Human-in-the-Loop Approval Design
The best Rocky workflow is not “ask for permission every second” or “let the agent do anything.” It separates low-risk work from actions that deserve a human decision.
Official Hermes Agent docs: https://hermes-agent.nousresearch.com/docs/user-guide/configuration
Actions that usually need approval
- Sending customer, client, legal, or public statements.
- Entering or changing payment information.
- Typing secrets, API keys, passwords, or recovery codes.
- Deleting data, resetting production systems, or changing access controls.
- Deploying a high-impact change without passing checks.
- Contacting a third party by phone, text, email, or social platform.
Actions Rocky can often do autonomously
- Read public docs and public web pages.
- Draft content for review.
- Run local syntax checks and non-destructive tests.
- Create screenshots and QA reports.
- Search owned public source files.
- Prepare a deployment plan without executing it.
Approval gate checklist
- Is the action reversible?
- Could it spend money, expose private data, or notify a real person?
- Does the user need to enter a secret directly into a vendor UI?
- Is there a verified rollback path?
- Has Rocky already shown the exact change and evidence?
Pitfalls
Too many prompts create fatigue and encourage blind approval. Too few prompts create unnecessary risk. The practical answer is to define categories ahead of time and keep the final decision attached to evidence.
Verification steps
- Review logs or summaries for skipped approval points.
- Confirm no secret was typed into chat or saved in public files.
- Confirm high-risk actions were explicitly approved or deliberately deferred.
- Revisit the gate after the workflow has run a few times.
