Approval Workflows
Approval workflows add governance to sensitive Forge operations. When a mold defines an approval flow, runs pause and wait for designated approvers to approve before execution begins.
How it works
Section titled “How it works”- A user creates a run from a mold that has an
approvalFlowsection - The run enters
pending_approvalstatus - Approvers listed in the first step are notified
- An approver reviews the request and approves or rejects it
- If the step requires multiple approvals, additional approvers are notified
- Once all steps are approved, the run begins execution
- If any step is rejected, the run fails
Defining approval flows in molds
Section titled “Defining approval flows in molds”Add an approvalFlow section to your mold YAML:
approvalFlow: required: true auto_approve_after: 86400 # seconds (24 hours) -- optional steps: - name: Security Review description: Security team must approve production provisioning approvers: - security-lead@company.com required_count: 1 - name: Platform Review description: Platform team must approve resource allocation approvers: - platform-lead@company.com - infra-lead@company.com required_count: 1Fields
Section titled “Fields”| Field | Required | Description |
|---|---|---|
required | Yes | Set to true to enable approval |
auto_approve_after | No | Seconds before auto-approval (omit to require manual approval) |
steps | Yes | One or more approval steps, executed sequentially |
steps[].name | Yes | Display name for the approval step |
steps[].description | No | Explanation shown to approvers |
steps[].approvers | Yes | Email addresses of users who can approve this step |
steps[].required_count | Yes | How many approvals are needed (usually 1) |
Steps are evaluated in order. Step 2 does not begin until step 1 is fully approved.
Reviewing approval requests
Section titled “Reviewing approval requests”- Navigate to Forge > Approvals
- Pending requests show the mold name, requester, and which step is waiting
- Click a request to see the full details: inputs, mold version, and any previous decisions
- Click Approve or Reject
- Optionally add a comment explaining your decision
Request statuses
Section titled “Request statuses”| Status | Meaning |
|---|---|
pending | Waiting for approver decision |
approved | All steps approved, run will execute |
rejected | Denied at any step, run will not execute |
cancelled | Requester cancelled the request |
expired | Approval timeout reached (if auto_approve_after is not set) |
- Keep approval chains short. One or two steps covers most use cases.
- Set
required_count: 1unless you genuinely need dual approval for compliance. - Use
auto_approve_afterfor low-risk operations where you want a review window but don’t want to block indefinitely. - List multiple approvers per step so the request doesn’t stall if one person is unavailable.
- Add a
descriptionto each step so approvers understand what they are approving and why.