Human-in-the-Loop in Go

The Problem

Fully autonomous agents can cause irreversible harm: sending an email to the wrong person, deleting a file, making a purchase, posting to social media. These actions require a moment of human judgment before execution, but the agent’s code shouldn’t be littered with ad-hoc confirmation prompts scattered throughout business logic.

The Solution

A HumanGate interface isolates the approval concern. The agent calls gate.RequestApproval(ctx, action) before any irreversible operation and blocks until the human responds. Two implementations cover the main use cases: TerminalGate reads from stdin for CLI tools, and ChannelGate sends requests on a Go channel — ideal for web UIs, tests, and any async approval flow. The agent’s business logic stays clean; the gate is the single seam for all human intervention.

Structure

Human-in-the-Loop Pattern

Step 1 of 4

Agent Pauses at the Gate

Before executing any irreversible action, the agent calls gate.RequestApproval(). The call blocks — the agent's goroutine is suspended until the human responds. Context cancellation propagates timeout.

sequenceDiagram
participant Agent
participant Gate as HumanGate
participant Human
participant Tool

Agent->>Gate: RequestApproval(action)
Gate->>Human: Display action details
Human-->>Gate: approved=true, feedback
Gate-->>Agent: approved, feedback
Agent->>Tool: Execute(action)
Tool-->>Agent: result

Implementation

package main

import "context"

// Action describes a potentially irreversible agent action awaiting approval.
type Action struct {
	Name        string
	Description string
	Args        map[string]any
}

// ApprovalRequest is sent to a human gate for review.
type ApprovalRequest struct {
	Action   Action
	Response chan ApprovalResponse
}

// ApprovalResponse carries the human's decision back to the agent.
type ApprovalResponse struct {
	Approved bool
	Feedback string
}

// HumanGate pauses execution and asks a human to approve or reject an action.
type HumanGate interface {
	RequestApproval(ctx context.Context, action Action) (approved bool, feedback string, err error)
}

package main

import (
	"bufio"
	"context"
	"fmt"
	"os"
	"strings"
)

// TerminalGate prompts a human via stdin and waits for a yes/no decision.
type TerminalGate struct{}

func (g *TerminalGate) RequestApproval(_ context.Context, action Action) (bool, string, error) {
	fmt.Printf("\n[APPROVAL REQUIRED]\nAction: %s\nDescription: %s\nArgs: %v\nApprove? (yes/no): ",
		action.Name, action.Description, action.Args)

	scanner := bufio.NewScanner(os.Stdin)
	if !scanner.Scan() {
		return false, "", fmt.Errorf("no input received")
	}
	line := strings.TrimSpace(strings.ToLower(scanner.Text()))

	var feedback string
	fmt.Print("Feedback (optional): ")
	if scanner.Scan() {
		feedback = strings.TrimSpace(scanner.Text())
	}

	return line == "yes" || line == "y", feedback, nil
}

// ChannelGate sends approval requests on a channel — useful in tests and APIs.
type ChannelGate struct {
	requests chan<- ApprovalRequest
}

func NewChannelGate(requests chan<- ApprovalRequest) *ChannelGate {
	return &ChannelGate{requests: requests}
}

func (g *ChannelGate) RequestApproval(ctx context.Context, action Action) (bool, string, error) {
	resp := make(chan ApprovalResponse, 1)
	req := ApprovalRequest{Action: action, Response: resp}

	select {
	case g.requests <- req:
	case <-ctx.Done():
		return false, "", ctx.Err()
	}

	select {
	case r := <-resp:
		return r.Approved, r.Feedback, nil
	case <-ctx.Done():
		return false, "", ctx.Err()
	}
}

// guardedAgent wraps any action execution behind a HumanGate.
type guardedAgent struct {
	gate HumanGate
}

func (a *guardedAgent) executeWithApproval(ctx context.Context, action Action, fn func() (string, error)) (string, error) {
	approved, feedback, err := a.gate.RequestApproval(ctx, action)
	if err != nil {
		return "", fmt.Errorf("gate error: %w", err)
	}
	if !approved {
		return "", fmt.Errorf("action %q rejected by human: %s", action.Name, feedback)
	}
	return fn()
}

package main

import (
	"context"
	"fmt"
	"log"
)

func main() {
	requests := make(chan ApprovalRequest, 1)
	gate := NewChannelGate(requests)
	agent := &guardedAgent{gate: gate}

	// Simulate a human reviewer running in a separate goroutine.
	go func() {
		req := <-requests
		fmt.Printf("Human received action: %s — %s\n", req.Action.Name, req.Action.Description)
		req.Response <- ApprovalResponse{Approved: true, Feedback: "looks good"}
	}()

	action := Action{
		Name:        "send_email",
		Description: "Send a summary email to the team",
		Args:        map[string]any{"to": "team@example.com"},
	}

	result, err := agent.executeWithApproval(context.Background(), action, func() (string, error) {
		return "email sent", nil
	})
	if err != nil {
		log.Fatalf("action rejected: %v", err)
	}

	fmt.Printf("Result: %s\n", result)
	// Output:
	// Human received action: send_email — Send a summary email to the team
	// Result: email sent
}

Real-World Analogy

A surgeon and a circulating nurse: the surgeon calls for an instrument, but before anything irreversible is handed over, the nurse reads it back aloud for confirmation. The surgeon either proceeds or clarifies. The safety checkpoint is built into the protocol, not improvised case by case.

Pros and Cons

Pros	Cons
Prevents irreversible mistakes in production agentic systems	Blocks agent execution — unsuitable for fully automated high-throughput pipelines
`HumanGate` interface makes gates swappable between CLI, web, and test	Requires humans to be available during agent runtime
`ChannelGate` enables async, non-blocking approval UIs	Approval latency adds wall-clock time to every guarded operation
Feedback from rejection is injected back into agent context automatically	Too many gates erode the value of automation — gate only truly irreversible actions

Best Practices

Gate only irreversible or high-stakes actions (send, delete, pay, post) — not every tool call. Over-gating defeats the purpose of automation.
Always propagate context.Context through the gate so approvals can time out.
Log every ApprovalRequest and its response with a timestamp — the approval trail is an audit record.
In tests, use ChannelGate with a goroutine that auto-approves; never use TerminalGate in automated tests.
Surface the human’s feedback back to the LLM via History — “rejected: email address looked wrong” helps the agent self-correct.

When to Use

Agentic systems that take real-world actions with external side effects.
Enterprise workflows requiring audit trails and human sign-off.
Any automation where a mistake is costly and irreversible.

When NOT to Use

Fully automated batch pipelines where human availability is not guaranteed.
Low-stakes read-only tool calls — gating a web search is unnecessary friction.
High-throughput systems where blocking on human input is architecturally infeasible.

Agent Loop (ReAct) in Go Drive an agent by alternating reasoning and acting steps inside a structured loop that terminates when the model signals a final answer. State in Go Change an object’s behavior when its internal state changes by delegating transitions and rules to state-specific types. លំនាំ Command ក្នុង Go ខ្ចប់ operations សម្រាប់ queuing, audit history និង undo/redo ខណៈដែលរក្សា Go error handling ឱ្យច្បាស់លាស់។ Observer in Go Notify dependent subscribers when state changes so event-driven reactions stay decoupled from the publisher.