Request Approval Skill
Use Preloop's request_approval MCP tool to get human approval before executing risky operations. Preloop will notify the user (via Slack, email, mobile apps, etc.) and wait for their response.
Setup
Preloop must be configured as an MCP server. See references/SETUP.md for configuration details.
When to Request Approval
ALWAYS Request Approval For:
- - Deleting anything (files, directories, database records, cloud resources)
- Production changes (deployments, config changes, environment variables)
- Database operations (schema changes, migrations, bulk deletions/updates)
- External modifications (creating/merging PRs, posting to APIs, sending emails)
- Security changes (permissions, access controls, API keys)
- Financial operations (purchases, charges, refunds)
- System modifications (installing packages, changing system settings, CI/CD changes)
Usually Request Approval For:
- - Creating pull requests or issues (unless explicitly requested)
- Pushing commits to main/master branches
- Modifying critical files (package.json, requirements.txt, docker-compose.yml, etc.)
- Running commands that modify system state
- Making bulk changes (affecting many files/records)
DON'T Request Approval For:
- - Reading files or data
- Searching or querying
- Creating feature branches
- Running tests (in isolated environments)
- Making commits to feature branches
How to Use
Call the request_approval tool BEFORE executing the risky operation.
Parameters
Required:
- -
operation (string): Clear, specific description of what you'll do
- ✅ Good: "Delete the logs/2024-01/ directory containing 1,234 log files (2.3GB)"
- ❌ Bad: "Delete some logs"
- -
context (string): Additional details about what will be affected
- ✅ Good: "This directory contains archived application logs from January 2024. The logs have been backed up to S3. Deleting will free up 2.3GB."
- ❌ Bad: "Old logs"
- -
reasoning (string): Why this operation is necessary
- ✅ Good: "Disk usage is at 92% capacity. These logs are archived in S3 and no longer needed locally."
- ❌ Bad: "Need more space"
Optional:
- -
caller (string): Auto-populated by Preloop - INLINECODE6� (string): Specific approval policy name (uses account default if omitted)
Response
The tool returns a string:
- - Approved: Success message → proceed with the operation
- Denied: "Approval denied" or "Approval denied: {reason}" → STOP, don't execute
- Error: Error message → check configuration or try again
Quick Example
Task: User asks to delete old cache files
Your workflow:
- 1. Check what exists: 3,421 cache files, 1.8GB, from last week
- Call
request_approval:
- operation: "Delete the temp-cache/ directory"
- context: "Contains 3,421 cache files totaling 1.8GB from batch jobs that ran last week. All jobs completed successfully."
- reasoning: "Cache is no longer needed and is consuming disk space. Results are in the database."
- 3. Wait for response
- If "denied" in response → tell user it's cancelled, ask for alternatives
- If approved → proceed with deletion
See references/EXAMPLES.md for more examples.
Decision Framework
When unsure:
- 1. Can this be undone easily? NO → Request approval
- Could this cause harm or data loss? YES → Request approval
- Is this modifying production or external systems? YES → Request approval
- Would a human want to review this first? YES → Request approval
- Am I uncertain about the safety? YES → Request approval
Golden Rule: When in doubt, request approval. Better to ask unnecessarily than to cause harm.
If Approval is Denied
- 1. Stop immediately - do NOT proceed
- Check for comments - denial may include reasoning
- Inform the user - explain why it was cancelled
- Look for alternatives - can you accomplish the goal differently?
- Don't retry - don't ask again unless circumstances change
Best Practices
DO:
- - ✅ Request approval BEFORE executing
- ✅ Be specific and detailed
- ✅ Include numbers (file count, size, affected records)
- ✅ Explain the impact
- ✅ Respect denials
DON'T:
- - ❌ Execute first, then ask
- ❌ Be vague
- ❌ Bundle multiple operations
- ❌ Proceed if denied
- ❌ Skip approval because you think it's "probably fine"
Additional Resources
Remember: Safety first! Trust is earned by being cautious and respectful of the user's systems and data.
请求审批技能
在执行高风险操作前,使用Preloop的request_approval MCP工具获取人工审批。Preloop将通过(Slack、电子邮件、移动应用等)通知用户,并等待其回复。
设置
Preloop必须配置为MCP服务器。配置详情请参阅references/SETUP.md。
何时请求审批
始终请求审批:
- - 删除任何内容(文件、目录、数据库记录、云资源)
- 生产环境变更(部署、配置更改、环境变量)
- 数据库操作(模式变更、迁移、批量删除/更新)
- 外部修改(创建/合并PR、调用API、发送电子邮件)
- 安全变更(权限、访问控制、API密钥)
- 财务操作(购买、收费、退款)
- 系统修改(安装软件包、更改系统设置、CI/CD变更)
通常请求审批:
- - 创建拉取请求或问题(除非明确要求)
- 推送到主/主干分支
- 修改关键文件(package.json、requirements.txt、docker-compose.yml等)
- 运行修改系统状态的命令
- 进行批量更改(影响多个文件/记录)
无需请求审批:
- - 读取文件或数据
- 搜索或查询
- 创建功能分支
- 运行测试(在隔离环境中)
- 提交到功能分支
使用方法
在执行高风险操作之前调用request_approval工具。
参数
必需:
- - operation(字符串):清晰、具体地描述您将要执行的操作
- ✅ 良好:删除 logs/2024-01/ 目录,包含1,234个日志文件(2.3GB)
- ❌ 不佳:删除一些日志
- - context(字符串):关于受影响内容的额外详细信息
- ✅ 良好:此目录包含2024年1月的存档应用程序日志。日志已备份到S3。删除将释放2.3GB空间。
- ❌ 不佳:旧日志
- - reasoning(字符串):为什么需要执行此操作
- ✅ 良好:磁盘使用率已达92%。这些日志已存档到S3,本地不再需要。
- ❌ 不佳:需要更多空间
可选:
- - caller(字符串):由Preloop自动填充
- approval_policy(字符串):特定审批策略名称(省略则使用账户默认策略)
响应
工具返回一个字符串:
- - 已批准:成功消息 → 继续执行操作
- 已拒绝:审批被拒绝或审批被拒绝:{原因} → 停止,不要执行
- 错误:错误消息 → 检查配置或重试
快速示例
任务:用户要求删除旧的缓存文件
您的工作流程:
- 1. 检查现有内容:3,421个缓存文件,1.8GB,来自上周
- 调用request_approval:
- operation:删除 temp-cache/ 目录
- context:包含上周批处理作业产生的3,421个缓存文件,总计1.8GB。所有作业已成功完成。
- reasoning:缓存不再需要,正在占用磁盘空间。结果已存储在数据库中。
- 3. 等待响应
- 如果响应中包含已拒绝 → 告知用户操作已取消,询问替代方案
- 如果已批准 → 继续执行删除
更多示例请参阅references/EXAMPLES.md。
决策框架
当不确定时:
- 1. 能否轻松撤销? 否 → 请求审批
- 是否可能造成损害或数据丢失? 是 → 请求审批
- 是否修改生产环境或外部系统? 是 → 请求审批
- 人工是否希望先审查? 是 → 请求审批
- 对安全性不确定? 是 → 请求审批
黄金法则:有疑问时,请求审批。宁可多问,也不造成损害。
如果审批被拒绝
- 1. 立即停止 - 不要继续执行
- 检查评论 - 拒绝可能包含原因说明
- 通知用户 - 解释为什么操作被取消
- 寻找替代方案 - 能否以不同方式达成目标?
- 不要重试 - 除非情况发生变化,否则不要再次请求
最佳实践
应该:
- - ✅ 在执行前请求审批
- ✅ 具体且详细
- ✅ 包含数字(文件数量、大小、受影响的记录)
- ✅ 说明影响
- ✅ 尊重拒绝决定
不应该:
- - ❌ 先执行,再请求
- ❌ 含糊不清
- ❌ 捆绑多个操作
- ❌ 被拒绝后继续执行
- ❌ 因为觉得可能没问题而跳过审批
其他资源
记住:安全第一!通过谨慎行事和尊重用户的系统与数据来赢得信任。
