Skip to main content
When a require_approval policy is active, the MeshAI proxy blocks matching requests and queues them for human review. An authorized user must approve or deny each request before the agent can proceed.

How It Works

Agent Request → MeshAI Proxy → Policy Engine

                        require_approval matched?
                           ↓              ↓
                          Yes             No
                           ↓              ↓
                    Return 403      Forward to LLM
                    + queue item

                   Dashboard Queue

                  Approve / Deny

                  Cache decision in Redis (TTL)

                  Agent retries → Approved → Forward to LLM
1

Request blocked

The proxy evaluates policies and finds a require_approval match. The request is blocked with a 403 status and an approval item is created.
2

Queued for review

The approval item appears in the MeshAI dashboard under Governance → Approvals. It includes the agent name, model, environment, and the policy that triggered the block.
3

Human decides

An authorized user reviews the item and clicks Approve or Deny. They can add a reason for the decision.
4

Decision cached

Approved decisions are cached in Redis with a configurable TTL (default: 24 hours). Subsequent requests from the same agent matching the same policy are auto-approved until the TTL expires.
5

Agent retries

The agent retries the request. The proxy checks the Redis cache, finds the approval, and forwards the request to the LLM provider.

The 403 Response

When a request requires approval, the agent receives: 
{
  "error": "Approval required",
  "approval_id": "apr_abc123",
  "policy_id": "pol_def456",
  "message": "This request requires human approval. Submit for review or wait for an admin to approve.",
  "status": 403
}

Approval Statuses

StatusMeaning
pendingQueued, waiting for a human decision
approvedApproved — agent can retry
deniedDenied — agent request will continue to be blocked
expiredTTL elapsed without a decision

List Pending Approvals

curl https://api.meshai.dev/governance/approvals?status=pending \
  -H "Authorization: Bearer msh_YOUR_API_KEY"

{
  "success": true,
  "data": [
    {
      "id": "apr_abc123",
      "agent_id": "agt_xyz789",
      "agent_name": "production-summarizer",
      "policy_id": "pol_def456",
      "policy_name": "production-approval",
      "status": "pending",
      "requested_model": "gpt-4o",
      "environment": "production",
      "created_at": "2026-03-17T10:30:00Z"
    }
  ],
  "meta": { "total": 1, "page": 1, "limit": 20 }
}

Approve or Deny

curl -X POST https://api.meshai.dev/governance/approvals/apr_abc123/decide \
  -H "Authorization: Bearer msh_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "decision": "approved",
    "reason": "Verified agent configuration is correct"
  }'

Cache TTL Configuration

When an approval is granted, the decision is cached so the agent does not need re-approval on every request. Configure the TTL when creating the require_approval policy: 
{
  "policy_type": "require_approval",
  "config": {
    "environment": "production",
    "approval_ttl_hours": 48
  }
}
Default TTL is 24 hours. Set to 0 to require approval on every single request.