Guide

Control Write Safety

Gate dangerous operations with human approval policies.

Write operations like merging a PR or closing an issue can have irreversible consequences. The SDK provides an approval layer that intercepts mutations before they execute.

Configure write safety and approvals

Require approval for all writes

By default, every write operation requires explicit approval. You don't need to pass any extra option:

default-approval.ts
import { createGithubTools } from '@github-tools/sdk'

const tools = createGithubTools({
  })

Disable approval in trusted environments

In CI pipelines or automated workflows where human review happens elsewhere (e.g. PR-based), you can disable approval entirely:

ci-pipeline.ts
import { createGithubTools } from '@github-tools/sdk'

const tools = createGithubTools({
  requireApproval: false,
})

Configure approval per operation

For nuanced policies, enable approval selectively. This example approves destructive actions but allows comments freely:

selective-approval.ts
import { createGithubTools } from '@github-tools/sdk'

const tools = createGithubTools({
  requireApproval: {
    createBranch: false,
    forkRepository: true,
    createRepository: true,
    mergePullRequest: true,
    createOrUpdateFile: true,
    closeIssue: true,
    createPullRequest: false,
    addPullRequestComment: false,
    createIssue: false,
    addIssueComment: false,
  },
})

Assess risk by operation

OperationRiskSuggested policy
createRepositoryHighAlways require approval
forkRepositoryHighAlways require approval
createOrUpdateFileHighAlways require approval
mergePullRequestHighAlways require approval
closeIssueMediumRequire in production repos
createPullRequestMediumOptional in trusted CI
createBranchLowUsually skip
addPullRequestCommentLowUsually skip
createPullRequestReviewMediumRequire in production repos
addIssueCommentLowUsually skip
addLabelsLowUsually skip
removeLabelLowUsually skip
deleteGistHighAlways require approval
createGistMediumOptional in trusted CI
updateGistMediumRequire in production
createGistCommentLowUsually skip
triggerWorkflowHighAlways require approval
cancelWorkflowRunHighAlways require approval
rerunWorkflowRunMediumRequire in production repos

Override approval per tool

You can also set needsApproval via the overrides option, which supports all AI SDK tool properties:

override-approval.ts
createGithubTools({
  overrides: {
    addIssueComment: { needsApproval: false },
    mergePullRequest: { needsApproval: true },
  },
})

When both requireApproval and overrides set needsApproval for the same tool, the overrides value wins (it is applied last).

eve approval (richer policies)

On the eve subpath, requireApproval supports boolean gates, 'once' (approve once per session), string sugar ('always' / 'never'), input-dependent predicates, and passthrough of eve's always() / once() / never() helpers. Write tools default to always() when unlisted.

eve-approval.ts
import { createGithubTools } from '@github-tools/sdk/eve'

export default createGithubTools({
  preset: 'maintainer',
  requireApproval: {
    mergePullRequest: true,
    createIssue: 'once',
    createOrUpdateFile: ({ toolInput }) => toolInput?.owner !== 'vercel-labs',
  },
})

Unlike createDurableGithubAgent, eve approval pauses the session durably until a person approves.

Approval is one safety layer, not the only one. Combine it with least-privilege token scopes and narrow presets.

External references