How we built the Human-in-the-Loop approval gate: intercepting Terraform in real-time
When an AI agent suggests running terraform apply on your production cluster, you want to see exactly what it's about to do — and have a hard stop before it proceeds.
The problem with autonomous deployment
The moment you give an AI agent the ability to execute infrastructure commands, you introduce a category of risk that prompt engineering alone cannot solve. It isn't about whether the AI is "smart enough" — it's about the irreversibility of the actions it can take. A dropped table, a misconfigured security group, a Terraform apply that replaces a load balancer in the wrong environment: these are not recoverable with a retry. The approval gate exists to put a human being in the critical path before any of that happens.
How the interception mechanism works
The Deployer agent runs all shell commands through a sandboxed executor that pattern-matches against a configurable blocklist. Commands like terraform apply, kubectl apply, and helm upgrade are intercepted before execution. The executor surfaces the full command, the target environment, and a resource diff to an approval queue. Execution is blocked on a channel until the queue resolves — either approved, rejected, or timed out.
The approval UI and audit trail
Approved or rejected, every gate interaction is written to an immutable audit log that includes the approver's identity (verified via the platform's OIDC session), the timestamp, the full command text, the environment target, and the resource diff at the time of approval. This log is append-only by design — it cannot be modified retroactively, which means every production change has a provable human decision behind it. For teams operating under SOC 2 or ISO 27001, this audit trail satisfies the change management control requirements without any additional tooling.
The timeout is configurable per command pattern. High-risk commands default to a 15-minute window before auto-rejection. Lower-risk operations in staging environments can be configured with longer windows or even auto-approval policies for specific users — though we recommend defaulting to manual approval for anything touching production until your team has built confidence in the system.
Jordan has spent a decade building deployment infrastructure for teams shipping to millions of users. At cmodl, Jordan leads the Deployer agent and the HITL approval framework.