Documentation
WARN → Human Approval
WARN → Human Approval
When ASG returns WARN, you must pause execution and require a human to approve before proceeding.
End-to-end flow
text
21 lines
Your system
|
| 1) POST /api/validate
v
AI Safety Gate
|
| 2) WARN + decision_id + approval_token
v
Your system (pause execution)
|
| 3) Human reviews decision in dashboard
v
Dashboard reviewer
|
| 4) POST /api/decisions/<decision_id>/approve OR /block
v
AI Safety Gate
|What you receive from /api/validate
A
WARN response includes a decision_id and an approval_token. You must persist the decision_id and treat the approval_token as a secret.json
{
"status": "WARN",
"decision_id": "dec_...",
"approval_token": "appr_...",
"risk_score": 60,
"reason": "WARN: Review required by vendor-managed policy."
}Immutable vs mutable
| Field | Immutable? | What to do |
|---|---|---|
| decision_id | Yes | Persist for audit/troubleshooting and approval lookup. |
| approval_token | No (short-lived) | Store temporarily for polling. Expect expiration. |
What you must do
- Persist the
decision_id(immutable identifier for this review). - Do not execute the underlying action while the decision is
WARN. - Present the decision to an approver (your own UI or the ASG dashboard).
- Approver explicitly approves or rejects the decision.
- Poll approval status and execute only after
approved: true.
Endpoints used in this flow
Approval actions are performed by an authenticated dashboard session. Polling can be done either with your API key or with the short-lived
approval_token.| Purpose | Endpoint | Auth |
|---|---|---|
| Approve WARN (once) | POST /api/decisions/<decision_id>/approve | Dashboard session cookie |
| Reject WARN (once) | POST /api/decisions/<decision_id>/block | Dashboard session cookie |
| Poll with API key | GET /api/decisions/<decision_id>/approval | Authorization: Bearer <API_KEY> |
| Poll with approval token | GET /api/decisions/<decision_id>/approval | X-Approval-Token: <approval_token> |
Example approval responses
json
{
"decision_id": "dec_...",
"approved": true
}json
{
"decision_id": "dec_...",
"rejected": true
}Polling examples
You can poll approval status using either your API key (recommended for backend services) or the short-lived
approval_token.text
GET /api/decisions/dec_.../approval
Authorization: Bearer <API_KEY>text
GET /api/decisions/dec_.../approval
X-Approval-Token: appr_...Timeout behavior
Set a maximum wait time for approvals. If the timeout is reached, do not execute. Re-run
/api/validate to obtain a fresh decision (and a fresh approval_token if WARN is returned again).Important
- Do not execute on WARN.
- Approval is per decision_id.
- Approval tokens expire. If token polling returns
approved: falsedue to expiry, re-validate and request approval again.
Legal & Responsibility Notice
Summary
Informational only
Provided for general guidance. Not legal, compliance, security, or professional advice.
You control implementation
You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.
Liability limitation
To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.