Rocky guarding a secure approval and secrets vault
Rocky keeps sensitive actions behind clear human approval gates.

The Human-in-the-Loop Approval Model

A useful AI operator should not treat every action the same. Reading a public web page is low risk. Sending a customer message, deleting files, buying something, changing DNS, or posting publicly is not.

Approval categories

Usually safe to automate

  • Reading public documentation
  • Searching local project files
  • Summarizing provided text
  • Drafting internal notes
  • Running non-destructive checks
  • Producing a proposed plan

Usually requires review

  • Sending email, texts, or social posts
  • Editing public website copy
  • Changing configuration used by production systems
  • Creating scheduled jobs
  • Acting on customer records
  • Using browser UI where the result is not easy to reverse

Always requires explicit approval

  • Payments, bookings, purchases, refunds, or financial transfers
  • Passwords, API keys, OAuth tokens, or credential changes
  • Deleting data, resetting history, or destructive shell commands
  • Legal, medical, financial, HR, or compliance-sensitive decisions
  • Permission dialogs and account-security prompts

How to write approval rules

Use plain language. A good rule says what Rocky may do, what Rocky may draft, and where Rocky must stop.

Rocky may draft customer replies from approved templates, but a human must review and send them.

Verification checklist

  • Risk categories are documented.
  • Users know what is automatic and what is draft-only.
  • Approval requests include enough context to decide.
  • Denied actions are logged and not retried silently.