Configuration
Approval Workflows
Review before merge
Approval Workflows
Approval workflows add human oversight to AI agent actions. Configure when agent changes require review before being applied.
Overview
By default, agents can:
- Post comments on PRs
- Add labels to PRs
- Update PR descriptions
With approval workflows, you can require review for:
- Creating new PRs (e.g., dependency updates)
- Committing code changes
- Merging PRs
- Deploying to environments
Configuration
Enable approval workflows in your agent config:
agents:
- name: dependency-updater
template: dependency-updater
approval_workflow:
enabled: true
# What requires approval
requires_approval:
- create_pr
- merge_pr
# Who can approve
approvers:
users:
- "@team-lead"
- "@security-team"
teams:
- "platform"
minimum: 1
# Auto-approve conditions
auto_approve:
conditions:
- patch_updates_only
- ci_passed
- no_security_issues
Approval Actions
PR Creation Approval
Require approval before the agent creates PRs:
approval_workflow:
requires_approval:
- create_pr
create_pr:
# Send notification when approval needed
notify:
slack: "#approvals"
email: true
# Time limit for approval
timeout: 24h
timeout_action: cancel
Merge Approval
Require approval before auto-merging:
approval_workflow:
requires_approval:
- merge_pr
merge_pr:
# Block merge until approved
block_until_approved: true
# Requirements
require:
- ci_passed
- no_conflicts
- approved_by: 1
Code Change Approval
For agents that modify code directly:
approval_workflow:
requires_approval:
- commit_changes
commit_changes:
# Show diff in approval request
show_diff: true
# Require review of changes
review_mode: detailed
Approvers
Define who can approve agent actions:
approvers:
# Specific users
users:
- "alice"
- "bob"
# GitHub teams
teams:
- "engineering"
- "security"
# CODEOWNERS file
codeowners: true
# Minimum approvals required
minimum: 1
# Require approval from specific group
require_from:
- security # At least one from security team
Auto-Approval
Configure conditions for automatic approval:
auto_approve:
enabled: true
conditions:
# Only patch updates
- type: version_bump
value: patch
# CI must pass
- type: ci_status
value: success
# No security issues
- type: security_scan
value: clean
# Time delay before auto-approve
- type: delay
value: 24h
# Actions that can be auto-approved
actions:
- merge_pr
# Actions that always need manual approval
never_auto_approve:
- major_updates
- security_fixes
Approval Request Flow
- Agent triggers action - e.g., creates a dependency update PR
- Approval check - System checks if approval is required
- Notification sent - Approvers are notified
- Review period - Approvers can approve, reject, or request changes
- Action executed - Once approved, the agent completes the action
Approval Interface
Dashboard
Pending approvals appear in the dashboard:
- Pending Approvals section on home page
- Detailed view showing what's being approved
- One-click approve/reject buttons
Slack
If Slack is connected:
🤖 BambooSnow needs approval
Action: Merge dependency update PR
Repository: your-org/your-repo
PR: #123 - Update lodash to 4.17.21
[Approve] [Reject] [View Details]
API
Programmatically manage approvals:
# List pending approvals
GET /api/v1/approvals?status=pending
# Approve an action
POST /api/v1/approvals/{id}/approve
# Reject an action
POST /api/v1/approvals/{id}/reject
Timeout Handling
Configure what happens when approval times out:
approval_workflow:
timeout: 48h
timeout_action: cancel # or 'escalate', 'auto_approve', 'retry'
escalation:
after: 24h
to:
- "@engineering-manager"