Approval bridge

Pause custom actions for portal approval.

Use the approval bridge when a connector-authored action must wait for a reviewer before execution. Ingest telemetry can fail open; approval cannot.

Request and poll

The helper signs approval requests and polls the portal status endpoint with fail-closed behavior.

js
const { createPortalApprovalBridge } = require('@autodevops/verifier-portal-client');

const approval = await createPortalApprovalBridge().requestAndPollApproval({
  session_id: 'custom-session-1',
  tool_name: 'git',
  correlation_id: 'approval-custom-session-1',
  approval_target_label: 'git push origin HEAD:main',
  command_preview: 'git push origin HEAD:main',
  policy_decision: 'confirm',
  final_decision: 'pending',
  policy_source: 'policy.regulated-byoc',
  policy_version: '2026-05-16',
  policy_reason: 'Protected branch updates require reviewer approval.',
  requested_at: new Date().toISOString(),
});

if (!approval.approved) {
  throw new Error(approval.reason || 'Portal approval did not approve the governed action.');
}

Environment

The approval helper can derive runtime endpoints from a standard ingest endpoint, but explicit endpoints are clearer in production.

bash
export AUTODEVOPS_PORTAL_INGEST_ENDPOINT="https://portal.example.com/api/verification-portal/ingest"
export AUTODEVOPS_PORTAL_INGEST_SECRET="shared-hmac-secret"
export AUTODEVOPS_TEAM_ID="00000000-0000-4000-8000-000000000000"
export AUTODEVOPS_PORTAL_APPROVAL_REQUEST_ENDPOINT="https://portal.example.com/api/verification-portal/runtime/approval-request"
export AUTODEVOPS_PORTAL_APPROVAL_STATUS_ENDPOINT="https://portal.example.com/api/verification-portal/runtime/approval-status"

Fail behavior

Approval behavior is intentionally stricter than telemetry behavior.

  • Missing config returns a denied result.
  • Transport failures return a denied result.
  • Reviewer timeout returns a denied result.
  • Human denial returns a denied result and preserves the reviewer decision.
  • Telemetry-only ingest can fail open when the agent should keep running and retry later.

Security boundary

Do not treat approval transport failures as user preference. The runtime should block the action and record that approval was unavailable.