When a permission check returns "requires_approval," your system creates an approval request via the API.
The approval request includes the tool name, parameters, reasoning, and any context your agent wants to provide.
oakallow then sends a webhook to your configured URL with the approval details (event: approval.created). Your system routes this notification to the appropriate reviewer via Slack, Teams, PagerDuty, email, or any channel you choose.
The reviewer approves or denies via the oakallow dashboard or your system calls the decide endpoint directly. oakallow sends another webhook with the decision (event: approval.decided).
Your agent receives the decision via the webhook or by polling the approval status endpoint. Once approved, you mint an execution token and proceed.
Approvals have a configurable timeout (default: 1 hour). If no decision is made within the timeout, the approval expires and the tool does not execute.