> ## Documentation Index
> Fetch the complete documentation index at: https://conto.finance/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Approval Workflows for Agent Payments

> Configure multi-step approval workflows, escalation paths, and external approval channels for high-risk agent payments.

# Approval Workflows for Agent Payments

Approval workflows let you keep low-risk agent payments fast while routing exceptional cases through
human review. In Conto, approvals are part of the payment control center, not an afterthought layered
on later.

## When to Use Approval Workflows

Approval workflows are a strong fit when you need any of the following:

* Payments above a finance threshold
* New recipients that have not built trust yet
* Category-specific review, such as treasury or vendor onboarding flows
* Role-based approvals for finance, ops, or compliance
* Dual control or sequential review for larger transfers

## How the Flow Works

```mermaid theme={null}
flowchart TD
    Payment["Agent requests payment"] --> Policy["Policy engine + workflow matching"]
    Policy --> Match{"Workflow matched?"}
    Match -->|"No"| Continue["Normal approval / deny path"]
    Match -->|"Yes"| Create["Create approval request"]
    Create --> Notify["Send notifications to external channels"]
    Notify --> Decision["Approver decisions"]
    Decision --> Approved{"Required approvals reached?"}
    Decision --> Rejected{"Any rejection?"}
    Approved -->|"Yes"| Execute["Payment status moves to APPROVED"]
    Approved -->|"No"| Pending["Stay pending"]
    Rejected -->|"Yes"| Deny["Payment status moves to DENIED"]
    Rejected -->|"No"| Pending
    Execute --> Audit["Audit log + webhook + channel record"]
    Deny --> Audit
```

## How Conto Matches a Workflow

Conto evaluates active workflows in priority order and picks the first workflow whose trigger
conditions match the payment context.

Workflow matching runs for every non-denied payment. That means a workflow can deliberately hold an
otherwise policy-approved request, which is how verifier pilots such as Delta act as an approval
gate without becoming the settlement layer.

### Supported trigger conditions

| Trigger                  | What it matches                                               |
| ------------------------ | ------------------------------------------------------------- |
| `amountThreshold`        | Amounts at or above a threshold                               |
| `currency`               | Currency-specific review                                      |
| `categories`             | Category-based review, such as vendor or infrastructure spend |
| `agentIds`               | A specific set of agent IDs inside the organization           |
| `agentTypes`             | Specific agent frameworks or classes                          |
| `newRecipients`          | First-time recipients                                         |
| `counterpartyTrustLevel` | Low-trust or unknown counterparties                           |

This makes approval workflows a good complement to trust scoring and counterparty rules. For example,
you can auto-approve trusted vendors while forcing review for unknown recipients.

`agentIds` is especially useful for staged rollouts and verifier pilots. It lets you bind a workflow
to one or two agents in a mixed org without turning on the same review path for every other agent.

## Workflow Settings That Matter

| Setting              | What it does                                              |
| -------------------- | --------------------------------------------------------- |
| `priority`           | Higher-priority workflows match first                     |
| `requiredApprovals`  | Number of approvals needed before a payment moves forward |
| `timeoutHours`       | Expiration window for pending requests                    |
| `allowSelfApproval`  | Whether the initiator can approve their own request       |
| `approverRoles`      | Role-based access, such as `OWNER` or `ADMIN`             |
| `specificApprovers`  | Explicit user allowlist for a workflow                    |
| `sequentialApproval` | Enforces approval order when specific approvers are set   |

<Info>
  Any rejection ends the workflow immediately. Approvals accumulate until the required approval
  count is reached.
</Info>

## External Approval Channels

Approval requests can be delivered to external channels so finance or ops teams can act without
logging into Conto for every review.

Supported channels include:

* Slack
* Email
* Telegram
* WhatsApp
* Webhook

Each decision records the acting channel, and Conto keeps an audit trail of who approved, when they
approved, and how the request was resolved.

For step-by-step setup, see [/guides/external-approvals](/guides/external-approvals).

## Recommended Patterns

### Pattern 1: Single approval for large payments

| Setting            | Example                                                   |
| ------------------ | --------------------------------------------------------- |
| Trigger            | `amountThreshold = 100`                                   |
| Required approvals | `1`                                                       |
| Approver roles     | `OWNER`, `ADMIN`                                          |
| Best for           | Day-to-day spend that only needs review above a threshold |

### Pattern 2: Review first-time recipients

| Setting            | Example                                                                  |
| ------------------ | ------------------------------------------------------------------------ |
| Trigger            | `newRecipients = true`                                                   |
| Required approvals | `1`                                                                      |
| Approver roles     | `ADMIN`                                                                  |
| Best for           | Preventing agents from sending funds to unknown addresses without review |

### Pattern 3: Dual control for sensitive transfers

| Setting            | Example                                              |
| ------------------ | ---------------------------------------------------- |
| Trigger            | `amountThreshold = 5000`                             |
| Required approvals | `2`                                                  |
| Self approval      | `false`                                              |
| Best for           | Treasury, vendor onboarding, or high-value transfers |

### Pattern 4: Sequential approval for finance + security

| Setting             | Example                                                           |
| ------------------- | ----------------------------------------------------------------- |
| Specific approvers  | `finance lead`, then `security lead`                              |
| Sequential approval | `true`                                                            |
| Best for            | Controls that require ordered sign-off from multiple stakeholders |

### Pattern 5: Scoped verifier pilot in a shared org

| Setting            | Example                                               |
| ------------------ | ----------------------------------------------------- |
| Trigger            | `amountThreshold = 0`, `agentIds = ["agent_ap_demo"]` |
| Required approvals | `1`                                                   |
| Best for           | Running a verifier like Delta against one agent first |

## Pair Approval Workflows with Trust Scoring

One of the highest-signal combinations is:

1. Use trust scoring to classify counterparties.
2. Let trusted or verified recipients flow normally.
3. Route unknown or deteriorating counterparties into approval workflows.

That gives you a fast path for established counterparties and a controlled path for new or risky
ones.

## Canonical Approval Architecture

The most common production stack looks like this:

* Policy engine blocks clearly disallowed payments outright.
* Trust scoring enriches the recipient before the payment is evaluated.
* Approval workflows catch the gray area between auto-approve and hard deny.
* External channels deliver requests to the real stakeholders.
* Audit logs and webhooks make the outcome visible to finance and operations systems.

## Related Guides

<CardGroup cols={2}>
  <Card title="External Approvals" icon="tower-broadcast" href="/guides/external-approvals">
    Connect Slack, email, Telegram, WhatsApp, or webhooks
  </Card>

  <Card title="Trust Scoring" icon="shield-check" href="/guides/trust-scoring">
    Use counterparty trust as an approval trigger
  </Card>

  <Card title="Securing Agents" icon="shield" href="/guides/securing-agents">
    See where approvals fit in a layered policy model
  </Card>

  <Card title="Architecture Patterns" icon="diagram-project" href="/guides/architecture-patterns">
    Visual reference for approval and payment flows
  </Card>
</CardGroup>
