The Approval Queue: How to Review AI Actions Before They Execute
Some actions are too important to let AI execute without a human in the loop. The Stow approval queue pauses these requests and hands control back to you — before anything happens.
When your AI agent wants to send an email, post to a Slack channel, trigger a deployment, or update a database record, it's about to affect something real. The approval queue is the pause button — the action is queued, you review it, and it only executes when you say go.
What Triggers the Approval Queue
Any operation you've configured as Approval Required in your permission settings will queue when the AI attempts it. The queue is triggered by your policy — not by the AI's confidence or your instruction. Even if you told Claude to "definitely send this email," if Send Messages is set to Approval Required, it queues.
Send email (Gmail)
External communication — goes to real recipients
Post to Slack channel
Visible to the whole team; hard to un-send
Trigger Vercel build
Kicks off a real pipeline; can break production
Merge GitHub PR
Irreversible code change to your main branch
Update Airtable records
Modifies production data immediately
Create Calendly link
Changes how people can book time with you
Delete Neon branch
Permanent deletion of database state
Create Stripe charge
Real money movement, no automatic reversal
What Happens When a Request Queues
Claude makes a tool call for an operation set to Approval Required
Stow receives the request and assigns it a pending_approval status — it doesn't execute
Claude receives a holding response: the action is queued, not yet complete
You receive an alert (email, Discord, or Telegram if configured)
The request appears in your Approval Queue in the Stow dashboard
You review the details — agent, tool, parameters, risk score — and approve or deny
On approval: Stow executes the operation against the service; status updates to executed
On denial: the request is cancelled and logged as denied; Claude receives the rejection
Reviewing a Queued Request
When you open a queued request in the Stow dashboard, you'll see:
- Agent: which AI agent made the request (Claude, Cursor, ChatGPT)
- Tool: the specific operation requested (e.g.,
gmail-send-message) - Risk Score: the score assigned by the Risk Engine at evaluation time
- Timestamp: when the request was made
- Network Context: whether the request matched the Security Baseline
Note that you won't see the message body or other payload content — that's stripped by the Zero-Retention policy. You're reviewing the action metadata, not the content. If you need to see the content before approving, check the AI's conversation output directly.
Approve vs. Deny: How Claude Responds
Approve
The operation executes immediately. The Activity Log updates to executed. Claude receives confirmation and can continue the conversation — 'Done, your email has been sent.'
Deny
The request is cancelled. The Activity Log updates to denied. Claude receives a rejection and can inform you — 'The send request was denied. Would you like to revise the draft?'
Which Operations Are Best Set to Approval Required
The right permission level depends on the reversibility and visibility of the action:
- Approval Required: anything external (sends to real people), anything that modifies production state (database updates, deployments), anything financial
- Allowed: read operations, draft creation, search and summarization, anything with no external effect
- Off: truly destructive operations you never want AI to attempt (delete records, delete projects, revoke access)
Keeping the Queue from Becoming Friction
If you find yourself approving the same types of requests repeatedly without ever denying them, consider whether that operation actually needs approval or could be set to Allowed. The queue is most valuable when it's catching things you'd genuinely want to review — not creating rubber-stamp overhead for routine actions.
Good signals that an operation can move from Approval Required to Allowed:
- You've approved it 10+ times without ever denying it
- It's a draft or staging action, not a final send or publish
- The worst-case outcome is easily reversible
Stow Security Team
April 19, 2026