How to Configure Approval Policies for Your AI Agent in ResolveKit
Approval policies are the control layer that makes AI support agents trustworthy in production. Without them, your agent can answer questions. With them, it can take action — resetting passwords, processing refunds, navigating screens — and your team stays in the loop on everything that matters.
This guide walks through how to configure approval policies in ResolveKit: what the options mean, when to use each mode, and how to wire up the operator dashboard so your team can review and act on pending requests.
Why Approval Policies Exist
A support agent that can only answer questions is useful. A support agent that can actually do things — cancel a subscription, apply a discount, open a support ticket with context pre-filled — is operationally transformative. But the moment the agent can take action, you need a mechanism to control which actions it can take autonomously and which require human sign-off.
ResolveKit's approval system solves this at the function level. Each tool function has an associated policy that determines when it runs on its own and when it pauses for operator approval. The agent never bypasses this layer — it's enforced server-side, not just in the prompt.
The Three Policy Modes
ResolveKit supports three approval modes per function. Choosing the right one is a product decision, not just a technical one.
1. `autonomous` — No approval needed
The function runs immediately when the agent calls it. Use this for low-stakes, reversible actions:
- Look up order status
- Fetch account metadata
- Surface plan-relevant features
- Navigate to a specific screen
The user gets instant resolution. Your server logs the action. No human involvement required.
2. `approval_required` — Pause and wait
The agent calls the function, ResolveKit holds the request, and the operator dashboard shows a pending item. The conversation pauses in the app — the user sees "We're looking into this" — until an operator approves, modifies, or rejects the request.
Use this for actions with meaningful impact:
- Processing a refund
- Resetting a user's password
- Regenerating an API key
- Canceling or downgrading a subscription
3. `disabled` — Agent cannot call this function
The function exists in your code but ResolveKit will refuse to execute it. Use this to selectively disable capabilities without removing them from the agent's instruction set — useful during testing, for dangerous actions you want to keep as examples, or for functions you plan to enable after internal review.
Configuring a Policy in Swift
Here's how to attach a policy to a tool function in iOS:
import ResolveKit
@ResolveKitTool(
name: "reset_user_password",
description: "Resets the password for the authenticated user",
timeout: 30,
policy: .approval_required
)
func resetUserPassword(userId: String) async throws -> Bool {
// Your backend logic here
try await userService.resetPassword(userId: userId)
return true
}The `policy` parameter accepts `.autonomous`, `.approval_required`, or `.disabled`. ResolveKit enforces this server-side — the agent prompt doesn't control whether the function runs.
Configuring a Policy in Kotlin
import resolvekit.*
@ResolveKitTool(
name = "reset_user_password",
description = "Resets the password for the authenticated user",
timeout = 30,
policy = Policy.APPROVAL_REQUIRED
)
suspend fun resetUserPassword(userId: String): Boolean {
// Your backend logic here
return userService.resetPassword(userId)
}The same three policy modes apply on Android: `Policy.AUTONOMOUS`, `Policy.APPROVAL_REQUIRED`, and `Policy.DISABLED`.
Setting Global Defaults
If you have many functions and want a safe default, configure a fallback at the agent level. Functions without an explicit policy inherit the global default:
let agentConfig = ResolveKitAgentConfig(
defaultPolicy: .autonomous,
// Override specific functions:
policyOverrides: [
"process_refund": .approval_required,
"delete_account": .approval_required,
"apply_discount": .autonomous
]
)This lets you ship a conservative default and explicitly open up specific functions.
The Operator Dashboard
When a function is set to `approval_required`, pending requests land in the operator dashboard at `console.resolvekit.app`. Your support or operations team sees:
- The request details — which function was called, with what arguments, for which user
- The conversation context — what the user asked before the request was triggered
- The timestamp — so nothing gets stuck in pending indefinitely
From the dashboard, operators can:
- Approve — let the function execute as requested
- Modify — change the arguments (e.g., reduce a discount amount) and approve
- Reject — explain to the user why the request was denied
This isn't just a safety mechanism — it's a feedback loop. Patterns in approval requests tell you which agent capabilities need better instructions, which user intents are common but unsupported, and where your product has rough edges causing repeated contact.
When to Tighten vs. Loosen Policies
The right policy isn't static. Review it as your team gains confidence in the agent's judgment.
Tighten policy (move from autonomous to approval_required) when:
- The function has been called with edge-case arguments you didn't anticipate
- Users are asking follow-up questions after the function runs — it didn't fully resolve the intent
- Your team is seeing false positives in production (the agent calling a function when it shouldn't)
Loosen policy (move from approval_required to autonomous) when:
- The operator approval rate for a function drops below 5%
- Your team consistently approves with no modifications for 30+ consecutive requests
- The action is genuinely low-stakes (fetching info, navigating screens)
Treat policy as a living configuration. ResolveKit doesn't require app releases to change it — update the SDK config or backend policy file and the change propagates immediately.
Common Policy Configurations
E-commerce app
| Function | Policy |
|---|---|
| `look_up_order` | `.autonomous` |
| `apply_discount_code` | `.autonomous` |
| `process_refund` | `.approval_required` |
| `cancel_subscription` | `.approval_required` |
| `delete_account` | `.disabled` |
SaaS / developer tool
| Function | Policy |
|---|---|
| `fetch_usage_stats` | `.autonomous` |
| `regenerate_api_key` | `.approval_required` |
| `upgrade_plan` | `.autonomous` |
| `delete_workspace` | `.approval_required` |
| `export_data` | `.autonomous` |
Fintech
| Function | Policy |
|---|---|
| `check_balance` | `.autonomous` |
| `view_transaction_history` | `.autonomous` |
| `initiate_transfer` | `.approval_required` |
| `reset_pin` | `.approval_required` |
| `lock_card` | `.autonomous` |
Testing Your Policy Configuration
Before shipping, test the full flow: trigger the function from a user conversation, verify the pending request appears in the dashboard, approve or reject it, and confirm the result is communicated back to the user.
// Simulate a user hitting the approval-required function
let conversation = await agent.sendMessage(
"I need to reset my password — I forgot it"
)
// Verify the pending request
let pending = await operatorAPI.getPendingRequests()
assert(pending.count == 1)
assert(pending[0].function == "reset_user_password")If the conversation doesn't pause when expected, check that the function's policy is correctly set in your SDK configuration — it's a common oversight during initial integration.
Next Steps
Once your approval policies are configured and your team is comfortable with the dashboard workflow, you can expand the agent's capabilities by adding more tool functions. Start with the functions that address your top 10 support ticket types, set policies based on risk, and iterate from there.
For a deeper dive on building tool functions in Swift and Kotlin, see How to Build Custom Tool Functions for Your AI Agent in ResolveKit.
---
Ready to ship? Set up your operator dashboard at console.resolvekit.app and configure your first approval policy today.
Explore ResolveKit pricing for the managed tier — $0.50 per resolution with full operator dashboard access.