Skip to content

Human in the loop - WIP #2696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
onmete wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Human in the loop - WIP #2696

onmete wants to merge 1 commit into from
+1,498 −4

Conversation

@onmete
Copy link
Contributor

@onmete onmete commented Jan 8, 2026
edited
Loading

Description

Human-in-the-Loop (HITL) Feature

What

Adds human-in-the-loop approval workflow for AI tool execution. Users can now approve, deny, or modify tool calls before they execute.

Why

Provides safety controls for agentic AI operations. Critical for production environments where AI-initiated actions (like applying YAML or modifying resources) should require human oversight.

How It Works

  1. Streaming query with tool call: When the LLM requests a tool execution, OLS checks if approval is required
  2. Approval request: If required, OLS streams an approval_required event containing tool name, arguments, and an approval ID
  3. User decision: User submits approval via POST /v1/hitl/approve with decision: approve, deny, or modify
  4. Resume: OLS resumes the paused stream and either executes the tool or skips it based on the decision

API

  • POST /v1/hitl/approve - Submit approval decision
  • GET /v1/hitl/pending/{conversation_id} - List pending approvals

Configuration

hitl_config:
  enabled: true
  approval_timeout: 300
  auto_approve_read_only: true

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change

Related Tickets & Documents

  • Related Issue #
  • Closes #

Checklist before requesting a review

  • I have performed a self-review of my code.
  • PR has passed all pre-merge test jobs.
  • If it is a core feature, I have added thorough tests.

Testing

  • Please provide detailed steps to perform tests related to this code change.
  • How were the fix/results from this change verified? Please provide relevant screenshots or results.

@onmete onmete marked this pull request as draft January 8, 2026 11:35
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 8, 2026
@openshift-ci openshift-ci bot requested review from joshuawilson and tisnik January 8, 2026 11:36
@openshift-ci
Copy link

openshift-ci bot commented Jan 8, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign xrajesh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

blublinsky
blublinsky reviewed Jan 12, 2026
View reviewed changes
ols/app/models/config.py
tools_requiring_approval: list[str] = [] # empty list = all tools require approval
auto_approve_read_only: bool = True # auto-approve GET/list/describe operations
default_on_timeout: Literal["approve", "reject"] = "reject"

Copy link
Contributor

@blublinsky blublinsky Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the cofiguration does not belong here. It is configuration for the specific MCP headers and should be added there

ols/app/endpoints/hitl.py


@router.post("/approve", responses=approve_responses)
async def submit_approval(
Copy link
Contributor

@blublinsky blublinsky Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is cool, but... How does the client knows to invoke this? We have a request/reply paradigm in both OLS and LCOre. So the client makes a request and while waiting for a reply should invoke this? Does not seem right

@blublinsky
Copy link
Contributor

blublinsky commented Jan 12, 2026

Overall Human in the loop does not seem quite appropriate for request-reply. It is typically used in fire and forget scenarios

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshuawilson joshuawilson Awaiting requested review from joshuawilson

@tisnik tisnik Awaiting requested review from tisnik

1 more reviewer

@blublinsky blublinsky blublinsky left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@onmete @blublinsky