# Approvals

Human-in-the-loop gates for outreach, purchase, refund, and high-risk actions.

Status: implemented
Version: latest
Review: source-backed

## Approval model

ApprovalRequest and ApprovalEvent records bind sensitive actions to an actor, amount, provider, operation, risk class, payload summary, project/run context, and idempotency key.

| Request class | Typical source | Required decision |
| --- | --- | --- |
| Gmail send or reply | Hermes action intent or operator draft | Approve, deny, or edit before send |
| Agent spend/provisioning | Hermes action intent or future Stripe skill | Approve exact provider, amount, and purpose |
| High-risk copy | NVIDIA safety review or policy match | Approve edited copy or block |
| Artifact release | Generated deliverable or document export | Approve release/download/share path |
| Skill promotion | Hermes-created skill candidate | Approve project/account/global promotion |

Approval screens are permission-gated and every decision is audit-linked. A denied approval still creates useful proof: it shows that an agent proposed an action, policy held the line, and a human made the final call.

## Authority separation

Hermes can propose. Phoenix stores. NVIDIA can review. ToolRouter can execute. A human with the right role approves high-risk actions. That separation is the core safety architecture.


Source paths:
- `lib/autonomous_agency/approvals.ex`
- `lib/autonomous_agency_web/live/approval_live`