AI Labs
All examples
VercelOpenAI

Human-in-the-Loop Approval Gates

Agent proposes CRM writes and refunds; supervisors approve or reject before anything executes.

AgentsGovernanceHuman escalation

Target outcomes

  • 100% write actions gated in pilot
  • Supervisor median decision time under SLA

Initiative playbook

Typical delivery arc for this pattern in enterprise programs.

  1. 1
    Discovery2 to 4 wks

    List action types that may never auto-execute; map approver roles in Entra ID or Okta.

  2. 2
    Pilot6 to 8 wks

    Queue 100% of writes for two weeks; measure decision latency and override reasons.

  3. 3
    Scaleongoing

    Persist approvals in SoR; wire Salesforce/ServiceNow only after approved status.

Business use case

Problem

Teams want copilot productivity but cannot grant autonomous writes to billing, CRM, or email on day one.

Who benefits

  • Support leadership, refunds and case updates only after supervisor sign-off
  • Risk & compliance, audit trail of proposed vs executed actions
  • Platform engineering, reusable approval contract across tools

Success metrics

  • 100% of high-risk action types routed to approval in pilot
  • Median supervisor decision time under agreed SLA (e.g. 15 minutes)
  • Zero production writes without approved status in logs

Solution

Model proposes action type, risk, and payload; pending items land in a supervisor queue. Approve or reject before any downstream integration would fire, in production, that gate sits in front of Salesforce, ServiceNow, or internal APIs.

Technical implementation

Stack

  • AI SDK generateObject for structured proposals
  • In-memory approval queue (demo); swap for Postgres + Entra roles in production

Architecture

How it runs
Drawing the flow…

Outcomes and learnings

  • Separate proposal from execution, easier to test and audit
  • Encode risky action types in schema enums, not prompt hope
  • Pair with streaming agent example for full copilot + queue story

Where else this applies

Approval gates are how you earn write access later, refunds, CRM updates, ticket closes, and outbound email should never fire on model confidence alone.

Billing credits

Agent proposes credit amount; finance supervisor approves before ERP adjustment.

CRM case updates

Status changes and priority bumps queue until team lead confirms customer context.

Marketing sends

Draft campaigns require brand/legal approval before ESP dispatch.

IT access grants

Privileged role requests route to identity team with ticket linkage.

Using this stack elsewhere

On Vercel, keep proposal and execution in separate routes; persist queue state in your database and enforce Entra/Okta roles on approve endpoints.

Live demo

The demo is the same code path described above, not a simplified mock UI. Add keys in .env.local when you are ready; the narrative and diagrams stand on their own without them.

Business

Describe a charged situation, see what the agent wants to do, then approve or reject before any write would run.

Technical

generateObject proposes action; pending rows at /api/demos/vercel-hitl with decide POST.

Human approval gate

Agent proposes a risky action; supervisor approves or rejects before any write would run.

Live