Skip to main content

Fixed.sh

← All posts

Fixed.sh blog

Human-in-the-loop isn't a disclaimer: it's the architecture

Why approval gates, investigate-only modes, and explicit risk labels matter when AI touches production systems.

  • AI
  • operations
  • governance

“Human-in-the-loop” has become marketing wallpaper. Every AI vendor mentions it in slide twelve, right after the demo that auto-fixes production without friction.

For operations and security teams, the phrase only matters if it changes what the system is allowed to do, not how the footer reads.

Two different questions

Teams conflate two problems:

  1. Understanding: What broke, and what is the blast radius?
  2. Acting: Should we change production right now?

AI can help with both. It should not treat them as the same permission level.

Investigate mode answers the first: correlate signals, rank hypotheses, draft an RCA, recommend next steps. Nothing mutates infrastructure.

Repair mode answers the second: queue a playbook, pool resize, cert rollback, traffic shed, behind explicit human approval.

That split is not timidity. It is how you earn the right to automate later.

Approval is a product surface, not a policy PDF

A real approval gate shows up in the UI:

  • Clear status: “Hypothesis ready” vs “Awaiting approval.”
  • Risk label: Low / medium / high on proposed changes.
  • Evidence attached: So the approver is not signing a blank check.

If your only control is “don’t paste prod credentials into ChatGPT,” you do not have human-in-the-loop. You have hope.

ML confidence is input to humans, not output to automation

Models that score hypotheses or similarity to past incidents are useful when they are visible. Hide the score and teams either ignore the tool or over-trust it.

Good practice:

  • Show confidence and what moved it.
  • Allow the human to deprioritize a leading theory with a note.
  • Log overrides for post-incident review.

That feedback loop is how on-call judgment improves the system over time, without silent auto-remediation.

Legitimacy for security and compliance

Security and platform leads ask the same questions:

  • Can this tool exfiltrate data?
  • Can it execute changes we did not authorize?
  • Can we audit who approved what?

An architecture that defaults to read-only investigation and signed-off repair answers those questions without a six-month procurement review. You can still move fast on triage while remediation stays gated.

What we are building toward

Fixed.sh starts from the belief that ops AI should feel like a senior engineer sitting next to you, pointing at the graph, citing the deploy, drafting the brief, not grabbing the keyboard.

Human-in-the-loop is not the fine print. It is the reason the product exists.