Goran Štimac
Menu

Blog post

Human-in-the-loop systems are architecture, not a checkbox

Human-in-the-loop AI works only when the review point is designed into the workflow state, risk model, audit trail, and recovery path.

Most teams add human review too late.

They build the automation first, notice that it can do something risky, and then add an approval button near the end. That can work for a demo. It usually falls apart in a real workflow because the hard part is not the button. The hard part is deciding what the machine is allowed to do before the human sees it, what state the human is reviewing, and what happens after the human says yes, no, or “change this first”.

Human-in-the-loop systems are not a UI feature. They are workflow architecture.

IBM defines human-in-the-loop as a process where a person actively participates in the operation, supervision, or decision-making of an automated or AI-driven system. That definition is useful because it does not reduce the human to a rubber stamp. The person is part of the system boundary.

That is the part many AI automation projects miss.

The wrong version: approval after the damage

A weak human-in-the-loop design looks like this:

  1. The AI agent gathers data.
  2. It reasons over the data.
  3. It writes to a CRM, sends an email, updates a ticket, or triggers an API call.
  4. A human gets a notification that something happened.

That is not oversight. That is a receipt.

If the action was wrong, the person now has cleanup work. They need to undo the record, explain the mistake, restore trust, and figure out whether the same failure happened elsewhere. The workflow may technically have a human in it, but the human is downstream from the side effect.

A better design moves the human before the irreversible or expensive action.

The system can still do useful work before that point. It can collect context, classify the request, draft the response, estimate risk, propose the next action, and show its evidence. But it should stop before it crosses a boundary that would be painful to reverse.

Review the state, not just the output

A human reviewer needs more than a generated answer.

They need to see the state of the workflow. What did the system read? Which records did it match? Which tool does it want to call? What confidence signals does it have? What changed since the previous step? What will happen if the reviewer approves?

This matters even more with agents because the output is only the visible part of the process. The risky part is often hidden in tool selection, retrieved context, implicit assumptions, or a bad data match.

A useful review screen should answer a few practical questions:

  1. What is the proposed action?
  2. Why is the system proposing it?
  3. Which data did it use?
  4. What will change if I approve?
  5. Can I edit the decision before continuing?
  6. Can the workflow resume cleanly after my edit?

If the reviewer cannot answer those questions quickly, the system is asking for trust it has not earned.

Good human-in-the-loop design has stop points

The best review points are explicit boundaries in the workflow.

This is why frameworks such as LangGraph are interesting for production AI work. LangGraph has durable execution and interrupt support. In practice, that means a workflow can pause, persist its state, wait for external input, and then continue instead of starting over.

That shape fits real business processes. A customer support workflow may pause before sending a sensitive reply. A finance workflow may pause before creating an invoice adjustment. A data workflow may pause when a record match is ambiguous. A content workflow may pause before publishing or notifying a client.

The pattern is simple:

  1. Prepare the work.
  2. Stop at a risk boundary.
  3. Show the human the proposed action and evidence.
  4. Accept approval, rejection, or edits.
  5. Resume from the same state.
  6. Record what happened.

The important word is “resume”. If the workflow cannot resume cleanly, the approval step becomes a manual handoff disguised as automation.

Side effects need discipline

Human review is much easier when side effects are isolated.

A side effect is anything that changes the outside world: sending an email, writing to a database, opening a ticket, charging a card, publishing a page, or calling an API that changes a remote system.

A production workflow should treat these actions carefully:

  1. Read and prepare before approval.
  2. Mutate after approval.
  3. Make repeated actions idempotent where possible.
  4. Store enough state to recover after a crash.
  5. Keep an audit trail of who approved what and when.

This is not bureaucracy. It is how you stop automation from becoming a pile of untraceable side effects.

LangGraph’s durable execution documentation points in the same direction: long-running workflows need persistence because pauses, retries, and failures are normal. Once you accept that, human review becomes a natural part of the runtime instead of a separate manual process.

Not every step needs a human

Human-in-the-loop does not mean putting people in front of every action.

That would be slow, annoying, and eventually ignored. The better approach is risk-based routing.

Low-risk actions can run automatically. Medium-risk actions can ask for review when confidence is low or data is missing. High-risk actions should always stop for approval. Some actions should be blocked entirely unless a person starts them.

A simple policy might look like this:

  1. Auto-run: enrichment, classification, summarization, duplicate detection.
  2. Review when uncertain: customer replies, record merges, price changes, unusual refunds.
  3. Always approve: legal language, financial changes, account deletion, public publishing.
  4. Never automate fully: decisions that require accountability the organization is not willing to delegate.

The exact boundaries depend on the business. The principle does not: autonomy should increase only where reversibility, confidence, and accountability are strong enough.

The reviewer needs authority

There is another trap: teams add human review but do not let the human meaningfully change the outcome.

A reviewer who can only approve or reject is sometimes enough. But many workflows need a third option: edit and continue.

That might mean changing the generated email, selecting a different customer record, adjusting the category, adding missing context, or choosing a different tool path. The workflow should treat that edit as part of the state, not as a comment pasted into a side channel.

This is where human review becomes genuinely useful. The human does not just stop bad output. They improve the process while it is running.

What to log

A human-in-the-loop system should leave a trail.

At minimum, log:

  1. The proposed action.
  2. The evidence shown to the reviewer.
  3. The model or automation step that produced it.
  4. The reviewer decision.
  5. Any human edits.
  6. The final action taken.
  7. The timestamp and actor.

This makes debugging possible. It also makes the system easier to improve because you can see where humans keep correcting the machine. Those correction patterns are often the best product feedback you will get.

If reviewers constantly change the same field, your prompt, retrieval, mapping, or business rule is probably wrong. If reviewers approve everything without reading, your review step is in the wrong place or the UI is not showing risk clearly.

The practical architecture

A dependable human-in-the-loop workflow usually has these parts:

  1. A state store for the current workflow data.
  2. A queue or task list for pending reviews.
  3. A policy layer that decides when to stop.
  4. A review UI that shows action, evidence, and consequences.
  5. A resume mechanism that continues from the saved state.
  6. An audit log for approvals, edits, and final actions.
  7. Observability for failures, retries, and correction patterns.

You can build this with many stacks. LangGraph is a good fit for stateful AI workflows. n8n, Make, Pipedream, Retool, Airtable, Slack, and custom apps can also play parts depending on the environment. The tool matters less than the boundary discipline.

The mistake is thinking the approval screen is the system. It is not. It is only the visible part of a stateful workflow.

A simple rule

Put the human before the expensive mistake.

That one rule catches most design failures. If the workflow can act first and ask later, you do not have meaningful oversight. If the reviewer cannot see the evidence, you do not have meaningful judgment. If the system cannot resume after review, you do not have workflow automation. You have a handoff.

Human-in-the-loop systems work when the human is part of the architecture: state, policy, approval, recovery, and audit trail.

Everything else is just an approval button.

References: IBM: What is human in the loop?, LangGraph interrupts, LangGraph persistence and durable execution, NIST AI Risk Management Framework.

Relevant services

Related consulting areas

These service pages are matched from the subject matter of this article, creating a cleaner path from educational content to implementation work.

Service
Workflow Automation Workflow automation with clear rules, approvals, and visibility.
Service
Data & AI Workflows Data and AI workflows that turn information into useful action.
Service
Ongoing Consulting Senior guidance for important technical decisions and ongoing delivery support.

Continue reading

Related articles

Based on shared categories first, then the strongest overlap in tags.