What Are Approval Gates?
Approval Gates implement Human-in-the-Loop (HITL) controls in OpenClaw. They pause agent execution at critical decision points and require explicit human approval before proceeding. This is your last line of defense against unintended or dangerous actions.
When Approval Gates Trigger
Gates activate automatically for operations that meet configurable risk thresholds:
- File deletions: Any
rm,del, or file removal operation - System modifications: Package installations, configuration changes, environment variable updates
- External API calls: Outbound requests to APIs not in the trusted allowlist
- Database operations: Any write, update, or delete query against production databases
- Cost-incurring actions: API calls that exceed a configurable cost threshold per request
Configuration
Define approval gates in your openclaw.config.json:
{
"approvalGates": {
"enabled": true,
"requireApprovalFor": ["file_delete", "system_modify", "external_api", "db_write"],
"costThreshold": 0.50,
"timeoutMinutes": 30,
"notifyVia": ["discord", "email"],
"autoApproveReadOnly": true
}
}How the Approval Flow Works
- The agent identifies an action that requires approval
- Execution pauses and a notification is sent to your configured channel (Discord, Slack, email, etc.)
- The notification includes: the exact command, why it was triggered, the current context, and potential risks
- You review and either Approve, Deny, or Modify the action
- The agent resumes or adjusts its approach based on your decision
Best Practices
- Set reasonable timeouts — if no approval is received within the timeout, the action is denied by default
- Use the
autoApproveReadOnlyflag to skip gates for safe read-only operations - Configure multiple notification channels for redundancy
- Review approval logs weekly to identify patterns that could be automated
Prompt Guardian
Protect your AI agent from prompt injection and malicious commands.