Skip to content

Agent action safety, tool permissioning, and approval workflow #35

Description

@glaborie

Summary

Ship a permission and approval system for LLM/agentic tool use: restrict risky actions, require explicit approval or simulation/dry-run, and roll back if unsafe. Configurable at agent, tool, or workflow level.

Problem to solve

Execution of real-world actions (e.g., changing records, provisioning, sending messages) exposes production risk with agentic LLMs. Today, these behaviors are hard to restrict or preview safely.

Proposed solution

  • Tool permission model/spans with allow, warn, require-approval, or block
  • Dry-run/simulation mode for potentially risky tool calls/agent actions
  • Approval workflow (UI or API)
  • Rollback/undo for reversible actions

Alternatives considered

  • Block at app-level manually
  • Trust all tools equally; no workflow safety

Who benefits?

  • AI engineers
  • Platform teams
  • Product / operations teams
  • Maintainers
  • Other

Priority / impact

  • Critical for using agentic workflows in controlled/prod settings
  • Enables broader adoption; competitive vs OSS toolkits

Additional context

Prior art: workflow automation approvals (cf. GitHub Actions protected steps); model guard patterns for agent toolchains.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions