
The Human-in-the-Loop Approval Model
A useful AI operator should not treat every action the same. Reading a public web page is low risk. Sending a customer message, deleting files, buying something, changing DNS, or posting publicly is not.
Approval categories
Usually safe to automate
- Reading public documentation
- Searching local project files
- Summarizing provided text
- Drafting internal notes
- Running non-destructive checks
- Producing a proposed plan
Usually requires review
- Sending email, texts, or social posts
- Editing public website copy
- Changing configuration used by production systems
- Creating scheduled jobs
- Acting on customer records
- Using browser UI where the result is not easy to reverse
Always requires explicit approval
- Payments, bookings, purchases, refunds, or financial transfers
- Passwords, API keys, OAuth tokens, or credential changes
- Deleting data, resetting history, or destructive shell commands
- Legal, medical, financial, HR, or compliance-sensitive decisions
- Permission dialogs and account-security prompts
How to write approval rules
Use plain language. A good rule says what Rocky may do, what Rocky may draft, and where Rocky must stop.
Rocky may draft customer replies from approved templates, but a human must review and send them.Verification checklist
- Risk categories are documented.
- Users know what is automatic and what is draft-only.
- Approval requests include enough context to decide.
- Denied actions are logged and not retried silently.
