All systems operational

Approval System

Approvals keep humans in control of meaningful actions. An approvals record tracks pending decisions, and specific flows — content, client deliverables, expenses, timesheets, and live WordPress publishing — require a person to approve before proceeding.

#Purpose

Describe the human-in-the-loop approval model and its gates.

#Architecture

An approvals table tracks items awaiting a decision (pending, approved, rejected). Distinct flows enforce their own review step: live publishing uses a wp_publish_live approval; content, deliverables, expenses, and timesheets each have a decide step.

Reviewers are determined by role — for example, timesheet decisions require CEO/admin/manager, and self-approval is blocked.

#How it works

1

Submit

An item (content, deliverable, expense, timesheet, or publish request) enters a pending state.
2

Route

A reviewer with the right permission is required to decide.
3

Decide

The reviewer approves or rejects; AI never self-approves.
4

Proceed

Only approved items move forward; rejected items return for revision.

#Implementation notes

  • Live WordPress publishing is gated by a wp_publish_live approval.
  • Self-approval is explicitly blocked where it applies (e.g., timesheets).
  • Approvals are organization-scoped like all tenant data.

#Limitations

Known limitations

  • The set of approval-gated actions is defined by the product, not user-configurable.
  • There is no arbitrary approval-chain builder.

#Security considerations

Security

  • Never remove human approval for sensitive actions.
  • Ensure a permitted reviewer exists so approvals are not chronically stuck.
  • AI output must be reviewed before approval.

#Best practices

  • Assign reviewers up front.
  • Keep approvals moving to avoid blocking work.
  • Review AI-assisted items carefully before approving.

Still need help?

Can’t find what you’re looking for? The DevSphere OS team is happy to help.