Every approval request has an expiration. If no decision is made before it expires, the request is auto-marked as expired and the tool does not execute. Expired requests stay visible on the dashboard's Recent Activity and Activity feeds so nothing disappears silently.
- On the Organizations page, set an Approval timeout for the org (presets: 5 minutes, 15 minutes, 1 hour, 4 hours, 24 hours, 3 days, 7 days). This applies to every tool in that org unless the tool overrides it.
- On the Tools page, each tool has a Timeout column. Leave it as "Default (org setting)" to inherit, or pick a preset to override for that tool only.
- At request time, oakallow resolves the timeout in this order: tool setting, then org setting, then a 1-hour fallback. Values are clamped between 60 seconds and 7 days.
- REST callers can also seed an override via the API. POST /v1/approvals/request accepts an optional timeout_seconds field. When provided, the value is persisted to the per-tool override (org_tools.approval_timeout_seconds) for that (org, tool) pair, so every future approval for that tool honors it without the field being passed again. Same clamp rules apply. Customers managing hundreds of tools through the API can set timeouts in bulk this way without using the dashboard. The dashboard still shows the override and "Inherit from org" still clears it.