Approval Gate
Agent runs autonomously until it reaches an irreversible or high-stakes action — sending an email, deploying code, spending money. Execution halts. A human reviews the specific action, its context, and consequences, then approves or rejects. The bottleneck is intentional.
- Triggered by action type, not confidence level — the gate is deterministic, not probabilistic
- Human is a decision gate: they approve or block a specific action, not the whole task
- High friction by design — if it fires too often, the agent is scoped too broadly
- Suitable for: financial transactions, external communications, infrastructure changes
Interrupt on Uncertainty
The agent is trusted by default and operates autonomously — but it monitors its own confidence. When it drops below a calibrated threshold, it surfaces a specific "I'm not sure" signal and pauses, waiting for human input before continuing. Requires a well-calibrated uncertainty model, which is non-trivial.
- Agent must distinguish what it knows from what it doesn't — calibration matters more than raw capability
- The interrupt carries a specific question, not just a confidence score
- Unlike an approval gate, this fires on ambiguity — it is query-driven, not action-driven
- Common in medical, legal, and financial contexts where errors compound
Post-hoc Review
Agent operates at full speed. Outputs are staged — written to a review buffer, not committed. The human reviews the batch, approves clean outputs, and rejects or corrects problematic ones. Faster UX than approval gates, still fully reversible.
- Human is a quality gate, not a decision gate — they review output, not intent
- Works best for content generation, document transforms, data pipelines
- Throughput scales independently of review speed — the staging buffer absorbs the difference
- Rejected items can be requeued with corrective context injected for the agent
Async Audit
The agent operates at full autonomy. All actions are logged with structured traces. The human is out of the loop until something looks wrong — they scan logs, flag anomalies, and trigger rollbacks. This is the model most production systems gravitate toward: it scales, but depends entirely on good observability and reliable rollback primitives.
- Human reviews traces, not actions — oversight is retrospective, not preventive
- Rollback must be a first-class primitive, not an afterthought
- Trust is validated by the audit trail, not by pre-approval
- Scales to high throughput; the cost is that errors can propagate before detection