Grantry
Start free
← All posts

Approval gates

Approval gates for AI workers: read freely, gate the writes

6 min read

There are two ways to get approval gates wrong. One is to gate nothing, and discover the mistake when an agent changes a live budget at 2 a.m. The other is to gate everything, and watch the team route around the friction until the gate is theater. The useful design sits in between: let agents read and analyze freely, and pause only the actions that are expensive to undo.

Reads and writes are not the same risk

An agent that pulls a campaign report, reads a CRM record, or queries analytics is doing work that is cheap to repeat and harmless to get wrong. An agent that changes a bid, publishes a page, pushes to production, or emails a customer is doing work that costs money or reaches the outside world. Treating those two classes the same is what makes governance feel like a tax.

So the first move is classification: mark a small set of actions as risky — spend changes, publishes, pushes, deletes, customer-facing sends — and let everything else run without a prompt.

What a good gate does

  • Dry-run by default. Let the agent compute and validate the change (a validate_only pass) so a human approves a concrete diff, not a vague intention.
  • Pause, don't fail. A gated call should wait for a decision, then resume — not error out and force the agent to retry blindly.
  • Carry context. The approval request should show the worker, the action, the target account, and the exact payload, so the reviewer can decide in seconds.
  • Log both outcomes. Approved and rejected calls both belong in the audit trail. The rejections are often the most interesting line in it.

Keep the gate narrow on purpose

The instinct under pressure is to gate more. Resist it. Every unnecessary gate trains the team to click "approve" without reading — and an approval reflex is worse than no gate, because it launders risk as oversight. Gate the actions where a human genuinely adds judgment, and let the agent own the rest. A narrow gate that people actually read beats a broad gate they rubber-stamp.

The point of a gate is not to slow the agent down. It is to put a human at exactly the moments where being wrong is expensive — and nowhere else.

Where gates fit with the rest

Approval gates are one of four moving parts in governing an AI worker: scoping which tools it sees, routing calls to the right account, gating the risky writes, and recording every attempt. Gates are the part a human touches directly, which is why getting their width right matters so much — too wide and they are ignored, too narrow and they miss the action that mattered.

Grantry models this as policy on the role: reads flow, risky actions wait for approval, and the whole sequence — request, decision, result — lands in the audit log.

Grantry

Let agents read freely. Gate the actions that cost.

Start for free

Questions first? Email [email protected].