Part 2: Human-in-the-Loop Ops: How to Get Most of the Benefit of AI Agents Without Autopilot Risk

If Part 1 was about why autopilot can go wrong in production, Part 2 is about what to do instead.

The goal isn’t “no automation.” The goal is: AI accelerates thinking and drafting; humans approve execution. That delivers most of the value - faster diagnosis, better plans, fewer missed steps without turning infrastructure changes into an opaque chain reaction.

The HITL workflow for safe execution

A safe, repeatable pattern to let AI execute commands looks like this:

1. Describe the outcome (what “good” looks like)
2. Collect facts (read-only commands first)
3. Propose a plan (steps + reasoning)
4. Prepare rollback scenarios
5. Preflight / verify (what could break? what will change?)
6. Execute (only after explicit confirmation)
7. Validate (prove it worked)
8. Document (what happened, why, how to recover)

This is boring on purpose. It matches how good ops already works - AI just helps compress the thinking and writing time.

Default to read-only first

A practical guardrail: AI never starts with write actions.

Good “first move” categories (depending on the intent):

• environment identification
• service status and recent logs
• process/socket state
• disk/memory/CPU snapshots
• recent system events
• dependency checks (DNS/TLS/upstreams)

Preflight checks: “What will change?” before “Change it.”

Preflight is how you keep velocity without losing safety.

Common preflight patterns:

• config syntax check before reload/restart
• dry-run modes where available
• diff/preview before apply
• scope confirmation (hostnames, clusters, environments)

A good plan explicitly calls out:

• which files will be modified
• which services will restart
• expected downtime impact
• how to revert (or what backup exists)

Approval boundaries: approve steps, not vibes

Human confirmation only makes sense when boundaries are clear—meaning exact commands and scope are visible before execution.

Confirm a scoped action, not an intent.

Batch safely: canary → small batch → full rollout

If changes must happen across multiple machines, a rollout ladder reduces risk:

1. Canary host
2. Small batch (2–5)
3. Full rollout
4. Post-checks everywhere

The AI tool should produce:

• a rollout plan
• a rollback scenario
• a validation command set
• stop conditions (“if X happens, stop and rollback”)

Documentation as an output

A quiet superpower of Human-in-the-Loop AI is turning ad-hoc fixes into something repeatable.

After validation, the tool can produce one of:

• a short incident wrap-up
• a runbook section (“Symptoms → Checks → Fix → Verify → Rollback”)
• a postmortem draft with concrete commands and findings
• a script to answer to similar issues in the future

This is how you compound value over time.

Implementation note

The hard part isn’t knowing the workflow - it’s following it consistently under pressure. Admin Companion helps by structuring suggestions (plan, checks, risks, validation) and requiring explicit confirmation before execution, so the review step can’t be skipped accidentally.
https://www.admin-companion.ai/product

Next in this series:

Part 3: Human-in-the-Loop AI Agents: A NIST-Based Risk View