# Policies And Approvals

> Control-plane resources (Policy and Approval) that gate sensitive operations through the runtime lifecycle. Coming soon.

Source: https://business-api-docs.youhodler.com/docs/concepts/policies-and-approvals

Control-plane resources determine whether a requested action proceeds
as submitted or requires an explicit governance outcome first. The
public API will expose this layer through canonical `Policy` and
`Approval` resources rather than hidden business logic or one-off
tenant behaviors.

> **Coming soon:** Public surfaces for policies and approvals are being prepared.

## What Belongs Here

When this concept lands, the layer will cover:

- **Policy** resources that declare governance rules, control posture,
and approval requirements at a scope (enterprise, client, or
account)
- **Approval** cases created by policy evaluation, with explicit
`approve`, `reject`, and `cancel` decisions and discoverable
eligible approvers
- the link between an approval case and the operation it gates,
surfaced through operation status (`pending_approval` and
successors) and `approval_ref` on the operation view
- four-eyes and separation-of-duties patterns expressed through role
assignments and approver eligibility

The model is built so governance is part of the runtime contract — an
integration sees governance outcomes through the same operation and
event streams it already consumes, not through a separate
administrative side-channel.