Skip to main content

Approvals

Atlas provides an approval system that gates sensitive operations behind operator confirmation. When enabled, certain actions require explicit human approval before they execute.

Enable approvals

atlas config set approvals.enabled true

Configuration

[approvals]
enabled = false                # Enable/disable approval workflows
auto_approve_timeout_secs = 0  # Auto-approve after N seconds (0 = never)
forward_to = []                # Forward approval requests to these peers
SettingDescription
enabledMaster switch for the approval system
auto_approve_timeout_secsIf non-zero, requests auto-approve after this many seconds without a response. Set to 0 to require explicit approval.
forward_toList of peer node IDs that receive forwarded approval requests

Approval workflow

1

An operation requests approval

When an exec command includes the --approve flag, or a pattern matches approval_required_patterns, the operation is paused and an approval request is created.
atlas exec run deploy.sh --approve
2

View pending approvals

atlas approval pending
Output:
No pending approval requests
When approvals are pending, they display with their request ID, the operation details, and when they were created.
3

Approve or deny

atlas approval approve <request_id>
4

View approval history

atlas approval log
Shows the history of all approved and denied requests.

Budget limits

The budget configuration provides automatic guardrails for payment-related operations: 
[budget]
auto_approve_limit = 0    # Auto-approve payments up to this amount (USDC raw units, 0 = none)
max_payment = 0           # Maximum allowed payment amount (0 = no limit)
SettingDescription
auto_approve_limitPayments at or below this amount are automatically approved without operator confirmation. Set to 0 to require approval for all payments.
max_paymentHard ceiling on any single payment. Payments above this are rejected outright. Set to 0 for no limit.
Budget amounts are in raw USDC units (6 decimals). For example, 5000000 = 5.00 USDC.

Combining with exec policies

Approvals work alongside exec policies:
  1. The exec security mode (deny/allowlist/full) determines if a command can run
  2. The approval system determines if a command should run without confirmation
  3. Budget limits determine if a payment can proceed automatically