Review or act on agent decisions awaiting human approval. Also known as: pending approvals, agent blocked, sign off, review decisions, approve AI work. Per-action input requirements: • action="list" (default when action omitted) → No required fields. Optional filters: limit, urgency_filter, initi...
AI agents use approve_agent_work to create or update resources in OrgX — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your OrgX environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
note | string | — | Optional approver note for action="approve". Free-text rationale stored in audit history. |
limit | number | — | Used only when action="list" (or omitted). Max pending decisions to return. |
action | string | — | Operation to perform. Defaults to "list" (returns pending approvals). Use "approve" or "reject" to act on a specific decision_id. |
reason | string | — | REQUIRED for action="reject". Explanation of why the decision was rejected — used by the agent to adjust its next attempt. |
_context | object | — | Client context for conversation tracking (strongly recommended for cross-client continuity) |
decision_id | string | — | REQUIRED when action="approve" or action="reject". Decision UUID from the pending approvals list. |
initiative_id | string | — | Used only when action="list". Scopes pending decisions to a specific initiative UUID. |
urgency_filter | string | — | Used only when action="list". Filters the returned pending decisions by urgency. |
Parameters from the server's own tool schema.
An AI agent can call approve_agent_work faster than any human can review — one bad instruction and it creates or modifies resources in OrgX by the hundred, each call as confident as the last.
Risk signalsHigh parameter count (24 properties)
Documented attack patterns abuse exactly the kind of access approve_agent_work gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and OrgX, and nothing reaches the server without passing your rules. This is the rule we recommend for approve_agent_work:
{
"version": "1",
"default": "deny",
"tools": {
"approve_agent_work": {
"limits": [
{
"counter": "approve_agent_work_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}approve_agent_work stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Review or act on agent decisions awaiting human approval. Also known as: pending approvals, agent blocked, sign off, review decisions, approve AI work. Per-action input requirements: • action="list" (default when action omitted) → No required fields. Optional filters: limit, urgency_filter, initiative_id. • action="approve" → REQUIRES decision_id. Optional: note (free-text approver rationale). • action="reject" → REQUIRES decision_id AND reason (explanation shown to the assigned agent so it can adjust its next attempt). It is categorised as a Write tool in the OrgX MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
approve_agent_work accepts 8 parameters: note, limit, action, reason, _context, decision_id, initiative_id, urgency_filter. The full parameter table on this page comes from the server's own tool schema.
Register the OrgX MCP server in PolicyLayer and add a rule for approve_agent_work: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OrgX. Nothing to install.
approve_agent_work is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the approve_agent_work rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for approve_agent_work. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
approve_agent_work is provided by the OrgX MCP server (useorgx/orgx-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 29 OrgX tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
29 OrgX tools catalogued and risk-classified — across an index of 42,500+ MCP servers.