Summary
Critical runbooks require approval from another team member before execution.
Design
- New
approval field in runbook.yaml:
approval:
required: true
channels: [slack, webhook]
dops run infra.rotate-secrets sends approval request with params- Approver clicks approve → execution starts
- TUI shows "Waiting for approval..." with live status
- Webhook-based integration (Slack, Teams, PagerDuty, custom)
- Timeout + auto-deny configurable
Impact
Adds human-in-the-loop safety for dangerous operations. Audit trail captures who approved.
Summary
Critical runbooks require approval from another team member before execution.
Design
approvalfield in runbook.yaml:dops run infra.rotate-secretssends approval request with paramsImpact
Adds human-in-the-loop safety for dangerous operations. Audit trail captures who approved.