Human-in-the-Loop: Where People Should Still Check the Work
Full autonomy sounds efficient until an agent does the wrong irreversible thing. Human-in-the-loop means choosing checkpoints on purpose, not everywhere and not nowhere.
The core idea
Human-in-the-loop (HITL) means a system pauses at certain points and waits for a person to approve, edit, or reject what it's about to do, instead of running start to finish alone. It's a design choice about where to put a checkpoint, not a statement that automation can't be trusted.
Where checkpoints tend to make sense
Irreversible actions - deleting data, messaging someone outside your team, spending money - are the classic case: once it happens, there's no undo. Low-confidence situations are another: if a task looks unlike anything handled before, that's a good moment to ask a person. High-stakes but rare decisions, like a production deployment, are worth a checkpoint even if the system is usually right.
What a checkpoint looks like in an AI coding agent
Often this is simply an agent proposing a specific action - deleting a file, running a migration, pushing to production - and pausing until you approve it. Some systems let you approve as-is, edit the action, or reject it with feedback the agent can act on.
The risk of auto-accepting everything
Turning off all checkpoints removes friction, but also removes the last chance to catch a mistake before it becomes real - a wrong file deleted, a wrong deploy pushed. The right amount of human-in-the-loop isn't zero and isn't everything; it's putting the pause exactly where a mistake would actually hurt.
EXAMPLE
A concrete rule: any tool call that writes outside the current project folder, runs a database migration, or sends an external message pauses for approval. Reading files and running tests do not.
๐ ๏ธ EXERCISE โ TRY IT YOURSELF
Design a checkpoint rule for an AI agent working on your own project.
- List 3-5 actions an agent might take in your project, from harmless (reading a file) to risky (deploying, deleting).
- For each one, decide: reversible or not, and how costly a mistake would be.
- Mark which ones should require approval and which should run automatically.
- Write the rule down in one or two sentences, the way you would configure it in a real tool.
โ SELF-CHECK
- โ Did you note for each action whether it's reversible or irreversible?
- โ Does every checkpoint sit before execution, not after?
- โ Is every checkpoint technically enforced, instead of just a request in the prompt?
QUICK QUIZ
What's the key design mistake to avoid when adding human-in-the-loop checkpoints to an agent?
SOURCES
- Google Cloud: What Is Human-in-the-Loop? โ cloud.google.com
- LangChain Docs: Human-in-the-Loop โ docs.langchain.com
- Anthropic Engineering: Building Effective Agents โ www.anthropic.com
- Claude Code Doku: Permissions โ code.claude.com
- MCP-Spezifikation: Tools (Security) โ modelcontextprotocol.io