Using the CLI
Approvals
Review and decide approval requests raised by execution policies.
Approvals
When an execution policy has the require_approval action, an agent’s matching action pauses and raises an approval request. You decide whether it proceeds. Approvals live under dvx policy approvals.
See what’s waiting
dvx policy approvals list
Each pending request has an external ID, the agent it came from, and what the agent was trying to do.
Approve or deny
dvx policy approvals approve <external_id> --note "looks fine - one-off migration"
dvx policy approvals deny <external_id> --reason "not allowed in production"
Approving lets the agent’s action proceed; denying blocks it. Your note or reason is recorded with the decision.
How approvals fit together
- You create an execution policy with
--action require_approval(see Policies). - When an agent hits a matching action, it’s held and a request appears in
dvx policy approvals list. - You approve or deny it.
- The decision - and who made it - is captured in the audit log.
Use --mode simulate on a policy first if you want to see how often it would fire before you start gating real actions behind approvals.