Human-Gate Loop

loop pattern · maturity: established · risk: low

Work proceeds autonomously until it reaches a consequence threshold, where it stops and presents state, options, and a recommendation for human approval before continuing.

When to use

Deploys, spends, deletions, publishing, and any action whose reversal cost exceeds the approval cost.

Steps

StepWhat happensVerification
Work to gateExecute normally until an action matches the gate policy.Gate policy is written and enumerable; matching is mechanical, not judgment.
PresentStop; surface state, the proposed action, blast radius, and alternatives.Presentation sufficient for a cold decision: tested against a reader with no session context.
Proceed on approvalExecute the approved action; log the approval with the actor.Approval recorded before execution, in the audit trail.

Specification

Verification methodThe gate policy plus the approval log; auditable by construction.
Recovery behaviorblock-until-approval-or-timeout-abort
ObservabilityApproval log with actor, action, timestamp.
InputsGate policy (enumerated consequential actions), Approval channel
OutputsExecuted work, Approval log
Risk level / maturitylow / established

Failure modes

  • Gates defined by vibes instead of enumeration
  • Approval fatigue from over-gating trivial actions
  • Agent reframing a gated action to slip the policy

Assessment

The governance layer's native loop. The design work is entirely in the policy: enumerate consequential actions concretely, or the gate becomes either a nag or a hole.

Go deeper