Control Write Safety
Write operations like merging a PR or closing an issue can have irreversible consequences. The SDK provides an approval layer that intercepts mutations before they execute.
Configure write safety and approvals
Require approval for all writes
By default, every write operation requires explicit approval. You don't need to pass any extra option:
import { createGithubTools } from '@github-tools/sdk'
const tools = createGithubTools({
})
Disable approval in trusted environments
In CI pipelines or automated workflows where human review happens elsewhere (e.g. PR-based), you can disable approval entirely:
import { createGithubTools } from '@github-tools/sdk'
const tools = createGithubTools({
requireApproval: false,
})
Configure approval per operation
For nuanced policies, enable approval selectively. This example approves destructive actions but allows comments freely:
import { createGithubTools } from '@github-tools/sdk'
const tools = createGithubTools({
requireApproval: {
createBranch: false,
forkRepository: true,
createRepository: true,
mergePullRequest: true,
createOrUpdateFile: true,
closeIssue: true,
createPullRequest: false,
addPullRequestComment: false,
createIssue: false,
addIssueComment: false,
},
})
Assess risk by operation
| Operation | Risk | Suggested policy |
|---|---|---|
createRepository | High | Always require approval |
forkRepository | High | Always require approval |
createOrUpdateFile | High | Always require approval |
mergePullRequest | High | Always require approval |
closeIssue | Medium | Require in production repos |
createPullRequest | Medium | Optional in trusted CI |
createBranch | Low | Usually skip |
addPullRequestComment | Low | Usually skip |
createPullRequestReview | Medium | Require in production repos |
addIssueComment | Low | Usually skip |
addLabels | Low | Usually skip |
removeLabel | Low | Usually skip |
deleteGist | High | Always require approval |
createGist | Medium | Optional in trusted CI |
updateGist | Medium | Require in production |
createGistComment | Low | Usually skip |
triggerWorkflow | High | Always require approval |
cancelWorkflowRun | High | Always require approval |
rerunWorkflowRun | Medium | Require in production repos |
Override approval per tool
You can also set needsApproval via the overrides option, which supports all AI SDK tool properties:
createGithubTools({
overrides: {
addIssueComment: { needsApproval: false },
mergePullRequest: { needsApproval: true },
},
})
When both requireApproval and overrides set needsApproval for the same tool, the overrides value wins (it is applied last).
eve approval (richer policies)
On the eve subpath, requireApproval supports boolean gates, 'once' (approve once per session), string sugar ('always' / 'never'), input-dependent predicates, and passthrough of eve's always() / once() / never() helpers. Write tools default to always() when unlisted.
import { createGithubTools } from '@github-tools/sdk/eve'
export default createGithubTools({
preset: 'maintainer',
requireApproval: {
mergePullRequest: true,
createIssue: 'once',
createOrUpdateFile: ({ toolInput }) => toolInput?.owner !== 'vercel-labs',
},
})
Unlike createDurableGithubAgent, eve approval pauses the session durably until a person approves.