Approvals
Every consequential change waits for a yes.
What does a 15%+ discount actually look like getting approved? The flow parks, the order locks, and finance sees the request in the approvals inbox — record snapshot, who did what when, all in one panel. Approve to release it, reject with a comment to send it back, and a stalled request escalates on its own. The schema change an AI just proposed rides the exact same queue.
- 4 ways
- Route to a user, role, team, or manager hierarchy
- Locked
- Records hold still while a decision is pending
- Recorded
- Every request, decision, and escalation is audited
Sign-off as metadata
The approval policy fits in one review.
This is that discount chain: finance reviews first (any one responder), executives confirm (unanimous), the record stays locked throughout, and at most two revision round-trips. The policy itself is a compact definition anyone can read.
import { defineFlow } from '@objectstack/spec';
export const DiscountApproval = defineFlow({
name: 'sales_discount_approval',
label: 'Discount Approval',
type: 'autolaunched',
nodes: [
{
id: 'start',
type: 'start',
label: 'On Large Discount',
config: {
objectName: 'sales_order',
triggerType: 'record-after-update',
condition: 'discount > 15 && discount != previous.discount',
},
},
{
id: 'finance_review',
type: 'approval',
label: 'Finance Review',
config: {
approvers: [{ type: 'role', value: 'finance' }],
behavior: 'first_response',
lockRecord: true,
maxRevisions: 2,
},
},
{
id: 'exec_review',
type: 'approval',
label: 'Executive Review',
config: {
approvers: [{ type: 'role', value: 'exec' }],
behavior: 'unanimous',
lockRecord: true,
},
},
{ id: 'approved', type: 'end', label: 'Approved' },
{ id: 'rejected', type: 'end', label: 'Rejected' },
],
edges: [
{ id: 'e1', source: 'start', target: 'finance_review' },
{ id: 'e2', source: 'finance_review', target: 'exec_review', label: 'approve' },
{ id: 'e3', source: 'finance_review', target: 'rejected', label: 'reject' },
{ id: 'e4', source: 'exec_review', target: 'approved', label: 'approve' },
{ id: 'e5', source: 'exec_review', target: 'rejected', label: 'reject' },
],
}); The approval model
Follow the discount through both sign-offs
Approvers resolve against the same identity model as permissions, so reorganizations do not break sign-off chains — and every step below lives in one definition.
A two-step chain
Finance reviews first, executives confirm, sequenced in one flow — finance is “first response wins”, executives are “must be unanimous”, and each step sets its own behavior.
Approvers resolved from the org
Route to the finance role, a team, or up the requester’s manager hierarchy — resolved against live identity at request time, so personnel changes never mean editing flows.
Stalls escalate themselves
Finance hasn’t touched it in three days? The request escalates and reminds automatically — processes stop dying in one inbox.
Locking and send-back
While the decision is pending the order holds still — nobody edits past the reviewer. Finance can also return it for revision: sales fixes the discount and resubmits, at most twice (maxRevisions: 2).
Every decision on the record
Who was asked, who answered, which snapshot they saw, and when — a complete, immutable trail behind every approval, ready for audit.
The approvals inbox
The screen approvers actually work in
The open-source console ships an approvals inbox — not a link in an email, but a workbench with context where decisions actually happen.
Three tabs
“My pending” (waiting on me), “Submitted by me” (where are mine), and “All” (paginated overview) — each row shows the process, record, submitter, status, and time.
Decide with context, in a side panel
Open any row: the record snapshot, the step-by-step action timeline, approve/reject buttons, and a comment box — no hunting through other screens for context.
Recall and return for revision
Submitters can recall their own requests; reviewers can return for revision instead of a flat reject — with status colors for pending, approved, rejected, recalled, and returned.
Built for high-volume approvers
j/k to move, Enter to open, a/r to approve or reject — clearing a queue of requests never touches the mouse.
The AI governance gate
The same queue that reviews people reviews AI
This is the mechanism that makes AI-written software governable: structural changes from an agent do not ship — they queue.
Structural changes queue
When an agent proposes new objects, fields, flows, or permission changes, the change lands in the same approvals inbox as a compact diff.
The diff is the request
Reviewers see exactly what would change — schema, authority, automation — not a description of it.
Sensitive actions gated
Runtime actions can require sign-off too, so an AI-triggered refund or bulk update waits for a person.
Decision surface
What changes, who reviews it, what runs
| Business need | AI writes | Runtime supplies |
|---|---|---|
| Discounts above 15% need finance | An approval step on the change | Routing, the inbox, locking, decision records |
| Big refunds need two approvals | A multi-step chain | Sequenced sign-off with escalation and send-back |
| Nothing stalls in one inbox | A timeout and an escalation path | Automatic escalation and reminders |
| AI schema changes get reviewed | The proposed diff itself | The approval queue in front of deployment |
Review checklist
An approval review should confirm
- Every high-consequence action names its approval path.
- Routing uses roles and hierarchy, not hardcoded people.
- Timeouts and escalation are defined for every step.
- Records lock while decisions are pending.
- AI-proposed structural changes cannot bypass the queue.
FAQ
Questions this page should answer
Are approvals a separate system from flows?
No — an approval is a durable step inside a flow. That keeps one execution model for the whole process: the flow pauses, people decide, the flow resumes.
Is the approvals inbox in the open-source edition?
Yes. The three-tab inbox, side-panel timeline, comments, recall and return-for-revision, and keyboard shortcuts ship in the open-source console — alongside multi-step approvals, approver resolution, escalation, record locking, and the audit trail.
Next pages