How do I let an agent skip repeated approvals on certain calls?

A require_approval verdict is right the first time you see a call, but asking a human to re-approve the exact same safe call every run is just approval fatigue. Standing grants let you decide once, permanently, for a specific key and tool pattern.

What a standing grant does

On /dashboard/standing-grants, create a grant for one API key with a tool pattern (a glob against server/tool, for example demo/db_query or demo/db_*) and a decision:

Allow: matching calls skip the policy's require_approval step entirely and go straight through.
Deny: matching calls are blocked outright, without ever creating a pending approval or sending a notification.

Each grant has an optional note (for your own reference) and an enabled toggle, so you can pause a grant without deleting it.

How this differs from a temporary allowlist

Enforgate already has a reactive, time-boxed mechanism: when someone approves a held call, they can grant a temporary allowancefor 1, 8, or 24 hours so the same call doesn't need re-approval during that window (see setting up approvals). A standing grant is the proactive, non-expiring cousin of that. You decide ahead of time, not in response to a pending request, and it never expires on its own.

Use a temporary allowance when you're reacting to a specific request and want a short grace period. Use a standing grant when you already know a given key calling a given tool is always safe (or always unsafe) and don't want a human in the loop for it at all.

Standing grants don't change your policy

A grant doesn't edit the underlying policy rule that produced require_approval. It sits in front of it. Removing or disabling the grant immediately reverts that key's matching calls to going through approval again, with no policy change needed.

Standing grants are a Pro and Scale feature. On the Free plan, every require_approval verdict requires a human decision (or a temporary allowance from a real approval) every time.