AI Safety: How to Add Approval Gates to Agent Actions
Your AI peer is having a great conversation with a customer. It understands the problem, has all the information, and knows exactly what to do. There's just one problem: the action it wants to take will permanently delete customer data, charge their credit card, or send an email to 10,000 people.
Do you trust the AI to proceed automatically?
With Agent Action Approval, you don't have to choose between automation and safety. Your AI peer can request human approval before executing critical actions - combining AI efficiency with human judgment.
The Problem with Full Automation
AI agents are powerful, but they're not perfect. Common issues include:
❌ Misunderstanding Context
- Customer says "delete my account" (they meant unsubscribe)
- AI interprets it literally and deletes everything
❌ Edge Cases
- AI approves a $10,000 refund (system bug made price show as $10)
- No validation caught the error
❌ Compliance Requirements
- Financial regulations require human approval for transactions
- Healthcare requires physician confirmation for prescriptions
- GDPR requires explicit consent for data deletion
❌ User Trust
- Users uncomfortable with AI making irreversible decisions
- Want final say on important actions
The Solution: Agent Action Approval
Agent Action Approval lets your AI peer request permission before executing sensitive operations. The conversation continues naturally, but with a safety checkpoint.
How it works:
- AI determines an action is needed (e.g., "delete user data")
- System checks if action requires approval
- If yes: Pause, show approval request, wait for decision
- User approves or rejects
- AI resumes and executes (if approved)
The user experience:
User: "I want to delete my account"
AI: "I understand you'd like to delete your account. Let me help with that.
┌─────────────────────────────────────────┐
│ 🔧 Delete User Account │
│ │
│ This will permanently delete: │
│ • Profile and settings │
│ • Purchase history (12 orders) │
│ • Saved payment methods │
│ • Wishlist items (8 items) │
│ │
│ ⚠️ This action cannot be undone │
│ │
│ [Approve ✓] [Reject ✗] │
└─────────────────────────────────────────┘
User clicks "Approve"
AI: "✅ Your account has been deleted. You'll receive a confirmation email within 24 hours. Is there anything else I can help you with?"Real-World Use Cases
Let's explore how different teams use Agent Action Approval to build safer AI experiences.
Use Case 1: Customer Support - Account Management
Company: SaaS platform with 50,000+ users
Challenge: Support team wants to automate account management, but worried about:
- Accidental deletions
- Wrong accounts being modified
- Compliance with data protection laws
Solution: AI handles routine questions, requests approval for critical actions
Example Conversation
Scenario: Account Cancellation
User: "Hi, I need to cancel my subscription"
AI: "I can help you cancel your subscription. Let me check your account details first.
I see you're on our Pro plan ($49/month). Your current billing cycle ends on Nov 15, 2025.
Would you like to:
• Cancel immediately (pro-rated refund of $32.67)
• Cancel at end of billing cycle (access until Nov 15)
• Downgrade to a free plan instead"
User: "Cancel immediately please"
AI: "I'll process your cancellation and refund right away.
┌───────────────────────────────────────────┐
│ 🔧 Cancel Subscription & Process Refund │
│ │
│ Account: john@example.com │
│ Plan: Pro Plan ($49/month) │
│ Action: Immediate cancellation │
│ │
│ Refund Details: │
│ • Unused days: 20 days │
│ • Refund amount: $32.67 │
│ • Refund method: Original payment method │
│ • Processing time: 3-5 business days │
│ │
│ [Approve & Cancel] [Go Back] │
└───────────────────────────────────────────┘
User clicks "Approve & Cancel"
AI: "✅ Done! Your subscription has been cancelled and your refund of $32.67 is being processed.
You'll receive:
• Confirmation email right now
• Refund to your Visa ending in 4532 (3-5 days)
• Access to Pro features until end of day
Your account will automatically convert to a free plan, so you won't lose any of your data.
Is there anything else I can help you with?"Why This Works:
- User sees exactly what will happen
- Refund amount is clear before approving
- AI handles the complexity, user makes final decision
- Audit trail for compliance
Configuration
In Peer Settings → Actions:
json
{
"name": "Cancel Subscription",
"requiresApproval": true,
"approvalMessage": "Cancel {{planName}} and refund ${{refundAmount}}?",
"action": {
"type": "api-call",
"endpoint": "/api/subscriptions/cancel",
"method": "POST"
}
}Use Case 2: Sales - Discount Approvals
Company: E-commerce platform
Challenge: Sales team wants AI to negotiate deals, but needs control over:
- Discount limits
- Large order exceptions
- Margin protection
Solution: AI negotiates freely up to 10% discount, requests approval for higher amounts
Example Conversation
Scenario: Large B2B Order
User: "We want to order 500 units. What's your best price?"
AI: "Great! For an order of 500 units, I can offer you a significant discount.
Standard pricing:
• Unit price: $49.99
• Order total: $24,995.00
Volume discount (15%):
• Discounted price: $42.49/unit
• New total: $21,245.00
• Your savings: $3,750.00
┌──────────────────────────────────────────┐
│ 🎯 Apply 15% Volume Discount │
│ │
│ Customer: Acme Corp │
│ Order: 500 units │
│ Discount: 15% ($3,750 off) │
│ │
│ Margin Impact: │
│ • Standard margin: 42% │
│ • Discounted margin: 35% │
│ • Still profitable: ✅ │
│ │
│ Customer History: │
│ • Previous orders: 3 │
│ • Lifetime value: $18,500 │
│ • Payment history: Excellent │
│ │
│ [Approve Discount] [Counter Offer] │
└──────────────────────────────────────────┘
Sales Manager clicks "Approve Discount"
AI: "✅ Perfect! Your 15% discount has been approved.
Order Summary:
• 500 units @ $42.49 each
• Total: $21,245.00
• You save: $3,750.00 (15% off)
Free shipping included!
Would you like to proceed with the order?"Dynamic Approval Rules:
javascript
// In peer configuration
{
"action": "apply_discount",
"requiresApproval": {
"condition": "{{discountPercent}} > 10 || {{orderTotal}} > 20000",
"message": "Apply {{discountPercent}}% discount ({{currency}}{{discountAmount}} off)?"
}
}Results:
- AI auto-approves small discounts (< 10%)
- Large discounts need manager approval
- Includes context: margin, customer history, profitability
- 95% faster than manual quote process
Use Case 3: IT Operations - Database Access
Company: Financial services firm
Challenge:
- Developers need database access for troubleshooting
- Security requires approval for production access
- Compliance needs audit trail
Solution: AI peer grants dev/staging access automatically, requests approval for production
Example Conversation
Scenario: Production Database Access Request
Developer: "I need read access to production customer database to debug issue #4532"
AI: "I'll help you get access. Let me check the ticket first.
Ticket #4532 Analysis:
• Issue: Customer transactions not displaying
• Severity: High
• Affected users: ~150 customers
• Reported: 2 hours ago
Required access:
• Database: production_customers
• Permission: Read-only
• Tables: transactions, customers
• Duration: 4 hours
┌────────────────────────────────────────────┐
│ 🔐 Grant Production Database Access │
│ │
│ User: john.dev@company.com │
│ Database: production_customers │
│ Access Level: Read-only │
│ Duration: 4 hours │
│ │
│ Justification: │
│ • Ticket: #4532 (High severity) │
│ • Issue: Transaction display bug │
│ • Affected: 150 customers │
│ │
│ Security Checks: │
│ ✅ User has valid MFA │
│ ✅ No active security alerts │
│ ✅ Read-only access sufficient │
│ │
│ Compliance: │
│ • Access will be logged │
│ • Auto-revoke after 4 hours │
│ • Audit trail generated │
│ │
│ [Grant Access] [Deny] │
└────────────────────────────────────────────┘
Security Manager clicks "Grant Access"
AI: "✅ Access granted!
Connection details sent to john.dev@company.com
Access summary:
• Database: production_customers (read-only)
• Duration: 4 hours (auto-revoke at 6:30 PM)
• Tables: transactions, customers
• Connection: Via bastion host
Security reminders:
• Do not export data
• Do not share credentials
• Access is logged and monitored
Access will auto-revoke at 6:30 PM. Good luck with the debugging!"Configuration:
json
{
"actions": [
{
"name": "grant_db_access",
"requiresApproval": {
"condition": "{{database}} == 'production'",
"approvers": ["security_team", "team_lead"],
"message": "Grant {{accessLevel}} access to {{database}} for {{duration}}?"
}
}
]
}Security Benefits:
- All production access requires approval
- Context includes justification and security checks
- Automatic revocation after time limit
- Complete audit trail for compliance
Use Case 4: Marketing - Email Campaigns
Company: SaaS marketing platform
Challenge:
- Marketing team wants to automate email sending
- Errors can damage brand reputation
- Need quality control before mass sends
Solution: AI composes emails, requests approval before sending to large lists
Example Conversation
Scenario: Product Launch Email
Marketer: "Create and send an email about our new feature to all Pro users"
AI: "I'll create a launch email for the new Analytics Dashboard feature.
I've drafted an email based on:
• Your previous launch emails (same tone/style)
• Feature details from product docs
• Target audience: Pro plan users
Here's what I created:
📧 Email Preview:
━━━━━━━━━━━━━━━━━━━━━━━━━━━
Subject: 📊 New: Advanced Analytics Dashboard - See Your Impact
Hi {{firstName}},
Great news! We just launched the Advanced Analytics Dashboard
you've been asking for.
What's new:
✓ Real-time performance metrics
✓ Custom report builder
✓ Data export (CSV, PDF)
✓ Team collaboration tools
Watch the 2-minute demo: [link]
Available now in your dashboard!
Best,
The Cognipeer Team
[View full email]
━━━━━━━━━━━━━━━━━━━━━━━━━━━
┌────────────────────────────────────────────┐
│ 📨 Send Email Campaign │
│ │
│ Campaign: Analytics Dashboard Launch │
│ Recipients: 12,450 Pro plan users │
│ Subject: "📊 New: Advanced Analytics..." │
│ │
│ Audience Breakdown: │
│ • Active users (last 7 days): 8,234 │
│ • Inactive users: 4,216 │
│ • Never opened: 892 │
│ │
│ Predicted Performance: │
│ • Open rate: ~28% (3,486 opens) │
│ • Click rate: ~4.2% (523 clicks) │
│ • Feature adoption: ~15% (1,867 users) │
│ │
│ Quality Checks: │
│ ✅ No broken links │
│ ✅ All images loading │
│ ✅ Mobile responsive │
│ ✅ Spam score: Low (2.1/10) │
│ ⚠️ Subject line: 48 chars (good) │
│ │
│ Send Time: Optimized for 2 PM EST │
│ Cost: ~$62 (email credits) │
│ │
│ [Preview & Edit] [Send Now] [Cancel] │
└────────────────────────────────────────────┘
Marketer clicks "Send Now"
AI: "✅ Campaign launching now!
Sending to 12,450 recipients...
Progress:
⏱️ Estimated completion: 18 minutes
Real-time dashboard: [link]
I'll notify you at:
• 25% sent (3,112 users)
• 50% sent (6,225 users)
• 100% sent
• First performance snapshot (1 hour)
You can pause/stop anytime from the dashboard."Advanced Approval Rules:
json
{
"action": "send_email_campaign",
"requiresApproval": {
"rules": [
{
"condition": "{{recipientCount}} > 1000",
"message": "Send to {{recipientCount}} recipients?",
"required": true
},
{
"condition": "{{spamScore}} > 5",
"message": "⚠️ High spam score ({{spamScore}}/10). Send anyway?",
"required": true
},
{
"condition": "{{brokenLinks}} > 0",
"message": "🔗 Found {{brokenLinks}} broken links. Fix before sending?",
"blocking": true
}
]
}
}Quality Benefits:
- Human reviews before mass send
- AI catches technical issues (broken links, spam score)
- Performance prediction helps set expectations
- Easy to edit before final send
Use Case 5: Finance - Payment Processing
Company: Accounts payable automation
Challenge:
- Process hundreds of invoices daily
- Need approval for large/unusual payments
- Prevent fraud and errors
Solution: AI auto-pays routine invoices, requests approval for exceptions
Example Conversation
Scenario: Unusual Payment Detection
AI: "I'm processing today's invoices and found something unusual.
┌────────────────────────────────────────────┐
│ ⚠️ Unusual Payment Detected │
│ │
│ Invoice: INV-2847 from Office Supplies Co │
│ Amount: $8,450.00 │
│ Due date: Oct 25, 2025 │
│ │
│ 🚨 Flagged because: │
│ • Amount 4.2x higher than usual │
│ • New bank account (not on file) │
│ • First invoice over $5,000 │
│ │
│ Vendor History: │
│ • Previous invoices: 24 │
│ • Average amount: $2,015 │
│ • Largest previous: $3,200 │
│ • Payment history: Always on time │
│ │
│ Invoice Details: │
│ • Items: Office furniture (10 desks) │
│ • Unit price: $845/desk │
│ • Quantity: 10 │
│ • Delivery: Confirmed (tracking #) │
│ │
│ New Bank Account: │
│ • Bank: First National │
│ • Account: •••• 8392 │
│ • Reason: "Updated banking info" │
│ │
│ Verification: │
│ ✅ Invoice matches PO-8839 │
│ ✅ Goods received (signed) │
│ ⚠️ Bank account change (needs verify) │
│ │
│ [Verify Bank & Approve] │
│ [Contact Vendor First] │
│ [Mark as Fraud] │
└────────────────────────────────────────────┘After clicking "Contact Vendor First":
AI: "I'll contact the vendor to verify the bank account change.
📧 Email sent to: accounts@officesupplies.co
Subject: Bank Account Verification Required - Invoice INV-2847
Content:
"Hi,
We're processing your invoice INV-2847 for $8,450.00.
We noticed the payment will go to a new bank account
ending in 8392. Can you please confirm this is correct
and provide:
1. Reason for account change
2. Authorized signer confirmation
3. Supporting documentation
Reply by Oct 24 to ensure on-time payment.
Thanks!"
I'll notify you when they respond and we can proceed
with the payment approval."Smart Approval Rules:
json
{
"action": "process_payment",
"requiresApproval": {
"autoApprove": {
"conditions": [
"{{amount}} < 5000",
"{{vendor.trusted}} == true",
"{{bankAccount}} == {{vendor.registeredAccount}}",
"{{invoiceNumber}} matches {{purchaseOrder}}"
]
},
"requireApproval": {
"conditions": [
"{{amount}} > 5000",
"{{bankAccountChanged}} == true",
"{{amount}} > {{vendor.avgInvoice}} * 2"
],
"message": "Unusual payment: {{flagReason}}"
}
}
}Fraud Prevention:
- AI auto-processes routine payments (saves 20+ hours/week)
- Flags unusual patterns automatically
- Provides all context for informed decision
- Prevents fraud with bank verification
Implementation Guide
Step 1: Identify Actions Needing Approval
Always Require Approval:
- ❌ DELETE operations (user data, records)
- 💰 Financial transactions (payments, refunds)
- 📧 Mass communications (email blasts, SMS)
- 🔐 Security changes (permissions, access)
- 📤 Publishing (content, releases)
Consider Approval:
- 📊 Bulk operations (>100 items)
- 💵 High-value items (>$1000)
- ⚠️ Compliance-sensitive actions
- 🔄 Cross-system updates
No Approval Needed:
- 📖 Read-only operations
- 🔍 Searches and queries
- 📈 Analytics and reports
- 💬 Routine conversations
Step 2: Configure Action Approval
In Peer Settings → Actions → Select Action:
Basic Approval:
json
{
"name": "Delete User Data",
"requiresApproval": true,
"approvalMessage": "Permanently delete all data for {{email}}?"
}Dynamic Approval with Variables:
json
{
"name": "Process Refund",
"requiresApproval": true,
"approvalMessage": "Refund {{currency}}{{amount}} to {{customerName}}?\nReason: {{refundReason}}\nOrder: {{orderId}}"
}Conditional Approval:
json
{
"name": "Apply Discount",
"requiresApproval": {
"condition": "{{discountPercent}} > 15",
"message": "Large discount: {{discountPercent}}% off ({{savings}} saved)"
}
}Step 3: Design Effective Approval Messages
✅ Good Messages:
"Delete invoice #12345 ($1,250.00)?"
"Grant admin access to sarah@company.com?"
"Send password reset to john@example.com?"
"Charge $499.00 to card ending in 4532?"❌ Poor Messages:
"Continue?" (too vague)
"Execute action?" (no context)
"Approve?" (missing details)
"Proceed with operation?" (too technical)Formula for Great Messages:
[Action Verb] + [Specific Object] + [Key Details] + [Impact/Warning]
Examples:
"Delete {{userName}}'s account with {{orderCount}} orders? This cannot be undone."
"Charge {{amount}} to {{paymentMethod}}? Customer will be notified."
"Send email to {{recipientCount}} subscribers? Subject: {{subject}}"Step 4: Test Both Paths
Always test:
- ✅ Approval path: Verify action executes correctly
- ❌ Rejection path: Verify graceful cancellation
- 🔄 Multiple attempts: User can try again after reject
- ⏱️ Timing: Response time is fast (< 1 second)
Step 5: Monitor and Optimize
Track these metrics:
Approval Rate:
Approved / Total Requests
Target: > 90% (if lower, AI may be suggesting wrong actions)Decision Time:
Time from request to decision
Target: < 30 secondsRejection Patterns:
Which actions get rejected most?
→ Improve AI accuracy
→ Refine approval conditions
→ Add more context to messageAdvanced Patterns
Multi-Level Approval
For sensitive operations:
json
{
"action": "delete_production_database",
"approvalChain": [
{
"level": 1,
"approver": "team_lead",
"message": "Team lead approval: Delete production data?"
},
{
"level": 2,
"approver": "cto",
"message": "CTO approval: Delete production data?",
"required": true
}
]
}Time-Based Approval
Auto-approve during business hours, require approval after hours:
json
{
"action": "process_large_payment",
"requiresApproval": {
"condition": "{{amount}} > 10000 || !isBusinessHours()",
"message": "{{afterHours ? 'After-hours' : 'Large'}} payment: {{amount}}"
}
}Approval with Alternatives
Give users choices:
┌──────────────────────────────────────┐
│ Delete 150 old records? │
│ │
│ [Delete All] │
│ [Delete Only Duplicates (47)] │
│ [Archive Instead] │
│ [Cancel] │
└──────────────────────────────────────┘API Integration
For Custom Applications
Resume message with decision:
javascript
// JavaScript/TypeScript
async function handleApproval(messageId, decision) {
const response = await fetch(
`/api/v1/client/peer/message/${messageId}/resume`,
{
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ decision }) // 'approve' or 'reject'
}
);
return response.json();
}
// Usage
await handleApproval('msg_123', 'approve');python
# Python
import requests
def handle_approval(message_id: str, decision: str) -> dict:
response = requests.post(
f'/api/v1/client/peer/message/{message_id}/resume',
headers={
'Authorization': f'Bearer {API_KEY}',
'Content-Type': 'application/json'
},
json={'decision': decision}
)
return response.json()
# Usage
handle_approval('msg_123', 'approve')Platform Integrations
Slack:
javascript
app.action('approve_action', async ({ body, ack, client }) => {
await ack();
await handleApproval(body.message_id, 'approve');
await client.chat.update({
channel: body.channel.id,
ts: body.message.ts,
text: '✅ Action approved and executed'
});
});Microsoft Teams:
javascript
bot.onInvoke(async (context) => {
if (context.activity.name === 'approveAction') {
const messageId = context.activity.value.messageId;
await handleApproval(messageId, 'approve');
return { status: 200 };
}
});Mobile App:
swift
// iOS
func approveAction(messageId: String) {
let url = URL(string: "/api/v1/client/peer/message/\(messageId)/resume")!
var request = URLRequest(url: url)
request.httpMethod = "POST"
request.setValue("Bearer \(apiKey)", forHTTPHeaderField: "Authorization")
request.httpBody = try? JSONEncoder().encode(["decision": "approve"])
URLSession.shared.dataTask(with: request) { data, response, error in
// Handle response
}.resume()
}Best Practices Summary
Message Design
- ✅ Be specific and clear
- ✅ Include key details (amounts, names, counts)
- ✅ State consequences
- ✅ Use action verbs
- ❌ Avoid jargon and vague language
Approval Strategy
- ✅ Only for critical actions
- ✅ Auto-approve safe operations
- ✅ Use conditions for smart triggering
- ❌ Don't over-use (hurts UX)
User Experience
- ✅ Show context in the message
- ✅ Make buttons clear (Approve/Reject)
- ✅ Provide confirmation after action
- ✅ Allow users to change their mind
Security
- ✅ Log all approval decisions
- ✅ Track who approved what and when
- ✅ Set up alerts for rejected actions
- ✅ Regular audit trail reviews
Real Results
Customer Support Team
Before: Manual review of every account change
- 200 tickets/day
- 4 hours spent on approvals
- 15% error rate
After: AI handles routine, approvals for critical
- Same 200 tickets/day
- 30 minutes spent on approvals (93% reduction)
- 2% error rate (AI catches issues)
E-Commerce Operations
Before: All refunds manually processed
- 3-5 day processing time
- Manual fraud checks
- High dispute rate
After: AI processes refunds with approval gates
- Same-day processing (< 2 hours)
- Automatic fraud detection
- 80% reduction in disputes
Financial Services
Before: All payments reviewed by compliance team
- 200 payments/day
- 2 FTE dedicated to reviews
- 24-48 hour delays
After: AI auto-approves 85%, flags exceptions
- 200 payments/day
- 0.3 FTE for exception reviews
- Same-day processing
Conclusion
Agent Action Approval gives you AI safety without sacrificing efficiency:
✅ AI Efficiency - Automate routine operations ✅ Human Oversight - Control critical decisions ✅ Risk Mitigation - Prevent costly errors ✅ Compliance - Meet regulatory requirements ✅ User Trust - Transparent AI decision-making
Getting Started Checklist
Identify Critical Actions (5 min)
- List all actions your peer can take
- Mark which need approval
Configure Approval Settings (10 min)
- Enable approval for critical actions
- Write clear approval messages
- Set conditions if needed
Test Both Paths (10 min)
- Test approval flow
- Test rejection flow
- Verify messages display correctly
Monitor & Optimize (Ongoing)
- Track approval rates
- Analyze rejection patterns
- Refine conditions and messages
Learn More
Try It Today
Agent Action Approval is available now for all Cognipeer users. Start building safer AI agents today!
Questions? Join our Discord community or book a demo.
Share your setup! Tweet your approval configuration with #CognipeerSafety and inspire others!