Human-Agent Interaction Models

Trust is not yet established - the relationship is in its initial calibration phase. The human has not yet observed enough agent behaviour to grant autonomy.

Every agent recommendation is treated as advisory, not authoritative. The human evaluates each proposal against their own judgement before approving.

Trust is built incrementally through demonstrated accuracy - each correct recommendation increases the human's confidence in the agent's judgement.

The trust cost of failure is low because the human catches errors before they become actions. This is the safest model for building initial trust.

Trust calibration happens naturally - the human develops an intuitive sense of the agent's reliability through repeated approval/rejection cycles.

The delegation contract grants research and recommendation authority only. The agent may gather information, analyse options, and propose actions - but execution requires human approval.

Scope boundaries are enforced structurally, not by guidelines. The agent cannot execute actions even if it determines they are optimal - the approval gate is architectural.

Revocation is unnecessary because authority was never fully granted. The human can simply stop approving recommendations without any formal revocation process.

The delegation is implicitly time-bounded by each interaction session. There is no persistent authority that carries across sessions or contexts.

Intent specification is conversational - the human expresses desires in natural language, and the agent translates them into structured proposals for review.

Agent reasoning must be transparent at the point of proposal. The human needs to understand why the agent recommends this action over alternatives.

Confidence levels should accompany each recommendation - the agent should express how certain it is, enabling the human to calibrate their trust accordingly.

Alternative options must be visible. The human-in-the-loop model works only if the human can evaluate the agent's recommendation against other possibilities.

Decision history accumulates naturally because every approval or rejection is logged. This creates the trust evidence needed to eventually move to higher autonomy.

No absence-state design is required - the human is always present. This is the only interaction model where the AXD principle 'Absence is the Primary Use State' does not apply.

The approval interface must be frictionless - if approving correct recommendations is tedious, the human will either rubber-stamp (defeating the purpose) or abandon the agent entirely.

Batch approval patterns can improve efficiency for low-risk, repetitive decisions without sacrificing the human-in-the-loop principle for high-stakes choices.

The agent should learn from approval patterns to improve future recommendations, gradually reducing the cognitive load on the human reviewer.

Rejection must be as easy as approval - and the agent must learn from rejections without requiring the human to explain why each recommendation was wrong.

Escalation is unnecessary in this model because the human is already at the highest level of engagement. There is no one to escalate to.

Agent failures manifest as poor recommendations, not as harmful actions. The human catches the error at the proposal stage and simply rejects it.

The primary failure mode is not agent error but human fatigue - after approving hundreds of correct recommendations, the human stops critically evaluating and begins rubber-stamping.

Recovery from rubber-stamping requires re-engagement design - mechanisms that restore the human's critical attention when it has degraded through routine.

Trust is not damaged by rejected recommendations (the system is working as designed) but by recommendations that the human approved and later regretted.

The transition failure occurs when the human moves to Human-on-the-Loop prematurely - before the agent has demonstrated sufficient reliability to warrant reduced oversight.

First-time use of any agentic system - the initial trust-building phase before autonomy is granted

High-stakes financial transactions where regulatory requirements mandate human approval for each decision

Medical treatment recommendations where clinical judgement must validate every agent suggestion

Legal document review where professional liability requires human sign-off on every agent-identified issue

Post-failure recovery state - when trust has been damaged and the relationship has been reset to maximum oversight

Trust has been earned through a Human-in-the-Loop phase - the agent has demonstrated sufficient reliability that the human is willing to reduce direct oversight.

Trust levels are tracked as explicit system state. The current trust level determines the agent's operational envelope - what it may do without asking, what requires notification, and what requires approval.

Trust calibration is continuous and bidirectional - the agent's trust level increases with successful autonomous actions and decreases with errors, near-misses, or context changes.

Trust thresholds govern model transitions. If trust drops below a defined threshold, the system automatically reverts to Human-in-the-Loop until trust is rebuilt.

The human's confidence in their own ability to intervene effectively is itself a trust variable. If the human doubts they can catch errors in time, the model fails regardless of agent reliability.

The delegation contract specifies positive scope (what the agent may do), negative scope (what it must not do), conditional scope (what requires specific conditions), and temporal scope (when the delegation expires).

Boundary enforcement is structural - the agent cannot exceed its delegated authority even if it determines that doing so would produce better outcomes. Scope is a constraint, not a suggestion.

Revocation must be immediate and propagating. When the human intervenes, every agent action in the delegation chain stops within defined time bounds. Delayed revocation is not revocation.

The delegation evolves over time. As trust accumulates, the human may expand scope. As context changes, the human may narrow it. The delegation design must support this dynamism.

Delegation audit trails are essential - every grant, modification, and revocation of authority is logged with timestamp, scope change, and rationale. This is the accountability infrastructure.

Behaviour summaries at multiple levels of abstraction - from high-level outcome summaries ('I purchased three items within your budget') to detailed decision traces ('I compared 47 options across 6 criteria').

Anomaly detection must flag unusual agent behaviour for human review before it compounds into larger failures. The agent should know when it is operating near the edges of its delegation.

The human's return path must be designed - when the human re-engages after a period of absence, context is restored, decisions since departure are summarised, and any pending decisions are surfaced.

Real-time monitoring dashboards for humans who want to watch agent activity without intervening - the observability equivalent of a security camera that the human checks periodically.

Post-hoc reconstruction capability - the human must be able to understand what happened during any period of absence without replaying every individual agent action.

Agent-to-human interrupts are categorised by severity: informational (FYI, no action needed), advisory (recommendation to review), blocking (action paused pending approval), and emergency (immediate human attention required).

Human-to-agent interrupts must be instantly effective. The human must be able to pause, redirect, or stop agent activity at any moment without navigating through settings or approval flows.

Interrupt frequency calibration is critical - too many interrupts and the human disengages (defeating the monitoring purpose); too few and the human loses awareness of agent activity.

The agent must learn the human's interrupt preferences over time - which types of decisions the human wants to know about, which they are comfortable delegating, and how they prefer to be notified.

Interrupt fatigue is the primary design risk. If the agent cries wolf too often, the human will ignore genuinely critical interrupts. Every interrupt must earn its place.

Failure detection may be delayed - the human may not discover the agent's error until they next review agent activity. The time between failure and detection is a critical design variable.

Trust recovery follows a designed protocol: acknowledge the failure, explain what happened and why, compensate for any harm, demonstrate that the failure mode has been addressed, and rebuild through supervised performance.

The system must automatically reduce the agent's autonomy level after failures - reverting toward Human-in-the-Loop until trust is rebuilt. This is not punishment; it is trust architecture.

Failure classification determines response severity: minor deviations (agent acted within spirit but not letter of delegation), significant errors (agent produced wrong outcomes), and trust violations (agent exceeded delegation scope).

Recovery metrics track how quickly and completely trust is restored. Some failures are recoverable within a single session; others require extended periods of supervised operation before autonomy is restored.

Investment portfolio management - the agent rebalances within defined parameters, the human reviews quarterly and intervenes for major market events

E-commerce purchasing agents - the agent buys routine items autonomously, flags unusual purchases for review, and escalates high-value decisions

Content moderation - the agent handles clear-cut cases autonomously, surfaces edge cases for human review, and escalates policy-ambiguous content

Supply chain management - the agent optimises logistics within defined constraints, alerts the human to disruptions, and requests approval for contingency plans

Customer service triage - the agent resolves standard queries autonomously, escalates complex cases, and transfers emotionally sensitive interactions to humans

Trust has been earned through extended Human-on-the-Loop operation. The agent has demonstrated reliability across diverse contexts, edge cases, and failure scenarios before full autonomy is granted.

Trust is maintained through automated verification - the system continuously validates that agent behaviour remains within expected parameters without requiring human observation.

Trust decay mechanisms prevent stale authority. Even in full autonomy, trust levels gradually decrease over time unless refreshed by periodic human review or continued successful performance.

Circuit breakers exist at multiple levels. If agent behaviour deviates beyond defined thresholds, autonomy is automatically reduced - first to Human-on-the-Loop, then to Human-in-the-Loop if deviation continues.

The trust architecture must be self-healing for minor deviations. Not every anomaly requires human intervention - the system should be able to self-correct within defined parameters and report the correction later.

The delegation contract is the most detailed of any model - specifying not just what the agent may do, but how it should handle every anticipated edge case, ambiguity, and conflict between objectives.

Outcome specification replaces action specification. The human defines desired results, acceptable ranges, and failure conditions - not step-by-step instructions. The agent determines the optimal path to the specified outcome.

Ethical constraints are hard-coded into the delegation. Certain actions are prohibited regardless of whether they would produce better outcomes. These constraints are structural, not overridable by the agent.

The delegation includes escalation criteria - conditions under which the agent must break autonomy and re-engage the human, even though the default model is full autonomy. These are the emergency brake conditions.

Delegation review is scheduled, not triggered. The human periodically reviews and reconfirms the delegation - not because something went wrong, but because contexts change and authority should not persist indefinitely without verification.

Complete audit trails with reasoning chains - not just what the agent did, but what it considered, what it rejected, what trade-offs it made, and what confidence level it assigned to each decision.

Periodic summary reports generated automatically - the agent produces structured accounts of its activity at defined intervals, even if the human does not request them.

Anomaly self-reporting - the agent must identify and flag its own unusual behaviour, even when operating within delegation scope. An action can be within scope but still anomalous.

Outcome tracking against the original delegation specification. The agent continuously measures whether its cumulative actions are producing the outcomes the human specified.

Forensic reconstruction capability - if something goes wrong, the complete chain of decisions, data inputs, reasoning steps, and actions must be reconstructable for investigation.

Emergency-only human interrupts. The agent contacts the human only for situations that exceed its delegation scope or that it classifies as requiring human judgement that cannot be deferred.

The interrupt must include full context - the human is not monitoring, so the interrupt must bring them from zero awareness to decision-ready in a single communication.

Graceful degradation when the human is unreachable. If the agent needs human input but cannot reach the human, it must reduce its autonomy level rather than proceeding with insufficient authority.

Scheduled check-ins replace ad-hoc interrupts. Rather than interrupting when something happens, the agent accumulates items for the human's next scheduled review session.

The agent must distinguish between urgency (needs attention now) and importance (needs attention eventually). Only genuinely urgent matters warrant breaking the human's absence.

Autonomous failure containment - the agent must detect its own failures, stop the failing action, prevent cascade effects, and preserve system state for human review, all without human intervention.

Automatic autonomy reduction on failure. The system reverts to Human-on-the-Loop or Human-in-the-Loop depending on failure severity, and notifies the human that their intervention is now required.

Failure impact assessment is the agent's responsibility. Before the human re-engages, the agent must have already assessed what went wrong, what the consequences are, and what remediation options exist.

Trust recovery in this model is the longest and most demanding. Full autonomy was the highest trust level - recovering it after a failure requires re-earning trust through extended supervised operation.

Post-mortem automation - the agent generates a structured failure report including root cause analysis, impact assessment, containment actions taken, and recommended changes to prevent recurrence.

Autonomous trading systems operating within defined risk parameters during market hours when the portfolio manager is unavailable

Agentic shopping agents that purchase routine household items based on learned preferences, budget constraints, and quality requirements

Infrastructure management agents that maintain, scale, and repair cloud systems around the clock without human DevOps intervention

Long-running research agents that gather, analyse, and synthesise information over days or weeks, reporting findings at scheduled intervals

Autonomous customer service agents that handle the full resolution lifecycle for defined categories of support requests