Skip to Content
ConceptsApprovals

Approvals

Approvals provide human-in-the-loop oversight for AI agent actions. When a policy rule requires approval, Relynt sends a structured message to your Slack channel where a team member can approve or deny the action.

How approvals work

  1. An agent calls the Relynt gateway
  2. The policy engine evaluates the request and determines approval is required
  3. Relynt creates an approval request and posts it to your configured Slack channel
  4. The gateway returns decision: "pending_approval" with an approval_id
  5. A team member clicks Approve or Deny in Slack
  6. Relynt records the decision, executes the connector (if approved), and creates a final receipt

Slack message format

Approval messages include everything a reviewer needs to make a decision:

  • Agent ID — which agent is requesting the action
  • Action — what the agent wants to do (e.g., update_deal)
  • Resource — the target (e.g., crm:deal:123)
  • Risk summary — the policy-assigned risk level and reason
  • Diff-style fields — before/after values when available (e.g., amount change, stage transition)
  • Approve / Deny buttons — interactive Slack buttons for the decision

Diff-style fields make it easy for reviewers to see exactly what will change, reducing the time needed to make a decision.

Setting up Slack approvals

1. Configure your Slack channel

In the dashboard, go to Settings → Onboarding and configure your organization’s Slack channel for approvals. You’ll need:

  • A Slack workspace with the Relynt app installed
  • A channel where approval messages should be posted
  • The Slack signing secret for verification

2. Create approval-required policies

Add policy rules with decision: "require_approval" or conditions that escalate to approval (like require_approval_if_stage):

{
  "action": "update_deal",
  "resource_pattern": "crm:deal:*",
  "decision": "require_approval",
  "risk_level": "high",
  "conditions": {
    "require_approval_if_stage": ["closed_won", "closed_lost"]
  }
}

3. Handle pending responses

When your agent receives pending_approval, it should:

  • Wait and poll — periodically check the receipt status
  • Use a fallback — proceed with an alternative action
  • Queue for later — store the request and retry after approval

Security

Approvals include several security measures:

  • Slack signature verification — every callback is verified using the Slack signing secret to prevent spoofing
  • Replay prevention — each approval can only be decided once; duplicate button clicks are rejected
  • Pending-only decisions — only approvals in pending state can be approved or denied
  • Approver identity — the Slack user who clicked the button is recorded in the receipt

Only approvals in pending state can be decided. Once an approval is approved or denied, the buttons are disabled and further clicks have no effect.

Receipt trail

Every approval flow produces two receipts:

ReceiptDecisionWhen
Initialpending_approvalWhen the Slack message is sent
Finalallow or denyWhen the approver clicks a button

Both receipts share the same approval_id and can be correlated in the receipts dashboard.

Last updated on
ReceiptsConnectors