promptgarten ๐ŸŒฑ
๐ŸŒ ES
Conceptโ—โ—โ—‹4 min ยท +40 XP

Human-in-the-Loop: Where People Should Still Check the Work

Full autonomy sounds efficient until an agent does the wrong irreversible thing. Human-in-the-loop means choosing checkpoints on purpose, not everywhere and not nowhere.

The core idea

Human-in-the-loop (HITL) means a system pauses at certain points and waits for a person to approve, edit, or reject what it's about to do, instead of running start to finish alone. It's a design choice about where to put a checkpoint, not a statement that automation can't be trusted.

Where checkpoints tend to make sense

Irreversible actions - deleting data, messaging someone outside your team, spending money - are the classic case: once it happens, there's no undo. Low-confidence situations are another: if a task looks unlike anything handled before, that's a good moment to ask a person. High-stakes but rare decisions, like a production deployment, are worth a checkpoint even if the system is usually right.

What a checkpoint looks like in an AI coding agent

Often this is simply an agent proposing a specific action - deleting a file, running a migration, pushing to production - and pausing until you approve it. Some systems let you approve as-is, edit the action, or reject it with feedback the agent can act on.

The risk of auto-accepting everything

Turning off all checkpoints removes friction, but also removes the last chance to catch a mistake before it becomes real - a wrong file deleted, a wrong deploy pushed. The right amount of human-in-the-loop isn't zero and isn't everything; it's putting the pause exactly where a mistake would actually hurt.

EXAMPLE

A concrete rule: any tool call that writes outside the current project folder, runs a database migration, or sends an external message pauses for approval. Reading files and running tests do not.

๐Ÿ› ๏ธ EXERCISE โ€” TRY IT YOURSELF

Design a checkpoint rule for an AI agent working on your own project.

  1. List 3-5 actions an agent might take in your project, from harmless (reading a file) to risky (deploying, deleting).
  2. For each one, decide: reversible or not, and how costly a mistake would be.
  3. Mark which ones should require approval and which should run automatically.
  4. Write the rule down in one or two sentences, the way you would configure it in a real tool.

โœ… SELF-CHECK

  • โ˜ Did you note for each action whether it's reversible or irreversible?
  • โ˜ Does every checkpoint sit before execution, not after?
  • โ˜ Is every checkpoint technically enforced, instead of just a request in the prompt?

QUICK QUIZ

What's the key design mistake to avoid when adding human-in-the-loop checkpoints to an agent?

SOURCES

RELATED TOPICS

Permission Modes for Agents โ—โ—โ—‹Guardrails for Autonomous Agents โ—โ—โ—Securing Agents in Practice โ—โ—โ—‹Security in Vibe Coding โ—โ—โ—‹