Configure the gates
Toggle approval on specific tools, data scopes, or thresholds — outbound email, refunds over a limit, destructive writes to production. Read-only steps like summarizing a thread or looking up a record keep flowing at full speed.
Flag the risky steps — sending an external email, issuing a refund, deleting a record — and DeskFerry pauses the agent until a real person clicks approve. Decide from Slack, email, or the dashboard, with a full audit trail of who decided what.
Send a $240 refund to Maria R.
Paused until a real person decides.
Approved by you — and logged for the record.
How it works
Toggle approval on specific tools, data scopes, or thresholds — outbound email, refunds over a limit, destructive writes to production. Read-only steps like summarizing a thread or looking up a record keep flowing at full speed.
When the agent hits a gated action the run pauses and the right approver gets a real-time ping — in Slack, email, mobile push, or the dashboard — with full context. One click approves, one click rejects, and a comment can coach the agent.
Approved runs pick up exactly where they paused; rejected runs stop cleanly and notify the requester, never leaving your systems half-finished. Every decision — who, what, when, from which channel — is written to an immutable log.
Before a reply leaves your domain, the assigned approver reviews the body and recipient list — then approves, edits, or blocks.
Anything over your configured threshold pauses for finance approval, with the original charge, customer history, and reason attached.
Bulk cleanups, duplicate merges, and GDPR deletions funnel through a gate. Approve in bulk or one record at a time.
Internal DMs go through instantly, but posts to public or customer-facing Slack channels wait for a comms lead to sign off.
Every request carries a per-rule timeout. When it runs out the agent never silently proceeds — it rolls back, escalates, or waits for a human.
Every approval event is logged with who, what, when, and which agent and rule version were active — export to CSV or stream to your SIEM.
Channels
Request lands as a DM or channel post with Approve and Reject buttons — decide without leaving the conversation you are already in.
Inline action buttons right inside the email. One click approves, one click rejects — works from any mail client on any device.
A single inbox view of every pending approval across every agent and workspace — with full run context, inputs, and outputs.
Push notification lands on your phone, tap to review the request, tap again to decide — no laptop required when you are on the move.
You decide. Approval rules in DeskFerry are configured per agent, per tool, and per data scope, so the same agent can run freely inside a sandbox and be tightly gated in production. The most common pattern teams start with is approval on anything externally visible or financially material — outbound customer emails, refunds or charges above a threshold, posts to public Slack channels, social media sends, and destructive writes to CRM or production databases. Read-only steps like summarizing a thread, looking up a record, or drafting internal notes keep running at full speed, because adding a click there just slows everyone down for no safety benefit. You can also scope rules by amount (refunds over $500), by recipient type (any email leaving your domain), by environment (production vs sandbox), or by a custom condition the agent evaluates at runtime. The result is an approval surface that matches how your team actually thinks about risk, not a blanket pause on everything.
Approvers are assigned per rule, so different kinds of actions can route to different people. A refund over $500 might route to your head of finance; a production config change routes to engineering on-call; a customer email routes to the account owner who started the thread. You can assign a specific teammate, a role (for example, anyone with the finance role), or a rotating schedule that follows your on-call calendar. Every rule supports a fallback approver in case the primary is unavailable, and larger teams can require multiple approvals on high-stakes actions — two finance approvers on anything over $10,000, for instance. Approvers log in with SSO, see only the runs they are allowed to decide on, and can delegate to a backup when they are out. All of this is role-based, auditable, and easy to change without rewriting your agent.
Every approval request carries a timeout that you configure per rule — anywhere from a few minutes for a real-time support action to several days for a lower-urgency finance review. When the timer runs out, the agent never silently goes ahead. Instead, one of three things happens based on the rule: the run fails closed and rolls back cleanly, the request escalates to a backup approver or a manager, or the run sits paused until someone intervenes manually. Timeouts also trigger notifications so the work does not just disappear — the original requester, the agent owner, and any escalation approvers all get pinged. Because the whole agent run is checkpointed, a timeout never leaves your systems in a half-finished state: the approved steps up to that point are preserved, the gated step has not executed, and an operator can resume, retry, or cancel the run with one click.
Yes — Slack, email, mobile push, and the dashboard all work as first-class approval channels, and each approver picks the channels they want to be notified on. Slack requests arrive as a DM or channel post with inline Approve and Reject buttons, plus the full context of what the agent is about to do. Email requests include the same inline buttons so you can decide straight from your inbox on any device. Mobile push works for the moments when you are away from a laptop. All four channels hit the same underlying approval API, so a decision made in Slack is instantly reflected in the dashboard and the audit log. Approvers can also leave a short comment with their decision — useful for coaching the agent or leaving a paper trail on why a specific action was rejected.
Yes. Every approval event in DeskFerry is written to an immutable run log the moment it happens — who requested it, what the agent was about to do, which inputs and tools were involved, who approved or rejected it, when, from which channel, and any comment they attached. That log is tied to the agent's overall run history, so you can replay an entire multi-step run and see exactly where a human stepped in. For compliance-heavy teams, logs export to CSV and can stream to your SIEM for SOC 2, HIPAA, or internal audit evidence. Because the audit trail is versioned alongside the agent itself, you can see not just who approved a specific run but which version of the agent and which version of the approval rules were active at the time — which matters when you are reviewing a decision from six months ago. For more on how runs, versions, and rules are tracked together, see version control. Learn more about version control.
Absolutely. Human approval is a tool, not a default. DeskFerry agents can run fully autonomous on the work where autonomy is the point — triaging inbound email, enriching leads, summarizing calls, keeping a dashboard fresh, reconciling records across tools — and only ask for a human on the narrow slice of actions where a mistake actually hurts. Most teams end up with a mix: 90% of the run is autonomous, one or two steps inside it are gated. You can also start agents in full approval-on mode while you are learning to trust them, then relax specific rules as you get comfortable. The goal is not to slow the agent down — it is to move faster, because you are confident enough in the guardrails to leave the agent running without sitting on top of it. Approval works best when it is paired with agent memory and clear context, so the human reviewing the step actually knows why the agent made the choice it did.
Keep exploring
Manage reusable roles, shared credentials, and secrets with scoped access controls.
Bring your own API key.
Define approval gates for sensitive actions. Agents pause and escalate when they need a human call.
Track organization-wide model usage in real-time with granular dashboards.
Generate detailed audit trails for actions, deployments, and data access.
All data encrypted at rest and in transit.
Keep the speed of AI on routine work and the judgment of a human where it matters — approve from Slack, email, or the dashboard, with a full audit trail.