I’ve noticed that teams often give agents the ability to perform real tasks, such as refunding money, changing accounts, and writing to production databases, without involving a human in the process. When there is an approval step, there’s no reliable record of who approved what or when.
To address this issue, I created Approv. It’s a simple API call that pauses an agent’s risky action and prompts a human to approve or reject it via WhatsApp (with an SMS fallback). Every state change is hashed and signed with Ed25519, ensuring that the audit trail is tamper-evident and can be independently verified by anyone. The response includes the public key and the exact hashing formula.
The stack consists of Deno edge functions (with a hexagonal core), Postgres (using pgmq queue and pg_cron), Twilio, and a Next.js dashboard. The app is live and free to try.
Here are some links for further information:
- Live app: https://approv-app.vercel.app - 90-second demo: https://www.loom.com/share/1b286fb19b1a4730a2d5ed6e8a9c2ac3
I would genuinely appreciate your feedback on the audit design and whether the human-in-the-loop model aligns with your approach to building agents. Feel free to critique it thoroughly.