Gate the executable
Mediate host tool execution instead of trusting every agent policy setting.
Human approval for agent commands
Approval gates for the commands AI agents actually run
Agent-side prompts are useful, but they live inside the agent. Automic Vault adds approval beneath the agent, at the tool and secret layer where the action happens.
Last updated: May 15, 2026
AI agent approval gates are strongest when they run at the tool layer. Automic Vault shows the sensitive command before execution so approval is tied to the executable, command path, and requested capability.
Wrong layer
If the agent is the control plane, the control can fail with the agent.
Allowlists and model prompts help, but they depend on the same session making the plan. Risky tool use needs a checkpoint below that layer.
Gate credential use
Inject secrets only when an approved target path receives the named keys.
Keep tools stable
Root-owned package roots reduce accidental or malicious tool rewrites.
Make the choice concrete
Show the action that will run so approval is about behavior, command path, and blast radius.
Use cases
Gate the moments where the blast radius changes.
An agent tries npm publish, twine upload, or another release command.
An agent tries to print tokens with commands such as gh auth token.
An agent tries AWS commands that can inspect, mutate, or delete infrastructure.
Related protections