Approval Gate Expiry Sweep
Approval Gate Expiry Sweep
The Approval Gate Expiry Sweep is a scheduled batch job that automatically detects and resolves stale approval gates. It ensures that pipeline runs never hang indefinitely waiting for a human approval that never arrives.
Overview
When a pipeline run reaches an approval gate, it pauses and waits for explicit sign-off. If no action is taken within the allowed window, the sweep job automatically expires the gate and marks the associated pipeline run as failed — then notifies the project owner so they can act.
Schedule
The sweep runs every hour on a cron schedule:
0 * * * *
This means a gate can expire at most ~60 minutes after its expiresAt timestamp has passed.
How It Works
1. Detection
Each run, the job queries the approval_gates table for all records matching:
status = 'pending'
AND expiresAt <= NOW()
2. Gate Expiry
For each matching gate, the job calls:
expireApprovalGate(gateId)
This transitions the gate's status from pending → expired.
3. Pipeline Failure
The pipeline_run associated with the expired gate is immediately marked as failed:
| Field | Value |
|---|---|
status | failed |
error | Approval gate expired after 24h — pipeline abandoned |
4. Owner Notification
A notification is sent to the project owner using their configured preferences in notification_settings. This alerts them that a pipeline was abandoned due to an unactioned approval gate.
Affected Entities
| Entity | What Changes |
|---|---|
approval_gates | status set to expired |
pipeline_runs | status set to failed, error populated |
notification_settings | Read to determine owner notification channel |
Expiry Window
Approval gates have a 24-hour expiry window. If a gate is not actioned within 24 hours of creation, it will be swept on the next hourly tick after its expiresAt timestamp.
What to Do After Expiry
If your pipeline was abandoned due to an expired approval gate:
- Check your notifications for the expiry alert.
- Review why the gate was not actioned in time (e.g. alert fatigue, wrong notification channel).
- Re-trigger the pipeline run from the development dashboard.
- Update your
notification_settingsif the alert was not received.