Skip to content

feat: implement approval workflow gates in engine #258

Closed
#387
Closed
feat: implement approval workflow gates in engine#258
#387
Labels
prio:highImportant, should be prioritizedscope:large3+ days of workspec:human-interactionDESIGN_SPEC Section 13 - Human Interaction Layerspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementation
@Aureliolo

Description

@Aureliolo
Aureliolo
opened on Mar 10, 2026

Summary

The approval queue infrastructure exists (api/approval_store.py, ApprovalItem model), but there are no engine-level gates that actually block execution pending human approval. The §12.1 flow (SecOps evaluates → auto-approve or → human queue → override/alternative) is not wired up.

Design Spec Reference

  • §12.1 Approval Workflow (full flow diagram)
  • §12.2 Autonomy Levels (which actions need approval)
  • §12.3 Security Operations Agent (integration point)

Scope

  • Wire SecOps evaluation into the engine execution path
  • Block execution when human approval is required (per autonomy level)
  • Route blocked actions to the approval queue
  • Resume execution when approval/denial arrives
  • Integration with park/resume service (already implemented in security/timeout/)

Metadata

Metadata

Assignees

No one assigned

    Labels

    prio:highImportant, should be prioritizedscope:large3+ days of workspec:human-interactionDESIGN_SPEC Section 13 - Human Interaction Layerspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementation

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions