Human-in-the-Loop (HitL) Runbook

When an agent action is flagged as 'HITL_PENDING', it requires immediate human review. This runbook guides human managers on how to handle these escalations.

When to 'Approve'

The action is a known, safe administrative task.
The agent provides a clear, verifiable reason for the request.
The payload contains no sensitive data that shouldn't be exposed to the target tool.

When to 'Report' (Block)

The request appears out of context for the agent's current task.
There are signs of prompt injection (e.g., "ignore all previous instructions").
The agent is attempting to access a resource it doesn't have permission for.

Impact of Actions

Approve: The action is executed, and the system learns that this specific pattern is safe for this agent.
Report: The action is blocked, and the system-wide threat intelligence is updated to immunize against similar future attacks.

Security Lab Live Sandbox

Test your payloads against the AgentSoap security logic. Enter a string below to see the generated implementation code.

Test Payload

Simulation Result

cURL Command

Python Snippet