Keep a Human in the Loop on Every AI Action

You decide. Approval rules in Arahi are configured per agent, per tool, and per data scope, so the same agent can run freely inside a sandbox and be tightly gated in production. The most common pattern teams start with is approval on anything externally visible or financially material — outbound customer emails, refunds or charges above a threshold, posts to public Slack channels, social media sends, and destructive writes to CRM or production databases. Read-only steps like summarizing a thread, looking up a record, or drafting internal notes keep running at full speed, because adding a click there just slows everyone down for no safety benefit. You can also scope rules by amount (refunds over $500), by recipient type (any email leaving your domain), by environment (production vs sandbox), or by a custom condition the agent evaluates at runtime. The result is an approval surface that matches how your team actually thinks about risk, not a blanket pause on everything.

Approvers are assigned per rule, so different kinds of actions can route to different people. A refund over $500 might route to your head of finance; a production config change routes to engineering on-call; a customer email routes to the account owner who started the thread. You can assign a specific teammate, a role (for example, anyone with the finance role), or a rotating schedule that follows your on-call calendar. Every rule supports a fallback approver in case the primary is unavailable, and larger teams can require multiple approvals on high-stakes actions — two finance approvers on anything over $10,000, for instance. Approvers log in with SSO, see only the runs they are allowed to decide on, and can delegate to a backup when they are out. All of this is role-based, auditable, and easy to change without rewriting your agent.

Every approval request carries a timeout that you configure per rule — anywhere from a few minutes for a real-time support action to several days for a lower-urgency finance review. When the timer runs out, the agent never silently goes ahead. Instead, one of three things happens based on the rule: the run fails closed and rolls back cleanly, the request escalates to a backup approver or a manager, or the run sits paused until someone intervenes manually. Timeouts also trigger notifications so the work does not just disappear — the original requester, the agent owner, and any escalation approvers all get pinged. Because the whole agent run is checkpointed, a timeout never leaves your systems in a half-finished state: the approved steps up to that point are preserved, the gated step has not executed, and an operator can resume, retry, or cancel the run with one click.

Yes — Slack, email, mobile push, and the dashboard all work as first-class approval channels, and each approver picks the channels they want to be notified on. Slack requests arrive as a DM or channel post with inline Approve and Reject buttons, plus the full context of what the agent is about to do. Email requests include the same inline buttons so you can decide straight from your inbox on any device. Mobile push works for the moments when you are away from a laptop. All four channels hit the same underlying approval API, so a decision made in Slack is instantly reflected in the dashboard and the audit log. Approvers can also leave a short comment with their decision — useful for coaching the agent or leaving a paper trail on why a specific action was rejected.

Yes. Every approval event in Arahi is written to an immutable run log the moment it happens — who requested it, what the agent was about to do, which inputs and tools were involved, who approved or rejected it, when, from which channel, and any comment they attached. That log is tied to the agent's overall run history, so you can replay an entire multi-step run and see exactly where a human stepped in. For compliance-heavy teams, logs export to CSV and can stream to your SIEM for SOC 2, HIPAA, or internal audit evidence. Because the audit trail is versioned alongside the agent itself, you can see not just who approved a specific run but which version of the agent and which version of the approval rules were active at the time — which matters when you are reviewing a decision from six months ago. For more on how runs, versions, and rules are tracked together, see version control.

Absolutely. Human approval is a tool, not a default. Arahi agents can run fully autonomous on the work where autonomy is the point — triaging inbound email, enriching leads, summarizing calls, keeping a dashboard fresh, reconciling records across tools — and only ask for a human on the narrow slice of actions where a mistake actually hurts. Most teams end up with a mix: 90% of the run is autonomous, one or two steps inside it are gated. You can also start agents in full approval-on mode while you are learning to trust them, then relax specific rules as you get comfortable. The goal is not to slow the agent down — it is to move faster, because you are confident enough in the guardrails to leave the agent running without sitting on top of it. Approval works best when it is paired with agent memory and clear context, so the human reviewing the step actually knows why the agent made the choice it did.