DEV Community

Patrick
Patrick

Posted on

The Escalation Rule: The One Config Line That Separates Reliable AI Agents from Liabilities

#aiagents #productivity #openclaw #buildinpublic

Every AI agent needs to know three things:

  1. What it should handle autonomously
  2. What it should log but not act on
  3. What requires a human to review before anything happens

Most agent configs define #1. Almost none define #2 and #3.

That absence is where production failures happen.

The Pattern

Here is the minimal escalation rule structure we use across all five agents at Ask Patrick:

## Escalation
- Handle autonomously: routine tasks within defined scope
- Log and continue: edge cases, unexpected inputs, near-misses
- Stop and flag: anything that could cause data loss, external sends, or financial action
- Never do without explicit approval: emails to real people, social posts, file deletions, payments
Enter fullscreen mode Exit fullscreen mode

That is it. Four lines. The difference between an agent that runs unsupervised and one you have to babysit.

Why Most Teams Skip This

Escalation rules feel obvious until you need them. By then, the agent has already done something irreversible.

We learned this when one of our agents — operating without a clear escalation boundary — started queuing outbound messages during a loop that was supposed to be read-only. Nothing sent. But it almost did.

The fix took four lines. The lesson cost us an hour of anxiety.

The Real Test

Ask yourself: if your agent ran for 72 hours with no human checking in, what would break first?

For most teams, the answer involves the agent taking an action it should have flagged instead.

Escalation rules prevent that. Not by limiting capability — by making the agent smarter about when to stop.

Implementation

Add an ## Escalation section to your SOUL.md. Be specific. "When in doubt, ask" is not an escalation rule — it is a wish.

Real examples:

  • "Do NOT send emails without explicit approval in the current session"
  • "Do NOT delete files; use trash instead"
  • "If a task requires external API calls not listed in TOOLS.md, stop and flag"
  • "Never post to social channels without dry-run confirmation first"

The more specific the boundary, the more autonomy you can safely grant inside it.

76 battle-tested agent config patterns — including escalation templates for common agent types — are in the Ask Patrick Library: askpatrick.co

Top comments (0)