results on the next poll/elicitation completion.
Rejected: An error is returned with the rejection reason.

Approvers are always notified by email; the email contains a direct link to the approval page.

Request Details

Each pending request shows:

Operation: The tool being called
Parameters: Input arguments
Requester: Which user's credentials triggered the request
Timestamp: When the request was created
Status: Pending, Approved, Rejected, or Expired
Agent Context: Client name, version, and transport type

Notifications

Email Notifications

Approvers receive emails containing:

Server and operation name
Request parameters (sanitized)
Direct link to approve/reject

Agent Observation

Agents observe the decision via task polling, MCP elicitation, or plain polling — see "For AI Agents" above. Most MCP clients use polling at the interval Airlock suggests in the PENDING_APPROVAL response (pollIntervalSeconds, typically 15s).

Request Expiration

Pending requests automatically expire after a configurable timeout. Expired requests return an error to the agent. A background job runs every 5 minutes to clean up stale requests.

Best Practices

Quick Response

Set up multiple approvers to ensure someone is always available to respond promptly.

Clear Context

When configuring policies, consider what information approvers need to make decisions.

Audit Trail

All approval decisions are logged:

Who approved/rejected
When the decision was made
The request details

Escalation

For time-sensitive operations, consider:

Multiple approvers for redundancy
Clear documentation of approval criteria
Backup approval processes

Common Patterns

Manager Approval

Create a "managers" group and assign it as the approver for sensitive operations like expense-related tools.

Security Team Approval

Create a "security-team" group for operations that modify or delete data. Assign this group as approvers for all delete_* operations.

Multiple Approvers for Redundancy

Assign both individual users and groups to the same tool. Any one of the approvers can approve the request, ensuring coverage when team members are unavailable.

Approval Workflows ​

How Approvals Work ​

Configuring Approvers ​

Approval Rules ​

Self-Approval ​

Default Approvers ​

User Groups ​

The Approval Process ​

For Approvers ​

For AI Agents ​

Request Details ​

Notifications ​

Email Notifications ​

Agent Observation ​

Request Expiration ​

Best Practices ​

Quick Response ​

Clear Context ​

Audit Trail ​

Escalation ​

Common Patterns ​

Manager Approval ​

Security Team Approval ​

Multiple Approvers for Redundancy ​