Human-in-the-loop (HITL) trong AI agent: khi nào cần và cách thiết kế?

HITL = agent dừng lại hỏi/xin approval của human trước khi tiếp tục, thay vì chạy fully autonomous. Cần thiết để giảm rủi ro và giữ control.

Khi BẮT BUỘC có HITL:

1. Destructive action — delete, drop table, git push --force, send email tới khách hàng, charge credit card, cancel subscription, send message to production slack.
2. Irreversible action — merge PR, deploy production, transfer fund.
3. High-cost operation — task tốn > $X (rate limit quota, book flight, gửi API call tính phí cao).
4. Low confidence — agent không chắc (self-evaluate thấp, retrieval không ra relevant doc, câu hỏi ambiguous).
5. Ngoài scope — request vượt quyền hạn agent (medical/legal advice, content chính trị nhạy cảm).
6. Compliance / regulated — domain healthcare/finance/legal — yêu cầu audit trail + human sign-off.

Pattern thiết kế HITL:

1. Approval before action (phổ biến nhất)
- Agent propose action → frontend render confirmation UI → human click approve/reject/edit.
- Ví dụ Claude Code: "Tôi định chạy rm -rf node_modules, ok?".
- LangGraph có primitive interrupt() tự động pause graph, resume khi có input.

2. Edit-in-place
- Agent sinh draft → human edit trực tiếp → agent tiếp tục với version đã edit. Phù hợp writing, code gen.

3. Multi-choice
- Agent đưa 2-3 option → human chọn. Tốt khi agent không đủ info để quyết.

4. Async review
- Agent chạy hoàn toàn, log mọi action → human review sau (hậu kiểm). Phù hợp khi latency HITL không chịu được, rủi ro thấp.
- Ví dụ: moderation agent flag content → human reviewer duyệt backlog.

5. Escalation / Handoff
- Agent phát hiện không xử lý được → transfer toàn bộ conversation cho human agent (customer support).

6. Periodic checkpoint
- Với long-running task (research 1h, code migration): pause sau mỗi N step hoặc checkpoint logical → human verify progress trước khi tiếp.

Implementation tips:

• State persistence — khi pause cần lưu full state (conversation, agent scratchpad, pending action) để resume. Dùng DB (Postgres, Redis) hoặc LangGraph checkpointer.
• Timeout — nếu human không respond trong X phút → fallback (cancel, defer, notify).
• Context for approver — hiển thị đủ info để quyết: what action, why agent chose it, expected outcome, risk. Đừng bắt human duyệt blind.
• Batch approval — cho các action đồng loại (approve all file edits), giảm fatigue.
• Progressive autonomy — khởi đầu strict HITL; sau khi trust qua metrics → relax dần (ví dụ auto-approve nếu confidence > 0.9).
• Audit log — ghi lại mọi approval decision (who, when, what) cho compliance.

Framework: LangGraph có built-in interrupt_before, interrupt_after, human node; CrewAI có human_input=True trên task; OpenAI Assistants có required_action event.

HITL = the agent pauses and asks for human approval instead of running fully autonomously. Essential for reducing risk and keeping control.

When HITL is REQUIRED:

1. Destructive actions — delete, drop table, git push --force, send customer email, charge credit card, cancel subscription, post to production Slack.
2. Irreversible actions — merge PR, deploy to production, transfer funds.
3. High-cost operations — tasks > $X (rate quotas, book a flight, expensive API calls).
4. Low confidence — agent is uncertain (low self-eval, no relevant retrieval, ambiguous query).
5. Out of scope — requests exceeding agent authority (medical/legal advice, sensitive political content).
6. Compliance / regulated — healthcare/finance/legal — requires audit trail + human sign-off.

HITL design patterns:

1. Approval before action (most common)
- Agent proposes action → frontend renders a confirmation UI → human approves/rejects/edits.
- E.g. Claude Code: "I'm about to run rm -rf node_modules, ok?".
- LangGraph has interrupt() that auto-pauses the graph and resumes on input.

2. Edit-in-place
- Agent generates a draft → human edits directly → agent continues with the edited version. Suits writing and code generation.

3. Multi-choice
- Agent offers 2–3 options → human picks. Good when the agent lacks info to decide.

4. Async review
- Agent runs fully, logs every action → human reviews later (post-hoc). Useful when HITL latency is untenable and risk is low.
- E.g. moderation agent flags content → human reviewer clears the backlog.

5. Escalation / Handoff
- Agent detects inability to handle → transfers the whole conversation to a human (customer support).

6. Periodic checkpoint
- For long tasks (1-hour research, code migration): pause every N steps or at logical checkpoints → human verifies progress before continuing.

Implementation tips:

• State persistence — pausing requires saving full state (conversation, agent scratchpad, pending action) to resume. Use DB (Postgres, Redis) or LangGraph checkpointers.
• Timeout — if the human doesn't respond within X minutes → fallback (cancel, defer, notify).
• Context for approver — show enough info to decide: what action, why the agent chose it, expected outcome, risk. Don't make humans approve blind.
• Batch approval — group same-kind actions (approve all file edits) to reduce fatigue.
• Progressive autonomy — start strict HITL; once metrics build trust → relax (e.g. auto-approve at confidence > 0.9).
• Audit logs — record every approval decision (who, when, what) for compliance.

Frameworks: LangGraph ships interrupt_before, interrupt_after, and human nodes; CrewAI has human_input=True on tasks; OpenAI Assistants has required_action events.