Tool Approvals and Permissions
Understand when and why agents ask for permission before taking actions. Learn how to approve, reject, or modify agent tool calls.
When an agent in Agency Hero wants to do something that changes data — create a task, update a record, create a Linear ticket — it doesn’t just act. It stops and asks first. This is the tool approval flow: a built-in safety mechanism that keeps you in control of everything an agent does on your behalf.
This article explains how approvals work, what you’ll see in chat, and how to respond.
Why agents ask for permission
Agents have access to two broad categories of tools:
- Read tools — search, list, summarize, look things up. These have no side effects and run silently without interrupting you.
- Write tools — create, update, or delete records. These change real data and require your explicit sign-off before they execute.
The approval gate exists because write operations are irreversible or consequential: a created task lands in your workspace, an updated record overwrites previous data, a Linear ticket goes into your project tracker. Requiring a confirmation step means no surprises — you always know exactly what’s about to happen before it does.
Even when an agent is confident it understood your request correctly, it will still pause for approval on any write operation. This is intentional. The approval step is not a sign that the agent is unsure; it’s the system behaving as designed.
What triggers an approval request
Approval is triggered when a tool is classified as a write operation — any action with an operation type of create, update, or delete. Examples include:
| Action | Requires approval |
|---|---|
| Create a task | Yes |
| Update a task | Yes |
| Create a Linear ticket | Yes |
| Update a Sanity document | Yes |
| Search for tasks | No |
| List meetings | No |
| Look up workspace members | No |
Read tools (list, get, search, summarize) run immediately and silently. You’ll see their results reflected in the agent’s reply without any approval card appearing.
The approval card
When an agent proposes a write action, an approval card appears in the chat thread. The card shows:
- What the agent wants to do — a plain-English summary, such as “Create task ‘Review Q3 proposal’ assigned to Alex, due Friday, priority High”
- The specific parameters — a preview of the exact values the agent will use
- An expiry countdown — approvals expire after 10 minutes if no action is taken
The card stays interactive until you respond or it expires. The agent’s workflow is paused in the background, waiting for your signal.
Approval card states
| State | What you see | What you can do |
|---|---|---|
| **Pending** | Summary and args preview, countdown to expiry | Approve, Deny |
| **Auto-approve pending** | Summary and args preview, countdown to auto-proceed | Approve Now, Cancel |
| **Approved** | Locked card with approver and timestamp | — |
| **Executing** | Spinner: *"Creating task…"* | — |
| **Executed** | Success card with a link to the created or updated resource | View Task (or equivalent) |
| **Failed** | Error message | Retry |
| **Denied** | Grayed-out card with denial reason | — |
| **Expired** | *"Expired"* label (auto-denied after timeout) | Start a new request |
Responding to an approval request
Approve
Click Approve to confirm the action. The agent proceeds immediately — the tool executes, and you’ll see a confirmation card with a link to the created or updated resource.
Your approval is logged with your user ID and a timestamp, creating a full audit trail of what was done, by whom, and when.
Deny
Click Deny to block the action. The agent receives a denial signal, and the tool does not execute. The agent will typically respond in chat acknowledging the denial and may ask how you’d like to proceed.
You can optionally provide a reason when denying — this is fed back to the agent so it can better understand what went wrong and suggest a revised approach.
Do nothing (expiry)
If you don’t respond within 10 minutes, the approval request expires and is automatically treated as a denial. The action is not taken. You can re-ask in a new message to start fresh.
What if I need to change the details?
If the agent proposed the wrong title, wrong assignee, or wrong parameters, deny the request and re-ask with the corrected details. For example:
“Actually, assign that task to Jordan instead, and set the due date to next Monday.”
The agent will propose a new approval card with the updated values. Editing parameters inline on an approval card is not currently supported — deny and re-ask is the intended flow.
Multiple writes in one response
If an agent needs to perform several write operations in a single turn — for example, creating three tasks at once — each action gets its own approval card. You can approve or deny each one independently.
Approve the cards you want to proceed with. Any card you deny or leave to expire will not execute, while approved ones continue normally.
Auto-approve mode
For workspaces where you trust the agent to act with minimal interruption, workspace admins can enable auto-approve writes in the workspace permission policy.
With auto-approve enabled:
- An approval card still appears in chat so you can see what the agent is doing
- The action proceeds automatically after a short countdown instead of waiting for a click
- You can click Approve Now to skip the countdown and execute immediately
- You can click Cancel during the countdown to block the action — same effect as Deny
Auto-approve is off by default. It’s suited for trusted internal workspaces where speed matters and write operations are routine. For client-facing or sensitive workspaces, the default explicit-approval mode is recommended.
To configure this, go to Workspace Settings → Agent Settings → AI Permission Policy.
Workspace permission policies
Admins have broader control over what agents are allowed to do in a workspace, beyond per-action approvals:
| Policy | Effect |
|---|---|
| **Require approval for writes** (default: on) | All write-type tool calls require explicit user approval before executing |
| **Read-only mode** | Blocks all write operations entirely — the agent cannot create, update, or delete anything in this workspace |
| **Auto-approve writes** | Write operations auto-proceed after a short delay; approval cards still appear |
These settings are configured per workspace. A workspace in read-only mode will never surface an approval card for a write — the agent simply won’t attempt write operations at all.
See Configuring Workspace Settings for full details on the permission policy options.
The safety guarantee
Under the hood, the approval flow is backed by a durable state machine. When an agent proposes a write action:
- A pending record is created in the system before any action is taken
- A proposal event is streamed to your chat session
- The agent’s workflow pauses and waits for your signal
- When you approve, the system transitions through
approved → started → executed - If you deny or the request expires, the record is marked
deniedand the agent is informed
This means:
- Nothing executes without an approval decision — the system is fail-closed by design
- Retries are safe — if a network issue causes the agent to retry, it will find the existing record and not create a duplicate action
- Every approval is auditable — who approved what, and when, is recorded for every write operation
Tips for working with approvals
Be specific in your requests. The more detail you give the agent upfront, the more accurate the approval card will be — reducing the chance you’ll need to deny and re-ask.
Review the parameters before approving. The approval card shows the exact values the tool will use. Take a moment to confirm the title, assignee, due date, and other fields match your intent.
Use Deny + re-ask freely. Denying a proposal has no penalty. The agent treats a denial as feedback and will try again with new instructions.
Don’t leave approvals open indefinitely. Requests expire after 10 minutes. If you get interrupted, just send a new message when you’re ready and the agent will re-propose.
Check workspace settings if approvals feel unexpected. If write operations seem to be running without prompts, your workspace may have auto-approve enabled. Admins can review this in Workspace Settings → Agent Settings → AI Permission Policy.
Related articles
More resources to help you go deeper.