Optional approvalsDeclarative approval triggers. All are opt-in; omitting a field means no pause at that lifecycle point.
Optional beforeTool names whose invocations require approval before execution.
Optional beforeAgent names whose invocations require approval before execution.
Optional beforeWhether emergent agent creation requires approval.
Optional beforeWhether returning the final answer requires approval.
Optional beforeWhether a runtime strategy override requires approval.
Optional handlerCustom async handler invoked for every approval request.
Must resolve to an ApprovalDecision within timeoutMs or the
onTimeout policy is applied.
Optional timeoutMaximum milliseconds to wait for the handler to resolve. Defaults to 30_000.
Optional onPolicy applied when the handler does not respond within timeoutMs.
"reject" — treat as denied; the action is blocked."approve" — treat as approved; the action proceeds automatically."error" — throw an error and halt the run.Optional guardrailRun guardrails AFTER HITL approval to catch destructive actions.
When enabled (default), even after a tool call is approved by the HITL
handler (auto-approve, LLM judge, or human), the configured guardrails
run a final safety check against the tool call arguments. If any
guardrail returns action: 'block', the approval is overridden and the
tool call is denied.
Set to false to disable this safety net and give full autonomy to the
HITL handler's decision.
true
Optional postGuardrail IDs to run as a post-approval safety check.
Only evaluated when guardrailOverride is not false. These
guardrails are invoked after the HITL handler approves a tool call and
can veto the approval if they detect destructive patterns.
['pii-redaction', 'code-safety']
Human-in-the-loop (HITL) configuration. Gates specific lifecycle events behind an async approval handler before the agent proceeds.