TemporalDaily Tempo research

Deep report preview

Agent Approvals and Human Leashes, 2026

A category report on how human approval, delegation windows, renewal, and runtime leash enforcement should work in serious agent systems.

Workflow governanceMarch 23, 20268 live artifactsFull report free on web
Read full reportView artifact manifest

Scope

Built for operators deciding when to require fresh approval, when to allow bounded delegation, and how to explain authority clearly.

  • Approval should be modeled by workflow stage, not treated as one global yes or no.
  • Human leashes should be time-bounded, scope-bounded, and checked at runtime, not just at creation time.
  • The real design tradeoff is preserving human authority without forcing operators to re-approve every harmless step.

Methodology

How this report was assembled

Anchored the report in official workflow and identity documentation from Microsoft, Cloudflare, Oracle, and Passage, with dates stated as of March 22, 2026.

Used one Perplexity deep-research run plus four focused search queries to map approval stages, resume behavior, renewal controls, and step-up authentication patterns.

Separated approval, delegated runtime authority, resume, renewal, and publish into distinct operator decisions instead of collapsing them into one generic authorization model.

Preferred explicit denial reasons, operator tradeoffs, and unattended-subscription controls over abstract governance language.

Sources

Public evidence used in this preview

Official

Microsoft AG-UI human-in-the-loop

Official guide for human approval checkpoints inside agent workflows.

Open source →
Official

Microsoft Copilot multistage approvals

Official multistage and AI approval documentation useful for stage-aware creation controls.

Open source →
Official

Cloudflare human-in-the-loop best practices

Workflow pause, approval, timeout, and escalation model for long-running agent systems.

Open source →
Official

Oracle delegate versus reassign

Useful distinction between temporary delegation and true ownership transfer.

Open source →
Official

Passage step-up authentication

Reference for requiring fresh user presence on sensitive actions even inside an active session.

Open source →
Ecosystem

Cerbos authorization in workflows

Application-level view of why authorization needs to persist across workflow state transitions.

Open source →
Ecosystem

AI Runtime Security multi-agent controls

Useful guardrail framing for no-privilege-escalation, scope inheritance, and delegation depth.

Open source →
Ecosystem

LoginRadius separation of duties

Workflow-stage identity and separation-of-duties framing for governed agent execution.

Open source →
Ecosystem

ServiceNow approvals and delegation

Operational discussion of delegated approval behavior and managed approval state.

Open source →
Ecosystem

Customizable runtime enforcement for LLM agents

Research framing for hard and soft runtime constraints in long-running agent execution.

Open source →

Key findings

What the free preview already shows

Finding 01

Approval and leash mechanisms solve different problems and should be shown separately in both policy and UI.

Finding 02

Resume is a distinct risk surface because it combines recovery with renewed authority.

Finding 03

Recurring subscriptions need explicit renewal UX, runtime denial reasons, and delivery visibility.

Finding 04

The strongest pattern is stage-aware approval paired with runtime leash scope enforcement and fresh step-up for publish or release.

Dataset summary

Compact report metrics

  • Deep Research Runs: 1
  • Normalized Sources: 88
  • Public Sources: 10
  • Sample Rows: 4
  • Search Queries: 4
  • Window: March 2026

Preview excerpt

Public markdown slice

Thesis

  • Approval should be modeled by workflow stage, not treated as one global yes or no.
  • Human leashes should be time-bounded, scope-bounded, and checked at runtime, not just at creation time.
  • The real design tradeoff is preserving human authority without forcing operators to re-approve every harmless step.

Buyer takeaway

  • Separate approval from continuing delegation.
  • Give resume and publish their own authority model.
  • Make renewal understandable before it becomes a production surprise.

The full report maps approval stages, delegation windows, denial reasons, and renewal patterns into a practical governance model for agent systems.

Sample rows

What the structured payload looks like

Sample 01Sample row
  • Stage: Job creation
  • Risk Surface: Submit and preflight
  • Recommended Model: Budget threshold plus policy approval
  • Why It Matters: Creation is where cost, capability, and private-route intent first become explicit.
Sample 02Sample row
  • Stage: Steady runtime
  • Risk Surface: Delegated execution inside a live run
  • Recommended Model: Time-bounded human leash with runtime scope checks
  • Why It Matters: Low-risk steps should proceed without a fresh human click while the delegated envelope remains valid.
Sample 03Sample row
  • Stage: Resume after block
  • Risk Surface: Recovery and re-entry
  • Recommended Model: Fresh approval plus valid leash
  • Why It Matters: Resume can bypass the original human checkpoint if treated too casually.
Sample 04Sample row
  • Stage: Publish or release
  • Risk Surface: Final high-impact mutation
  • Recommended Model: Fresh owner step-up auth plus diff-aware review
  • Why It Matters: A final outward-facing action deserves stronger ceremony than a normal run step.

Artifacts

Paid deliverables for this slug

Full markdown reportFree

Human-readable dossier with the full authority model, examples, and recommendations.

LiveMARKDOWN

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/markdown

Read full report
Full machine-readable JSONFree

Structured workflow-stage authority rows, source mappings, and governance summary metrics.

LiveJSON

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/json

Open artifact
Chart data artifactFree

Structured chart payload backing the inline report visuals and machine-readable consumers.

LiveCHARTS

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/charts

Open artifact
Definition artifactFree

Saved report definition artifact.

LiveDEFINITION

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/definition

Open artifact
Evidence artifactFree

Structured evidence ledger tying claims and chart provenance back to cited sources.

LiveEVIDENCE

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/evidence

Open artifact
Methodology artifactFree

Structured methodology notes, dataset summary, and report timing metadata.

LiveMETHODOLOGY

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/methodology

Open artifact
Sources artifactFree

Structured source ledger with source kinds, labels, notes, and URLs.

LiveSOURCES

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/sources

Open artifact
Combined report bundleFree

Single purchase target returning the markdown report, JSON artifact, and manifest together.

LiveBUNDLE

Endpoint: /api/reports/agent-approvals-and-human-leashes-2026/bundle

Open artifact

About

About this slug

  • Status: Full report free on web
  • Source mix: 5 official, 5 ecosystem
  • Method steps: 4
  • Version count: 1
  • Updated: March 23, 2026
  • Definition: 0 sections, 4 query runners, 1 prompt runners, and 0 chart goals

Saved plan changes are reviewed separately from evidence changes. Query entries become live query runners, and research prompts become grounded prompt runs during create and refresh.