"Add a human-in-the-loop" is easy to say and vague to implement. Which actions get a gate? We encode the decision as three checks per agent action, evaluated before the action runs.
1. Reversibility. Tag each action with a blast radius. Cheap-to-undo → can auto-execute. Irreversible or compliance-bearing (a submitted code, a denial) → force the gate. This is metadata on the tool, not a vibe.
2. Groundedness. The action must carry a citation from retrieval (policy clause, guideline). No source → the agent can't act, it can only draft. We enforce this at the output layer: a decision without a cited source is rejected before it reaches the gate.
3. Accountability. Every gated action resolves to a named approver (by role/queue), and the approval is written to an append-only audit log with the citation and the input it saw. "Who decided this" is a query, not a guess.
Implementation-wise: the gate is a durable interrupt (the workflow halts and can resume), PHI is redacted on the input path before any of this runs, and the whole thing sits behind a control plane (MCP-style) so the same rubric applies across agents.
The rubric is the point — it turns "be careful" into three testable conditions. We ship it as governed healthcare AI agents at IntelliBooks Studio — more at intellibooks.ai/overview.

Top comments (0)