Skip to content
GuiGPaP Lab
FREN

Approval Workflow Hub

1. What? — Definition and context

Section titled “1. What? — Definition and context”

Docker updates, critical MCP operations, incident remediations — several workflows need a human approval before they act. Rather than having every workflow reimplement its own validation logic, the Approval Workflow Hub centralises every request in a uniform format with [Approve] / [Reject] Telegram buttons.

Approval sources

Section titled “Approval sources”
SourceExampleCallback
Docker DIUNApplication image updatenotif_approve_<id>
MCP GatewayN8N workflow writemcp_approve_<id>
Incident ResponseAutomatic remediationincident_execute_<id>
File ProviderCustom image rebuildapprove_file_<key>

2. Why? — Stakes and motivations

Section titled “2. Why? — Stakes and motivations”

Problems solved

Section titled “Problems solved”
ProblemWithout the hubWith the hub
Duplicated logicEvery workflow runs its own buttonsUnified format and storage
No trackingApproval lost if Telegram crashesData Table with audit trail
Silent timeoutNo reply = nothing happensConfigurable timeout with default action

3. How? — Technical implementation

Section titled “3. How? — Technical implementation”

Architecture

Section titled “Architecture”

Approval request sources

Docker DIUN · application update

MCP Gateway · workflow write

Incident Response · remediation

File Provider · custom rebuild

Approval Workflow Hub · normalisation

Data Table Pending Approvals · audit trail

Notification Hub · Telegram buttons

Wait for callback · configurable timeout

Route by type

SSH update command

HTTP POST cli-ollama gateway

Run remediation script

Trigger Docker rebuild

The hub normalises each request into a common format stored in the Pending Approvals Data Table:

FieldDescription
approval_idUnique identifier
typeclaude / docker / incident / file_provider
sourceTriggering workflow
contextContext payload (JSON)
callback_urlReturn URL (for the MCP gateway)
statuspending / approved / rejected / expired

When the user clicks a button, the callback is routed by type:

  • Docker → runs the SSH update command
  • MCP → HTTP POST to the cli-ollama gateway
  • Incident → starts the remediation script
  • File Provider → triggers the Docker rebuild

4. What if? — Perspectives and limits

Section titled “4. What if? — Perspectives and limits”

Current limits

Section titled “Current limits”
LimitImpactMitigation
Single adminOnly one approverSufficient for solo use
No escalationTimeout = nothing happensReminder notification planned

Evolution scenarios

Section titled “Evolution scenarios”

If a team is involved:

  • Multi-signature approval (2 admins out of 3)
  • Temporary delegation (vacation)
  • Approval history in Grafana
Section titled “Related pages”

Workflows

Section titled “Workflows”

Infrastructure

Section titled “Infrastructure”