diom.dev

How I design human-in-the-loop AI systems

Audio version

2:57

Listen while you read

The biggest mistake in AI product design is treating autonomy as the goal. For many useful workflows, the goal is controlled delegation: let the system do the repeatable work, but stop when judgment, money, permissions, or external side effects are involved.

That is human-in-the-loop design.

I used this pattern heavily in Flare Control, where an agent can pause mid-run, wait for approval, then resume safely.

Approval is not a UI feature

A button in a dashboard is not enough. Approval has to be part of the execution model.

The system needs to know:

  • what action is waiting
  • who can approve it
  • what context they need
  • what happens if they reject it
  • whether the run can resume after a restart

If those details live only in the frontend, the workflow is fragile.

Put policy before tools

Before giving an agent tools, define what the agent is allowed to do. Policies should cover domains, spend limits, tool access, approval thresholds, and audit requirements.

This keeps the agent from becoming a privileged script runner with a friendly chat interface.

Persist the waiting state

Long waits should not depend on a Node process, browser session, or polling loop. Use durable workflow state when the system must survive deploys, restarts, and long approval delays.

In Flare Control, approvals are modeled as durable waits so the run can resume from a known point.

Design the review surface

The human reviewer needs more than “approve” and “reject”. They need the reason, input, proposed action, expected side effect, and a way to inspect the run so far.

Good approval UX reduces rubber-stamping. Bad approval UX trains people to click through warnings.

A simple checklist

Before shipping an AI workflow with side effects, ask:

  • What is the source of truth?
  • What is allowed without approval?
  • What always needs approval?
  • What is logged?
  • What can be replayed?
  • What happens when a model response is wrong?
  • What happens when a human never responds?

If you are building an agent workflow that needs these constraints, contact me.

  • Edge Form

    A self-hostable Cloudflare Workers contact form backend with D1 persistence, spam checks, delivery adapters, and CSV export.

  • Flare Control

    A Cloudflare-native platform for orchestrating AI agents with human-in-the-loop controls.

  • Gorgi - Site Widget Assistant

    A one-line-to-embed AI support widget that answers from a website's own content.

Need help with something like this?

Send the product goal, timeline, and current blockers. I’ll help you find the smallest useful next step.

Start a conversation

All posts