Dobby
Back to Academy
GovernanceBeginner

Human-in-the-Loop: Setting Up Approval Gates for AI Agents

Configure approval gates so AI agents pause before risky actions and wait for human review. Step-by-step setup guide.

8 min read Gil KalMar 26, 2026

What you will learn

  • Understand why AI agents need human approval gates
  • Configure approval policies per agent based on risk level
  • Set up auto-approve conditions for low-risk actions
  • Handle approval workflows via the dashboard and Slack

Why AI Agents Need Approval Gates

AI agents are powerful — and that is exactly the problem. An agent that can deploy code can also deploy bugs. An agent that can send emails can also send the wrong email to the wrong person. The more capable the agent, the more damage it can do when something goes wrong.

Approval gates are checkpoints where agents pause and ask a human: Should I proceed? They are the difference between an agent that runs autonomously and an agent that runs autonomously within safe boundaries.

Without Dobby

Agents run without guardrails. A code review agent auto-merges a PR that introduces a security vulnerability. Nobody knew until production broke.

With Dobby

The agent completes its review and requests approval before merging. A developer reviews the changes, catches the vulnerability, and rejects the merge. Production stays safe.

How Approval Gates Work

  • Agent reaches a configured gate (e.g., before deploying code)
  • Agent pauses and creates an approval request with context
  • Approvers are notified via dashboard and Slack
  • Human reviews and approves, rejects, or requests changes
  • Agent resumes (if approved) or stops (if rejected)
  • Everything is logged in the immutable audit trail

Configuring Approval Policies

Not every action needs approval. Reading a file is safe. Deploying to production is not. The key is matching the approval level to the risk level of the action.

In Dobby, each agent has a requires_approval flag and auto_approve_conditions. You can set rules like: auto-approve if the PR has fewer than 50 lines changed and only touches allowed paths. Everything else requires human review.

Auto-Approve for Low-Risk Actions

Requiring approval for everything creates bottlenecks. Smart approval policies define what is safe to auto-approve: small changes (under a threshold), changes to non-critical paths, read-only operations, or actions within budget limits.

json
// Example: auto-approve conditions per agent
{
  "agent": "dobby-backend-agent",
  "requires_approval": true,
  "auto_approve_conditions": {
    "max_files": 5,
    "max_lines": 100,
    "allowed_paths": ["src/utils/", "tests/"],
    "blocked_paths": ["src/auth/", "deploy/", ".env"]
  }
}

Slack Integration

Approvers should not have to watch the dashboard. When an agent requests approval, a Slack notification is sent with context, and the approver can approve or reject directly from Slack using interactive buttons.

Dobby sends approval requests to a dedicated #dobby-approvals Slack channel with interactive Approve/Reject buttons. Approvers do not need to leave Slack. Every response is logged.

Approval Statuses

  • Pending — waiting for human review
  • Approved — human approved, agent resumes
  • Rejected — human rejected, agent stops
  • Expired — no response within the timeout window
  • Cancelled — approval request was withdrawn

Related Features

ApprovalsAgent Hierarchy

Continue Learning

AI Agent Governance: 7 Best Practices for Production

Ready to try this yourself?

Start free — no credit card required.

Start Free