> ## Documentation Index
> Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Human approval for agent tools

> Require review before a Studio agent uses tools that can change a project or external system.

Human approval adds a checkpoint before an agent uses its tools. Use it when you want more trust and control over actions such as editing files, calling integrations, deploying, or writing to external systems.

The approval is stored as a durable input request, not as a chat-only message. That means Studio can show it in Chat today, and other approval clients can answer the same request through the API later.

This approval setting is separate from `security_enabled`. `security_enabled` controls default security guardrails for the agent document; it is not runtime HITL approval and does not pause tool calls.

## Turn on approval

1. Open [Agents](/studio/panels/agents).
2. Create an agent or edit an existing agent.
3. Turn on **Require approval**.
4. Save the agent.

When **Require approval** is on, the agent asks for approval before it uses its tools. The agent can still ask normal follow-up questions in Chat.

## Approve a tool request

When the agent needs approval, Studio shows a Human Step card in Chat.

Choose one of these actions:

| Action                       | What it does                                                                  |
| ---------------------------- | ----------------------------------------------------------------------------- |
| **Approve once**             | Allows this single tool call.                                                 |
| **Approve for conversation** | Allows matching tool calls for the current conversation.                      |
| **Always approve**           | Allows matching tool calls for this agent until the approval setting changes. |
| **Reject**                   | Stops that tool call and records the rejection.                               |

Use the narrowest approval that fits the task. For risky or one-off changes, use **Approve once**.

## Audit and control

Each approval request is connected to the conversation and agent run that created it. Veryfront records the request, response, responder, and run events so you can review what was approved and when.

The durable request includes:

* conversation ID
* agent run ID
* tool call ID
* status, such as `open`, `submitted`, `cancelled`, or `expired`
* submitted response values

## Use approval from another client

Studio is one approval client. Other clients can connect to the same durable request flow, such as an email link to an approval page.

Use the Cloud APIs when you need to build an external approval client:

* [MCP input request tools](/cloud/mcp/tools/list-input-requests): list, read, cancel, and submit input requests.
* [GraphQL `inputRequests`](/cloud/graphql/operations/conversations/queries/inputrequests): read open approval requests for a conversation or run.
* [GraphQL `submitInputResponse`](/cloud/graphql/operations/conversations/mutations/submitinputresponse): submit the human response.

Keep the approval UI clear: show the requested tool, the reason, the important arguments, and the approval scope.

## Good defaults

* Leave approval off for low-risk agents that only read information.
* Turn approval on for agents that write files, call external integrations, deploy, or spend money.
* Start with **Approve once** until the agent behavior is predictable.
* Use broader approvals only for trusted, repetitive workflows.