Approvals & Notifications

When your agent tries to do something risky — a large transfer, an unfamiliar contract, or a spend above your daily limit — WaaP pauses the transaction and asks you to approve it. You get a notification, review what the agent wants to do, and tap approve or deny.

This is the core of WaaP’s supervised autonomy: your agent acts independently for routine operations, but you stay in the loop for anything that matters.

The Telegram Bot

The recommended way to receive approvals is through the official WaaP Telegram bot:

t.me/waap_xyz_bot 

Start the bot before enabling Telegram as your approval method. The bot will:

• Send you a message describing what the agent wants to do (amount, destination, contract)
• Let you tap Approve or Deny
• Confirm the result back to the agent

Set up Telegram approvals

1. Open t.me/waap_xyz_bot  in Telegram and tap Start
2. Get your Telegram user ID (the bot will show it, or use @userinfobot )
3. Enable Telegram as your approval method:

waap-cli 2fa enable --telegram YOUR_TELEGRAM_USER_ID

4. Test it by sending a transaction that exceeds your daily limit — you should get a Telegram message within seconds.

Other Approval Methods

Telegram is the fastest option for agents, but WaaP supports other methods too:

Enable any method via the CLI:

waap-cli 2fa enable --telegram YOUR_TELEGRAM_USER_ID
waap-cli 2fa enable --email
waap-cli 2fa enable --phone YOUR_PHONE_NUMBER
waap-cli 2fa enable --wallet YOUR_WALLET_ADDRESS

Check your current method:

waap-cli 2fa status

What Triggers an Approval

WaaP’s policy engine assigns a risk level to every transaction. When the risk exceeds your threshold, an approval is required.

Common triggers:

• Transaction exceeds your daily spend limit
• Sending to an address not in your address book
• Interacting with an unverified contract
• Large token approval

The Approval Flow

Agent proposes transaction
        ↓
Policy engine evaluates risk
        ↓
Risk ≥ threshold?
   No → Transaction signed automatically
   Yes → Agent pauses, notification sent
        ↓
You review on Telegram (or email/SMS)
        ↓
Approve → Transaction signed and sent
Deny → Agent receives error, skips transaction
        ↓
Timeout (5 min) → Transaction cancelled

For agents using the CLI, the approval flow is automatic — the CLI opens a WebSocket connection and waits up to 5 minutes for your response. No code changes needed.

Skipping Approvals for Routine Operations

If your agent does the same low-risk operation frequently (e.g., repositioning a DeFi position every few hours), requiring approval each time creates friction. Privileges let you pre-approve a scope — specific addresses, spend limits, and time bounds — so the agent can act autonomously within those limits.

# Agent signs with a Privilege — no 2FA triggered
waap-cli send-tx --to 0xCetusPool --value 0.01 --chain-id sui:mainnet \
  --permission-token <encoded-token>

Best Practices

• Enable Telegram before deploying an agent. If 2FA is disabled and your agent makes a risky transaction, it will be blocked with no way to approve it.
• Start with conservative limits. A low daily spend limit means more approval prompts, but you’ll catch mistakes early. Increase limits as you build confidence.
• Use Privileges for production agents. Once you trust the agent’s routine operations, grant a scoped Privilege to reduce friction without sacrificing oversight.

Related

• Policy Controls — Configure spend limits and risk thresholds
• Privileges — Pre-approved scopes for routine operations
• CLI Commands — 2FA — Full 2FA command reference