Human-in-the-loop control plane · Private beta

Your agent just refunded the wrong customer.

ApprovalPlane catches risky agent actions before they happen. Refunds, deploys, outbound email, record changes — held for a human to approve in Slack or on their phone, gated by policy, and written to an audit trail you can hand to security.

Early access and a say in what we build. No spam.

You're on the list.

We'll email you the moment early access opens.

#agent-approvals · Slack
support-agent · req #apr_8f2c
● PENDING
issue_refund requested by an autonomous agent · 12s ago
customer cus_4193_amaya
amount   $2,400.00
reason   "duplicate charge" (model-inferred)
RISK · HIGH amount over your $500 auto-approve threshold
policy refunds > $500 → finance-oncall · escalates in 15m
The problem

Agents act in milliseconds. Mistakes don't wait for you.

// no undo

Irreversible by default

A wrong refund, a bad deploy, an email to the entire list — the action is already done. There was never a moment where a human could have said "wait."

// hand-rolled

No central control

Approval logic gets reinvented per agent — a Slack webhook here, a blocking input() there, a database flag somewhere else. Nobody owns it and nothing is consistent.

// no evidence

Nothing to show security

When compliance asks who approved what, the answer is grepping logs. There's no record built to be handed over as evidence.

How it works

One call before the risky action. A human in the loop, every time.

01 — INTERCEPT

Your agent asks first

Call request_approval() before the risky action and block on the result. One line, any framework, or an MCP tool for MCP-native agents.

02 — ROUTE

The right human decides

Policy routes the request to the people who should see it — finance for big refunds, on-call for deploys — in Slack or mobile, with full context and a clock.

03 — LOG

Every decision is recorded

Approve or reject lands in an append-only audit log: who, what, when, and why. Export it for SOC 2, leave it for the next audit.

For developers

Drop it in. Keep your stack.

Framework-agnostic by design. The same call works behind any agent runtime — and it's an MCP tool, so MCP-native agents get it for free.

agent.py
from approvalplane import request_approval

decision = request_approval(
    action="issue_refund",
    payload={"customer": cus_id, "amount": 2400.00},
    risk="high",
    policy_hints=["refund", "over_threshold"],
)

if decision.approved:
    stripe.Refund.create(...)        # proceed
else:
    agent.say(decision.reason)      # stand down, log the why

Works behind: OpenAI Agents SDK · Vercel AI SDK · LangGraph · Cloudflare Agents · a raw while-loop · or any MCP client.

Why not just the framework's HITL hook?

  • Primitives pause one agent in one process. ApprovalPlane is a system across teams — routing, escalation, mobile, policy, and audit.
  • One control plane for every agent and framework, instead of the same hook re-implemented in five services.
  • An evidence-grade audit trail — the thing DIY hooks and in-process pauses never give you when security comes asking.
Private beta

See it before it ships.

ApprovalPlane is being built now. Get on the list for early access and we'll reach out the moment it opens.

Early access and a say in what we build. No spam.

You're on the list.

We'll email you the moment early access opens.