Human approval for risky AI actions
Approva is approval infrastructure for AI agents and automations
Pause high-risk actions, verify the approver with passkeys, issue scoped capabilities, and keep a verifiable event chain.
Built for humans, systems, and AI agents.
Approva Cloud Beta is invite-only at app.approva.xyz. Approva Open Core is self-hostable.
Explore Open CoreAgent proposes action
agent.release-bot requests deployment.execute
Policy evaluates risk
policy + service account mark request high risk
Execution pauses
request opens in app.approva.xyz for review
Human approves with passkey
tech-lead identity verified with passkey
Scoped capability issued
single-use capability scoped to billing-api deploy
Execution continues
agent resumes with exchanged capability
Companies need controlled checkpoints, not constant supervision
AI agents can handle more work on their own, but the risky parts still need explicit human approval.
AI automations still require babysitting
Your agents can handle routine work, but risky actions still need a human checkpoint. Without one, autonomy turns back into supervision.
Risky actions cannot safely run unattended
Deployments, refunds, data changes, and external tool calls need judgment. Most teams are forced to choose between blocking everything or trusting too much.
Built-in approval steps are too shallow
Slack buttons and email confirmations do not verify identity with passkeys, issue scoped capabilities, or leave a durable event chain. They are checkboxes, not checkpoints.
Six steps from risk to resolution
A clear flow from machine request to human approval and machine continuation.
Agent proposes action
Your AI agent, script, or backend service sends Approva the action context before attempting a risky operation.
Policy evaluates risk
Policy checks the action, actor, resource, and context to determine whether human approval is required.
Execution pauses
Execution pauses, the request appears in the dashboard, and systems can wait on a webhook or poll for the decision.
Human approves with passkey
The approver reviews the request and verifies identity with a passkey before making a decision.
Scoped capability issued
Approva issues a time-bounded, scoped capability that authorizes only the approved action.
Execution continues
The system or agent exchanges that capability and continues, with the full path recorded in the verifiable event chain.
Real approval infrastructure, not a notification layer
Approva is built for humans in dashboards, systems with machine auth, and AI agents that continue with scoped capabilities.
Not just approve / deny
Approvals issue scoped capabilities that define exactly what the agent can do, for how long, and under what conditions.
Approval tied to real identity
Passkey verification ties each approval to a real human identity, not just a message or button click.
Capability-based execution
Agents do not get blanket permissions. They receive single-use, time-bounded capabilities scoped to the specific approved action.
Full audit trail
Every request, decision, capability, and outcome is recorded with context so teams can review what happened later.
Immutable event history
Approval events are written to an append-only log with ledger-style verification for a tamper-evident history.
Open core foundation, cloud convenience
Approva Open Core and Approva Cloud Beta share the same approval engine foundation, with hosted UX and onboarding layered on top in cloud.
Product capabilities
Approva works for humans in dashboards, systems with machine auth, and AI agents that continue with scoped capabilities.
Policy Engine
Define when Approva pauses humans, systems, or AI agents based on action, risk, resource, or custom policy.
Approval API
Request approvals, poll status, exchange capabilities, and subscribe to webhooks from any system.
Dashboard approvals
Organizations review requests in the dashboard, approve with passkeys, and see the exact scope being released.
Machine auth
API keys and service accounts let backend systems, scripts, and agents start approval flows safely.
Passkey-secured approvals
WebAuthn-native verification with biometrics or security keys. Each approval is cryptographically bound to identity.
Scoped Capabilities
Approved actions receive single-use, time-bounded capabilities that authorize only the approved action.
Audit trail + ledger verification
Each request, decision, capability exchange, and execution outcome is written to the audit trail with ledger verification.
CLI, SDK & examples
Use the CLI, @approva/sdk, REST API, and example integrations to wire approval into real workloads.
Where approval checkpoints matter
Add approval gates wherever humans, systems, or AI agents cross trust boundaries.
AI deployment approvals
AI coding agents and release scripts can stage changes, but pushing to production still requires a human checkpoint.
Agent prepares deployment -> Policy flags production target -> Lead approves with passkey -> deploy capability issued
AI refund approvals
Support agents can draft refund requests, but issuing credits above a threshold needs manager authorization.
Agent proposes $500 refund -> Threshold exceeded -> Manager approves -> scoped refund capability issued
Risky tool call approvals
Agents, scripts, and backend systems using external tools or APIs can be gated when calling sensitive endpoints or making irreversible changes.
Agent requests external API call -> Sensitive scope detected -> Approval required -> capability limits the call
Destructive operation approvals
Deletions, overwrites, and schema changes can pause for human review before taking effect.
Agent initiates bulk delete -> Destructive flag triggers -> DBA approves -> deletion capability expires after use
Workflow step approvals
Long-running workflows and backend jobs can pause at critical junctures, waiting for stakeholder sign-off before continuing.
Workflow reaches handoff point -> Approval gate activated -> Owner approves with passkey -> next stage resumes
Sensitive CRM & data updates
Agents proposing changes to customer records or PII can require explicit authorization before committing.
Agent updates customer tier -> Sensitive record flagged -> Account manager approves -> change is logged in the audit trail
Security and audit architecture
Approva keeps a verifiable event chain for each request, decision, capability issuance, exchange, and execution outcome.
Passkey-first identity verification
Every approval is cryptographically bound to a verified human identity using WebAuthn passkeys.
Scoped capability issuance
Approvals generate time-bounded, single-use capabilities that limit what the agent can do and for how long.
Human and machine separation
Humans approve with passkeys while systems and agents continue with machine auth and scoped capabilities.
Complete audit coverage
Every request, policy evaluation, approval, rejection, timeout, and execution outcome is written into the event chain.
Three-layer event architecture
Designed for traceability and verification
Operational Database
Current state, active requests, and policy data
Append-only Event Log
Append-only record of requests, decisions, and outcomes
Hash-linked Ledger
Ledger-style verification and tamper evidence
The result is a durable, reviewable chain that shows how an approval moved from request to execution.
Embed approval flows into products, systems, and agents
CLI, SDK, API keys, service accounts, webhooks, and capability exchange make Approva usable inside your own product, backend systems, operator workflows, and agent runtimes.
Create machine auth for your app, service, or agent
APPROVA_API_KEY=approva_sk_live_...Embed approval requests with the CLI, SDK, or API
approva approval request ...Wait for the passkey decision via webhook or poll
event: approval.decidedExchange the capability and continue in your runtime
approva capability exchange --request apr_req_abc123The same interfaces work whether you are embedding Approva into a commercial product, wiring internal tools, or letting an AI agent continue with a scoped capability.
approva approval request \
--action deployment.execute \
--resource service:billing-api \
--risk high \
--actor service-account:release-bot \
--metadata environment=production
approva capability exchange \
--request apr_req_abc123 \
--actor service-account:release-botHosted beta or self-host the same approval engine
Approva Cloud Beta is the official hosted product and the easiest path. Approva Open Core is the flexible path for self-hosting, embedding, and managed deployments. Both share the same approval engine foundation.
Approva Open Core
Self-hostable, source-available
Self-host the approval engine, use it commercially, or embed it into your own product. Open Core is source-available and built for real product use, while Approva Cloud remains the official hosted version.
- Source-available core
- Commercial use and embedding
- Internal and managed deployments
- CLI + API + console
- API keys and service accounts
- Docker-based startup
Allowed
- Self-host your own instance
- Use it internally
- Use it commercially
- Embed it into your own product
- Run managed deployments for customers
Not allowed
- Standalone Approva-based SaaS
- Competing hosted approval product
Open Core requires attribution when used in a product, for example: "Powered by Approva".
The public Open Core repo is live now. Start there if you want the flexible path and move to Cloud when you want the official fully managed path.
Approva Cloud Beta
Official hosted version, invite-only beta
Choose Cloud when you want the easiest path: fully managed, no infrastructure required, and built around onboarding, integrations, billing, organizations, and dashboard auth.
- Official hosted product
- Fully managed
- No infrastructure required
- Hosted organizations
- Managed integrations
- Onboarding
- Billing and dashboard auth
Access is invite-only today. Request beta access for the official hosted path, or use Open Core if you need the flexible path right now. Request access
Request beta access or self-host Approva Open Core
Approva Cloud Beta at app.approva.xyz is invite-only today. If you're evaluating the hosted product, request access or book a demo. If you want control now, start with Open Core.
Self-host Open Core