Skip to main content
Use --approval secure so pending approvals survive a gateway restart — the SQLite-backed PresentationApprovalBackend persists every decision and rehydrates outstanding requests on startup.

Quick Start

1

Set required env vars (CLI only)

PRAISONAI_APPROVAL_ACTORS is required when using --approval secure from the CLI. For the Python API, pass allowed_actors= directly to PresentationApprovalBackend (see next step).
2

Agent-centric example

3

CLI usage


How It Works


Configuration

Default persistence paths

Override the root with PRAISONAI_HOME:

Programmatic Override

PresentationApprovalBackend constructor parameters:

What Happens on Restart

Rehydrated pending requests keep their original expiry — a restart does not reset the TTL clock. A request that had 30 seconds left still has 30 seconds after rehydration.
  • No live awaiter: the awaiting agent call was lost with the previous process. Rehydrated requests stay resolvable via the gateway UI or API. The audit trail records the terminal state.
  • Expiry is preserved: rehydrate() filters by stored expires_at, so a nearly-expired approval is not inadvertently extended.
  • Fail-open startup: a corrupted store logs the error and returns 0 — it never blocks gateway startup.

Best Practices

Use --approval secure on the CLI (or pass a PresentationApprovalBackend instance via approval= in Python) in your deployment environment. Without a durable store, a gateway restart drops all pending approvals — agents waiting for a human decision receive a timeout/deny.
The secure backend requires at least one authorised actor. Omitting PRAISONAI_APPROVAL_ACTORS causes a startup error by design — it prevents a misconfigured deployment from silently accepting approvals from any actor.
Grants are stored per-host. When rotating to a new host, copy ~/.praisonai/state/*.sqlite to preserve in-flight approvals — do not leave agents in a state where they re-prompt unnecessarily in production.
PRAISONAI_APPROVAL_ACTORS scopes who can approve. Pair this with network-level access controls on the gateway callback endpoint for defence-in-depth.

Secure Approval Backend

Full reference for the actor-authorised, durable approval backend

Gateway

Gateway deployment and configuration

Durable Approvals (Bots)

SQLite-backed approval storage for messaging bots

Approval

Default approval behaviour and backends