CadreenResearch Preview
DocumentationAPI ReferenceGuides & Cookbooks
Back to Guides & Cookbooks
Cookbook

How to add human approval to any AI tool call

When governance blocks a tool call, Cadreen returns a conversational prompt instead of executing. No custom approval UI needed — the AI asks, the human answers.

1

How the approval flow works

The model proposes a tool call. Cadreen evaluates it against your policies. If the policy requires approval, Cadreen returns a conversational prompt instead of executing the tool.

Model proposesGovernance checkApproval neededHuman decidesExecuteHMAC-SHA256 signed approval token issued after human says "yes"
2

What the user sees

In opencode, Cursor, or any chat surface — the approval prompt is just a message:

Conversational blocking
> Refund $500 to customer 12345

I need your approval before I can process_refund.

Your workspace policy requires human approval for refunds over $100.
The refund amount is $500.

Say "yes" to proceed or "no" to skip.

> yes

Done. Refund of $500 processed for customer 12345.
Refund ID: re_abc123
Note
The approval is fast-path: "yes", "y", "confirm", "approve", "ok", "go ahead", "do it" all work. For cancel: "no", "n", "skip", "cancel".
3

Handle approvals in your SDK code

When using the SDK, the response tells you if approval is needed:

TypeScript
const result = await cadreen.intent.invoke({
  messages: [{ role: "user", content: "Refund $500 to customer 12345" }],
});

if (result.type === "blocked") {
  console.log(result.reason_code);  // "requires_approval"
  console.log(result.policy_id);    // "pol_refund_threshold"
  // Show the user the approval prompt
  // Wait for their response, then confirm
  await cadreen.policies.confirm(result.pending_action_id);
}
Python
result = await cadreen.intent.invoke(
    messages=[{"role": "user", "content": "Refund $500 to customer 12345"}],
)

if result.type == "blocked":
    print(result.reason_code)  # "requires_approval"
    print(result.policy_id)    # "pol_refund_threshold"
    # Confirm the action
    await cadreen.policies.confirm(result.pending_action_id)
4

Under the hood: the approval token

When a human approves, Cadreen issues an HMAC-SHA256 signed approval token. It's scoped to the exact action, parameters, tenant, and mission. It expires in 1 hour. It can be revoked.

Approval token structure
{
  "token_id": "tok_abc123",
  "mission_id": "mis_xyz",
  "tenant_id": "t_123",
  "action": "process_refund",
  "parameters": {"amount": 500, "customer_id": "12345"},
  "approved_by": "user:456",
  "approved_at": "2026-06-21T10:30:00Z",
  "expires_at": "2026-06-21T11:30:00Z",
  "signature": "a1b2c3d4..." // HMAC-SHA256
}
Note
Every token is cryptographically verified — signature, expiration, revocation, scope, action, and policy version are all checked before approval is accepted.
Note
Next: Building self-healing tool chains — automatic failure recovery with precedent memory.