What is Human-in-the-Loop?
Human-in-the-loop (HITL) is a control pattern in which designated high-risk agent actions — destructive tool calls, production changes, irreversible operations — pause and wait for explicit human approval before executing. In MCP deployments, the checkpoint sits at the tool-call layer: the call is held, a person approves or rejects it, and only then does it proceed.
WHY IT MATTERS
Agents are probabilistic; some actions are too consequential to leave to probability. HITL inserts a person at exactly those points — deleting data, merging to production, sending money, contacting customers — while letting routine calls flow unattended. The judgement call is scoping: gate too much and approvals become reflexive click-through; gate too little and the checkpoint misses the calls that mattered.
HITL works best downstream of deterministic policy, not instead of it. A policy engine evaluates every tool call and produces one of three outcomes: allow (low risk, proceed), deny (forbidden, never reaches a human), or escalate (consequential enough to require approval). Policy decides when a human enters the loop, so people review only the genuinely ambiguous middle band — which keeps approval volumes low enough that each one gets real attention.
Placement matters too. Client-side prompts (an IDE asking "allow this?") depend on each developer's local settings and vanish in headless or CI runs. Enforcing approval at a gateway, via tool-call approval, makes the checkpoint apply uniformly across every client and survives configurations that individual users control. Each approval and rejection should also land in the audit trail, recording who authorised what.
HOW POLICYLAYER USES THIS
In PolicyLayer, HITL is a policy outcome: rules evaluate every tools/call crossing the gateway and can allow, deny, or hold a call for human approval. Because the checkpoint lives in the gateway rather than in any one client, the same approval requirement applies whether the call comes from Claude Code, Cursor, or an unattended agent, and every decision is attributed to the approver in the audit trail.