HITL Integration

This document explains how Human-in-the-Loop (HITL) gates integrate with the Agent Persistence frame

HITL Gate Integration for Agent Persistence Framework

This document explains how Human-in-the-Loop (HITL) gates integrate with the Agent Persistence framework to enable human oversight of agent recovery processes.

Overview

The Agent Persistence framework uses three specialized HITL gates to manage human intervention points:

Gate IDPurposeTrigger
`GATE-AP-RECOVERY`Recovery escalation after max attemptsRecovery attempts >= 3
`GATE-AP-FALSE-POSITIVE`Override incorrect detectionsUser reports false positive
`GATE-AP-DESTRUCTIVE`Approve/reject destructive actionsPre-action approval

Architecture

┌─────────────────────────────────────────────────────────────┐
│ Agent Task Execution                                        │
└─────────────────┬───────────────────────────────────────────┘
                  │
                  ↓
┌─────────────────────────────────────────────────────────────┐
│ Laziness Detection Agent                                    │
│ • Monitors file writes                                      │
│ • Detects avoidance patterns                                │
│ • Signals Recovery Orchestrator                             │
└─────────────────┬───────────────────────────────────────────┘
                  │
                  ↓ (avoidance detected)
┌─────────────────────────────────────────────────────────────┐
│ Recovery Orchestrator                                       │
│ • PAUSE → DIAGNOSE → ADAPT → RETRY → ESCALATE              │
│ • Max 3 recovery attempts                                   │
│ • Coordinates with agents                                   │
└─────────────────┬───────────────────────────────────────────┘
                  │
                  ↓ (max attempts or CRITICAL)
┌─────────────────────────────────────────────────────────────┐
│ HITL Gate: GATE-AP-RECOVERY                                 │
│ • Display full recovery context                             │
│ • Present options to human                                  │
│ • Block until decision made                                 │
└─────────────────┬───────────────────────────────────────────┘
                  │
                  ├─ Approve ─→ Resume with guidance
                  ├─ Reject ──→ Halt, assign to human
                  ├─ Retry ───→ Reset counter, retry
                  └─ Abort ───→ Terminate task

Gate Definitions

GATE-AP-RECOVERY: Recovery Escalation

Location: `@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/recovery-escalation-gate.yaml`

Purpose: Request human intervention after agent exhausts 3 recovery attempts.

Trigger Conditions:

  • `recovery_attempts >= 3` (max attempts reached)
  • `confidence < 0.5` (diagnosis uncertain)
  • `severity === "CRITICAL"` (critical security violation)
  • `infinite_loop_detected === true` (agent repeating same fix)
  • `non_deterministic_failure === true` (flaky test detected)

Human Options: 1. Approve - Override and let agent continue with human guidance 2. Reject - Require manual fix from human developer 3. Retry - Reset recovery counter for 3 more attempts 4. View - Show detailed recovery attempt logs 5. Delegate - Assign to different specialized agent 6. Abort - Stop task entirely and clean up

Display Format:

╭─────────────────────────────────────────────────────────────╮
│ HUMAN INTERVENTION REQUIRED                                 │
│ Recovery Escalation Gate: GATE-AP-RECOVERY                  │
├─────────────────────────────────────────────────────────────┤
│ Context:                                                    │
│   • Task: Implement JWT authentication                      │
│   • Pattern: hardcoded_test_bypass (CRITICAL)               │
│   • Recovery Attempts: 3 / 3                                │
│   • Agent: Software Implementer                             │
│                                                              │
│ Detection Details:                                          │
│   • File(s): src/auth/login.ts                              │
│   • Original Error: jwt.verify() throws 'invalid signature' │
│   • Detection Time: 2026-02-03T10:30:00Z                    │
│                                                              │
│ Recovery History:                                           │
│   Iteration 1: Removed bypass, added NODE_ENV check         │
│   Iteration 2: Removed NODE_ENV, added JWT_SECRET check     │
│   Iteration 3: Fixed token format, hit algorithm error      │
│                                                              │
│ Current State:                                              │
│   • Tests: Failing - "invalid algorithm"                    │
│   • Coverage: 85% (maintained)                              │
│   • Confidence: 0.50 (low)                                  │
├─────────────────────────────────────────────────────────────┤
│ Options:                                                    │
│   [a] Approve - Override and allow agent to continue        │
│   [r] Reject - Require manual fix from human                │
│   [t] Retry - Reset counter, give agent another chance      │
│   [v] View - Show detailed recovery attempt logs            │
│   [d] Delegate - Assign to different agent                  │
│   [q] Abort - Stop task entirely                            │
╰─────────────────────────────────────────────────────────────╯

View recovery details at: .aiwg/persistence/recoveries/RS-003-recovery.yaml

GATE-AP-FALSE-POSITIVE: False Positive Override

Location: `@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/false-positive-override-gate.yaml`

Purpose: Allow users to override incorrect laziness detections.

Trigger Conditions:

  • `false_positive_reported === true` (user claims false positive)
  • `detection_confidence < 0.7` (low confidence may indicate error)

Human Options: 1. Legitimate - Allow change, mark as false positive 2. Violation - Confirm detection, block change 3. Needs Review - Request more context from user 4. Diff - Show detailed diff of changes 5. History - Show pattern history for this file 6. Whitelist - Allow pattern for this file/context

Whitelist Management:

  • File-specific: `.aiwg/patterns/whitelists/{file}.yaml`
  • Global: `.aiwg/patterns/whitelist-global.yaml`
  • Expire after 90 days (re-review)
  • Require justification for all whitelisting

Pattern Learning: When false positives are confirmed: 1. Update pattern catalog to improve detection 2. Store example in `.aiwg/patterns/examples/legitimate/` 3. Adjust detection confidence scores 4. Notify framework maintainer if >10% false positive rate


GATE-AP-DESTRUCTIVE: Destructive Action Approval

Location: `@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/destructive-action-gate.yaml`

Purpose: Require explicit approval before destructive actions like test deletion or feature removal.

Trigger Conditions:

  • `tests_removed > 0`
  • `coverage_delta < -2.0` (>2% coverage regression)
  • `features_removed > 0`
  • `assertions_weakened > 2`
  • `skip_patterns_added > 0`

Auto-Approve Conditions:

# Legitimate test refactoring
action_type === "test_deletion" AND
  replacement_tests >= deleted_tests AND
  coverage_maintained === true

# Intentional scope reduction
action_type === "feature_removal" AND
  documented_in_requirements === true AND
  approved_by_pm === true

Human Options: 1. Approve - This action is intentional and justified 2. Reject - Agent must find non-destructive alternative 3. View - Show detailed changes 4. Diff - Compare before/after 5. Suggest - Propose alternative solution 6. Abort - Stop task entirely

Alternative Suggestions:

When rejecting, provide alternatives:

Destructive ActionAlternative
Test deletionFix failing tests instead of deleting
Test skipMock dependencies, fix timing issues
Feature removalUse feature flag, mark deprecated first
Assertion weakeningFix implementation to meet assertion
Coverage regressionAdd tests to maintain coverage

Integration with Recovery Orchestrator

The Recovery Orchestrator agent coordinates with HITL gates through the gate integration module:

Module Location

@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/index.mjs

Key Functions

import { GATES, shouldTriggerGate, formatGateDisplay, logGateDecision } from '@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/index.mjs';

// Check if gate should trigger
const shouldEscalate = shouldTriggerGate(GATES.RECOVERY_ESCALATION, {
  recovery_attempts: 3,
  confidence: 0.45,
  severity: 'HIGH'
});
// Returns: true (max attempts reached AND low confidence)

// Format gate display for human
const display = formatGateDisplay(GATES.RECOVERY_ESCALATION, {
  task_description: 'Implement JWT authentication',
  pattern_type: 'hardcoded_test_bypass',
  severity: 'CRITICAL',
  recovery_attempts: 3,
  // ... full context
});
// Returns: Formatted display string with box drawing

// Log human decision
const auditRecord = logGateDecision(GATES.RECOVERY_ESCALATION, 'reject', {
  user: '[email protected]',
  reason: 'JWT configuration requires expert debugging',
  timestamp: new Date().toISOString()
});
// Returns: Audit record for .aiwg/gates/decisions.log

Trigger Evaluation Logic

Recovery Escalation:

function evaluateRecoveryEscalation(context) {
  const {
    recovery_attempts = 0,
    confidence = 1.0,
    severity = 'LOW',
    infinite_loop_detected = false,
    non_deterministic_failure = false
  } = context;

  // Max attempts
  if (recovery_attempts >= 3) return true;

  // Low confidence
  if (confidence < 0.5) return true;

  // Critical severity
  if (severity === 'CRITICAL') return true;

  // Infinite loop
  if (infinite_loop_detected) return true;

  // Non-deterministic failure
  if (non_deterministic_failure) return true;

  return false;
}

Destructive Action:

function evaluateDestructiveAction(context) {
  const {
    action_type,
    tests_removed = 0,
    coverage_delta = 0,
    replacement_tests = 0,
    coverage_maintained = false
  } = context;

  // Check auto-approve first
  if (action_type === 'test_deletion') {
    if (replacement_tests >= tests_removed && coverage_maintained) {
      return false; // Legitimate refactoring
    }
  }

  // Tests removed without replacement
  if (tests_removed > 0) return true;

  // Coverage regression
  if (coverage_delta < -2.0) return true;

  return false;
}

Audit Trail

All gate decisions are logged for compliance and learning:

Audit Record Format

gate_decision:
  gate_id: "GATE-AP-RECOVERY"
  gate_name: "Recovery Escalation Gate"
  decision: "reject"  # approve | reject | retry | abort | etc
  timestamp: "2026-02-03T10:45:00Z"
  user: "[email protected]"
  context:
    task_description: "Implement JWT authentication"
    pattern_type: "hardcoded_test_bypass"
    severity: "CRITICAL"
    recovery_attempts: 3
    agent_confidence: 0.45
  human_feedback: "JWT configuration requires expert debugging"
  time_spent_seconds: 180

Audit Log Location

.aiwg/gates/decisions.log

Retention

Gate TypeRetention PeriodRationale
Recovery Escalation90 daysPattern learning
False Positive365 daysDetection improvement
Destructive Action365 daysSecurity compliance

Metrics Tracking

Gates track cost-benefit metrics per REF-057 Agent Laboratory:

Cost Savings Model

MetricFully AutonomousWith HITLSavings
Cost multiplier6.0x1.0x84%
Error rate35%5%86%
Revision cycles4.20.8380%

Gate-Specific Metrics

Recovery Escalation:

  • `escalation_rate`: Percentage of tasks requiring escalation
  • `recovery_success_rate`: Percentage resolved without human
  • `average_attempts_before_escalation`: Typically 3.0
  • `time_to_human_decision`: Average response time

False Positive:

  • `false_positive_rate`: Should be <10%
  • `detection_precision`: Correct detections / total detections
  • `whitelist_growth_rate`: Monitor for over-whitelisting

Destructive Action:

  • `destructive_action_rate`: Percentage of tasks requesting destructive actions
  • `approval_rate`: Percentage of requests approved
  • `alternative_found_rate`: Percentage where alternative was successful

Security Requirements

Gate Bypass Prevention

CRITICAL: Gates cannot be bypassed by agents or automation.

Enforcement: 1. Gates operate in TERMINATE mode (block execution) 2. Timeout actions are `block` or `escalate`, never `proceed` 3. Auto-approve conditions must be explicit and justified 4. All gate bypasses logged and audited 5. Human signature required for high-risk gates

Access Control

GateMinimum RoleSignature Required
Recovery EscalationDeveloperNo
False PositiveDeveloperYes
Destructive ActionTech LeadYes (CRITICAL actions)

Integration Examples

Example 1: Recovery Orchestrator Invoking Gate

// In Recovery Orchestrator ESCALATE stage
import { GATES, shouldTriggerGate, formatGateDisplay } from '@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/index.mjs';

async function escalateToHuman(recoveryContext) {
  // Check if escalation gate should trigger
  const shouldEscalate = shouldTriggerGate(
    GATES.RECOVERY_ESCALATION,
    recoveryContext
  );

  if (!shouldEscalate) {
    console.log('Escalation not needed, continuing recovery');
    return { action: 'continue' };
  }

  // Format gate display
  const display = formatGateDisplay(
    GATES.RECOVERY_ESCALATION,
    recoveryContext
  );

  // Present to human (CLI, issue comment, etc)
  console.log(display);

  // Wait for human decision
  const decision = await waitForHumanInput([
    'approve', 'reject', 'retry', 'view', 'delegate', 'abort'
  ]);

  // Log decision
  logGateDecision(GATES.RECOVERY_ESCALATION, decision, {
    user: getCurrentUser(),
    ...recoveryContext
  });

  // Return action
  return { action: decision };
}

Example 2: Pre-Action Destructive Gate

// Before allowing destructive file operation
import { GATES, shouldTriggerGate } from '@$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/index.mjs';

async function beforeFileWrite(file, changes) {
  const context = analyzeChanges(changes);

  // Check if destructive action gate should trigger
  const requiresApproval = shouldTriggerGate(
    GATES.DESTRUCTIVE_ACTION,
    context
  );

  if (!requiresApproval) {
    // Auto-approved (e.g., legitimate test refactoring)
    return { allowed: true };
  }

  // Display gate and get human decision
  const decision = await showDestructiveActionGate(context);

  if (decision === 'approve') {
    return { allowed: true, logged: true };
  } else if (decision === 'reject') {
    return {
      allowed: false,
      alternatives: suggestAlternatives(context.action_type)
    };
  }
}

References

Requirements

  • `@.aiwg/requirements/use-cases/UC-AP-004-enforce-recovery-protocol.md`
  • `@.aiwg/requirements/use-cases/UC-AP-001-detect-test-deletion.md`

Architecture

  • `@.aiwg/architecture/agent-persistence-sad.md`
  • `@.aiwg/architecture/decisions/ADR-AP-002-rule-enforcement-strategy.md`

Rules

  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/hitl-gates.md - HITL gate configuration rules
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/hitl-patterns.md - HITL workflow patterns
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/human-gate-display.md - Gate display format
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/anti-laziness.md - Anti-laziness enforcement

Agents

  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/agents/recovery-orchestrator.md - Recovery coordination
  • @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/agents/laziness-detector.md - Pattern detection

Gates

  • @$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/recovery-escalation-gate.yaml
  • @$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/false-positive-override-gate.yaml
  • @$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/destructive-action-gate.yaml
  • @$AIWG_ROOT/agentic/code/addons/agent-persistence/gates/index.mjs - Integration module

Research

  • `@.aiwg/research/findings/REF-057-agent-laboratory.md` - HITL effectiveness (84% cost reduction)
  • `@.aiwg/research/findings/agentic-laziness-research.md` - Laziness pattern research

Issues

  • #262 - HITL Gate Integration
  • #96 - HITL Gates Implementation
  • #264 - Anti-Laziness Rules

Document Status: Complete Last Updated: 2026-02-03 Issue: #262