ANTIGRAVITY LABJP
Articles/Agents & Manager
Agents & Manager/2026-05-19Advanced

Designing an HITL Approval Pipeline That Survives Production — Routing Probabilistic Actions Safely With Antigravity Agent

How I run a Human-in-the-Loop approval pipeline for Antigravity Agent in production — risk tiers, confidence-based routing, queue schema, audit logs, and the graduation criteria that move actions toward automation, drawn from six months of indie-app operations.

antigravity-agenthitlproduction71approval2audit-log2

Premium Article

Running Antigravity Agent in production eventually surfaces a fixed truth: some decisions cannot be delegated yet. Since I started shipping indie iOS and Android apps in 2014 — the wallpaper, healing, and law-of-attraction titles that have crossed 50 million downloads in total — every time I let an agent push changes into AdMob configuration or App Store metadata without a human gate, I have regretted it within days. A probabilistic action that succeeds 99 times still costs more on the single failure than the 99 successes ever save.

Human-in-the-Loop (HITL) approval pipelines bridge that asymmetry. This piece walks through the design choices I now treat as non-negotiable: risk tiering, the queue schema, confidence-based routing, the reviewer UI, the audit trail, and the graduation criteria that move actions toward automation. I assume Antigravity Agent plus PostgreSQL plus a thin internal web UI, but the architecture transfers cleanly to any agent stack.

Why probabilistic actions should not ship straight to production

An agent's outputs are, by construction, a distribution over candidate actions. Identical prompts in identical contexts produce different decisions depending on internal search and tool availability. The variance might be a few percentage points, but the expected loss in production is brutally asymmetric. In my own apps, mistakenly enabling a single AdMob unit that brushes against the policy guidelines can cost days of suspended serving and a seven-figure monthly hole. A hundred conservative wins are invisible. One careless loss is not.

Before I let an agent take an action in production, I sort it through four questions:

  1. Is the change recoverable within 30 seconds?
  2. Does it propagate outside our system (store listings, billing, email, push)?
  3. Does it touch policies, contracts, or compliance obligations?
  4. Does rolling back impose a cost on the user?

If any answer is yes, the action does not enter the auto-execute lane, regardless of confidence. Only when all four are clean does an action become an automation candidate. The job of HITL is not to block everything; it is to send the un-automatable subset to a human queue.

Treat HITL as a risk hierarchy, not a single approval gate

The most common failure mode is to slap an approval gate on every action and watch reviewers slip into rubber-stamping. When I first wired Antigravity Agent into my bug-triage pipeline, I made exactly that mistake and broke the system within three weeks. The queue hit more than 300 items per day, I stopped reading them, and the approval gate degraded into pure noise.

What works instead is splitting actions into four tiers:

  • L0 auto — internal notes, Slack pings to myself. Executes immediately, audit log only.
  • L1 soft approval — store copy typo fixes, draft release notes. Auto-approves when confidence ≥ 0.85; below that, a human reviews.
  • L2 hard approval — pricing changes, regional rollout toggles. Always requires a human, but the UI is one click.
  • L3 dual approval — policy responses, new subscription plans, refund-rule changes. Two independent reviewers, with a mandatory 4-hour cooldown.

The L1 tier carries most of the efficiency. Once I introduced it, daily reviews dropped from roughly 300 to about 80, and after three months they stabilized near 40 per day. The reviews did not get higher quality; the queue simply shed the items that did not need human judgment.

Thank you for reading this far.

Continue Reading

What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.

WHAT YOU'LL LEARN
Routing logic that cut human reviews from 300/day to 40/day by tiering actions by recoverability, blast radius, and policy exposure.
PostgreSQL queue schema with row locking, idempotency keys, payload hashes, and rollback tokens — patterns I now treat as non-negotiable.
Graduation criteria for moving L2 → L1 → L0 (rollback latency, rollback rate, policy exposure) and the real numbers I observed over six months.
Secure payment via Stripe · Cancel anytime

Unlock This Article

Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.

or
Unlock all articles with Membership →
Share

Thank You for Reading

Antigravity Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

Related Articles

Agents & Manager2026-07-06
When Parallel Agents Ran the Same Task Twice and Quietly Doubled the Bill — Field Notes on Measuring and Stopping Duplicates
The bill for our parallel agents came in about 1.9x higher than expected — because multiple workers were running the same task twice. These are field notes on measuring the duplication, stopping it with idempotency keys, and attributing cost per task.
Agents & Manager2026-07-05
Protecting Your Agent Stack's Known-Good State with a Single Lockfile — Change-Budget Design for an Era of Simultaneously Moving Parts
When the IDE build, CLI, model, and dependencies all move at once, you can no longer tell which one caused a regression. Here is a change-budget design that pins your known-good state to one lockfile, with working code and operational logs.
Agents & Manager2026-07-04
When Nobody Reads Your AI Code Reviewer Anymore — Field Notes on Measuring Actioned-Rate
Our production AI code-review agent quietly went hollow over six months. When the team started silently resolving every comment, we instrumented actioned-rate and false-positive rate to bring it back. These are the field notes.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →