security_enabled. security_enabled controls default security guardrails for the agent document; it is not runtime HITL approval and does not pause tool calls.
Turn on approval
- Open Agents.
- Create an agent or edit an existing agent.
- Turn on Require approval.
- Save the agent.
Approve a tool request
When the agent needs approval, Studio shows a Human Step card in Chat. Choose one of these actions:| Action | What it does |
|---|---|
| Approve once | Allows this single tool call. |
| Approve for conversation | Allows matching tool calls for the current conversation. |
| Always approve | Allows matching tool calls for this agent until the approval setting changes. |
| Reject | Stops that tool call and records the rejection. |
Audit and control
Each approval request is connected to the conversation and agent run that created it. Veryfront records the request, response, responder, and run events so you can review what was approved and when. The durable request includes:- conversation ID
- agent run ID
- tool call ID
- status, such as
open,submitted,cancelled, orexpired - submitted response values
Use approval from another client
Studio is one approval client. Other clients can connect to the same durable request flow, such as an email link to an approval page. Use the Cloud APIs when you need to build an external approval client:- MCP input request tools: list, read, cancel, and submit input requests.
- GraphQL
inputRequests: read open approval requests for a conversation or run. - GraphQL
submitInputResponse: submit the human response.
Good defaults
- Leave approval off for low-risk agents that only read information.
- Turn approval on for agents that write files, call external integrations, deploy, or spend money.
- Start with Approve once until the agent behavior is predictable.
- Use broader approvals only for trusted, repetitive workflows.