Skip to main content

Approvals & ChangePlans

Approvals and ChangePlans are the safety path for actions that need user review. They let Anyy pause before a risky tool call or state-changing plan, persist the pending decision, and replay the approved action through a trusted route.

When Approval Is Required

Approval depends on the effective tool descriptor and tool-specific behavior:

CaseBehavior
Direct readsUsually run without approval.
Audited low-risk writesRun and write audit records when the descriptor requires it.
Connector mutationsReturn needs_approval before sending or mutating external records.
Desktop controlcomputer_use asks for capture grants and approval for mutating actions.
Host/config/root-capable actionsUse confirmation or ChangePlan policy before execution.
Force-required actionsOffer only force_approve and deny.

Toolsets only control visibility. A visible tool still keeps its own risk, approval policy, execution policy, output budget, timeout, and audit category.

ChangePlan Lifecycle

Created

A tool result with status change_plan_created creates a pending ChangePlan and an approval prompt. The plan stores:

FieldMeaning
titleHuman-readable plan name.
riskRisk class such as config-high, dangerous, or force-required.
execution_policychange_plan or force_change_plan.
preconditionsConditions that should hold before execution.
current_stateStructured snapshot used for review.
proposed_changesIntended mutations.
commandsCommands or operations to execute.
validation_stepsChecks to run after execution.
rollback_steps / rollback_modeRecovery instructions when available.
expected_impactUser-facing impact summary.
plan_hashHash checked before approved execution.

Pending ChangePlans default to a 10 minute expiry.

Approved

Approving a prompt marks the ChangePlan approved. Force approval marks it force_approved and writes a force-path audit event.

Anyy checks that the approval decision was actually offered by the prompt. If only force_approve was offered, a plain approve decision is upgraded to force_approve in the trusted decision path.

Executed

Before execution, Anyy verifies that:

CheckPurpose
StatusThe plan is approved or force-approved as required.
ExpiryNon-force plans have not expired.
Plan hashThe approved plan still matches the plan being executed.
Policyforce_change_plan plans are force-approved before execution.

Execution can mark a plan executing, verified, failed, or rolled_back.

Approval Surfaces

Approval routes are represented as tui, cli, weixin, or dashboard. Available routes depend on the session surface and runtime path that created the approval.

The approval prompt includes:

FieldMeaning
kindtool_call or change_plan.
session_id / turn_idScope for replay and display.
tool_call_idOriginal tool call when applicable.
change_plan_idPlan id for ChangePlan approvals.
title, summary, riskReview text.
optionsAllowed decisions.
expires_atApproval expiry.

Scheduled Approvals

Cron-created ChangePlans can carry scheduled metadata such as cron_job_id, cron_run_id, origin session, channel binding, role, actor, and workspace. The approval summary includes the scheduled due time when that context is present.

Audit Trail

Approvals and ChangePlans write audit events:

EventCategory
Prompt decisionapproval
Force approvalforce_path
Plan created/updated/approved/executing/verified/failed/rolled backchange_plan

Tool replay also records approval correlation metadata so an audit trail can tie the approved execution back to the approval id, tool call id, and ChangePlan id.

Dashboard Approvals Page

The dashboard's Approvals page lists open and decided approvals through the approval.list RPC. It can approve or deny open prompts from the browser session.

The dashboard page is intentionally scoped to approval decisions. Detailed tool logs, plan internals, and session transcripts remain in the relevant runtime, audit, or session views.