Internet-Draft anima Intended status: standards-track March 2026 Expires: September 05, 2026 Human-in-the-Loop (HITL) Primitives for AI Agent Systems draft-agent-ecosystem-primitives-for-00 Abstract As AI agents become increasingly autonomous in network operations and other critical domains, the need for standardized human oversight mechanisms becomes paramount. This document defines a framework of Human-in-the-Loop (HITL) primitives that enable structured human intervention, approval, and oversight in AI agent decision-making processes. The framework provides three core primitives: approval workflows that require explicit human consent before action execution, override mechanisms that allow humans to modify or halt agent decisions, and explainability interfaces that provide transparency into agent reasoning. These primitives are designed to be protocol-agnostic and can be integrated with existing agent architectures to ensure human control over autonomous systems. The specification addresses the critical gap between fully autonomous AI operation and human accountability requirements, particularly in regulated environments where human oversight is mandatory. By standardizing these HITL mechanisms, organizations can deploy AI agents with appropriate human safeguards while maintaining operational efficiency and regulatory compliance. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document is intended to have standards-track status. Distribution of this memo is unlimited. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. HITL Primitive A standardized mechanism that enables human oversight and intervention in AI agent decision-making processes Approval Workflow A structured process that requires explicit human consent before an agent action is executed Override Mechanism A capability that allows humans to modify, halt, or redirect agent decisions in real-time Explainability Interface A standardized method for agents to provide transparency into their reasoning and decision-making processes Human Oversight The structured involvement of human operators in monitoring, approving, or modifying AI agent actions Decision Point A moment in agent execution where human intervention may be required or beneficial Intervention Trigger A condition or threshold that activates human-in-the-loop mechanisms Table of Contents 1. Introduction ................................................ 3 2. Terminology ................................................. 4 3. Problem Statement ........................................... 5 4. HITL Primitive Framework .................................... 6 5. Approval Workflow Primitives ................................ 7 6. Override and Intervention Primitives ........................ 8 7. Explainability and Transparency Primitives .................. 9 8. Integration with Agent Architectures ........................ 10 9. Security Considerations ..................................... 11 10. IANA Considerations ......................................... 12 11. References .................................................. 13 1. Introduction The rapid advancement and deployment of AI agents in critical network operations and infrastructure management has created an urgent need for standardized human oversight mechanisms. As documented in [draft-cui-nmrg-llm-nm] and [draft-irtf-nmrg-llm- nm], AI agents are increasingly being deployed for network management tasks that were traditionally performed by human operators. However, the current landscape of AI agent systems lacks consistent and interoperable Human-in-the-Loop (HITL) mechanisms, creating significant risks for organizations that require human accountability and oversight in their autonomous systems. Current AI agent deployments typically implement ad-hoc or proprietary mechanisms for human oversight, if any oversight mechanisms exist at all. This inconsistency creates several critical problems: organizations cannot easily integrate HITL capabilities across different agent systems, human operators lack standardized interfaces for agent oversight, and regulatory compliance becomes difficult to achieve and demonstrate. The absence of standardized HITL primitives means that each agent implementation must create its own oversight mechanisms, leading to fragmented approaches that cannot interoperate and may have significant security or reliability gaps. The risks of uncontrolled autonomous operation are particularly acute in regulated environments such as financial services, healthcare, and critical infrastructure, where human oversight is often legally mandated. When AI agents operate without appropriate human safeguards, organizations face potential regulatory violations, liability issues, and operational failures that could have been prevented through proper human oversight. Furthermore, the lack of standardized explainability interfaces means that human operators often cannot understand or validate agent decisions, undermining the effectiveness of any oversight mechanisms that do exist. This document addresses these challenges by defining a comprehensive framework of HITL primitives that can be integrated with existing agent architectures in a protocol-agnostic manner. The framework builds upon established patterns from OAuth 2.0 [RFC6749] and JSON Web Tokens [RFC7519] to provide standardized mechanisms for approval workflows, override capabilities, and explainability interfaces. These primitives are designed to ensure that human oversight can be consistently implemented and enforced across different AI agent systems while maintaining the operational efficiency benefits of autonomous operation. The HITL primitive framework specified in this document enables organizations to deploy AI agents with appropriate human safeguards that meet regulatory requirements and organizational policies. By standardizing these mechanisms, the framework facilitates interoperability between different agent systems and provides a foundation for secure, accountable autonomous operations. The primitives are designed to be composable and configurable, allowing organizations to implement the level of human oversight appropriate for their specific use cases and risk tolerance. 2. Terminology This document uses terminology consistent with [RFC2119] and [RFC8174] when describing requirement levels. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. HITL Primitive refers to a standardized, composable mechanism that enables structured human oversight and intervention in AI agent decision-making processes. These primitives serve as the fundamental building blocks for implementing human control over autonomous systems and can be combined to create comprehensive oversight frameworks tailored to specific operational requirements. Approval Workflow defines a structured process that requires explicit human consent before an agent action is executed. As described in [draft-cui-nmrg-llm-nm] and [draft-irtf-nmrg-llm-nm], these workflows enforce human control over automated actions by creating mandatory checkpoints where agent decisions must receive human validation. Approval workflows include mechanisms for request formatting, response handling, timeout management, and escalation procedures. Override Mechanism encompasses capabilities that allow humans to modify, halt, or redirect agent decisions in real-time, both during the decision-making process and after initial action has begun. These mechanisms provide emergency intervention capabilities and enable humans to maintain ultimate control over agent behavior, even when agents are operating with significant autonomy. Explainability Interface represents a standardized method for agents to provide transparency into their reasoning and decision- making processes. These interfaces enable informed human oversight by presenting agent logic, data sources, confidence levels, and decision rationale in human-comprehensible formats. The explainability interface is essential for meaningful human participation in approval workflows and override decisions. Human Oversight denotes the structured involvement of human operators in monitoring, approving, or modifying AI agent actions. This encompasses both proactive oversight through approval workflows and reactive oversight through monitoring and intervention capabilities. Human oversight requirements may be specified through structured claims and validation patterns as referenced in authorization frameworks [RFC6749] [RFC7519]. Decision Point identifies a specific moment in agent execution where human intervention may be required, beneficial, or optionally available. Decision points are defined based on action criticality, risk assessment, regulatory requirements, or organizational policy. Each decision point specifies the type of human involvement required and the mechanisms through which such involvement occurs. Intervention Trigger describes a condition, threshold, or event that automatically activates human-in-the-loop mechanisms. Triggers may be based on risk scores, confidence levels, environmental changes, error conditions, or explicit policy rules. When activated, intervention triggers initiate appropriate HITL primitives to ensure human involvement in agent decision-making processes. 3. Problem Statement As AI agents become increasingly prevalent in critical network infrastructure and operational environments, they are often deployed with varying degrees of autonomy and inconsistent mechanisms for human oversight. Current agent implementations typically rely on ad-hoc or proprietary methods for human intervention, ranging from simple logging systems to custom approval interfaces that lack standardization across platforms and vendors. This fragmentation creates significant challenges for organizations attempting to maintain consistent oversight policies across heterogeneous agent deployments, particularly in regulated environments where human accountability is not merely preferred but legally mandated. The absence of standardized Human-in-the-Loop (HITL) mechanisms leads to several critical problems in autonomous agent deployment. Without consistent approval workflows, agents may execute high- impact actions without appropriate human review, potentially causing unintended consequences in production systems. The lack of standardized override mechanisms means that human operators cannot reliably intervene when agents begin executing problematic decisions, creating situations where autonomous systems continue operating beyond safe parameters. Furthermore, the absence of explainability interfaces prevents operators from understanding agent reasoning, making it impossible to provide informed oversight or learn from agent behavior patterns. These gaps are particularly problematic in network management contexts, as highlighted in [DRAFT-CUI-NMRG-LLM-NM] and [DRAFT-IRTF-NMRG-LLM- NM], where LLM-generated network decisions require structured human validation before execution. The consequences of uncontrolled autonomous operation extend beyond immediate operational risks to encompass regulatory compliance and accountability challenges. In many jurisdictions, regulations require that critical decisions affecting network infrastructure, user data, or service availability maintain clear chains of human responsibility. Current agent systems often operate as "black boxes" where the decision-making process is opaque to human oversight, making it difficult or impossible to demonstrate compliance with regulatory requirements. This opacity also hinders incident response and post-mortem analysis, as operators cannot determine why an agent made specific decisions or identify patterns that might prevent future issues. The need for human accountability in AI agent systems is further complicated by the temporal aspects of autonomous operation. Unlike traditional software systems that execute predetermined logic, AI agents make dynamic decisions based on environmental conditions and learned behaviors that may not be fully predictable at deployment time. This unpredictability necessitates real-time human oversight capabilities that can adapt to emerging situations. However, without standardized primitives for human intervention, organizations resort to crude mechanisms such as complete system shutdown or manual takeover, which eliminate the benefits of autonomous operation while failing to provide granular control over agent behavior. The lack of interoperability between different HITL implementations creates additional operational burden and security risks. Organizations deploying multiple agent systems must maintain separate oversight interfaces and procedures for each platform, increasing complexity and the likelihood of human error. This fragmentation also prevents the development of unified oversight dashboards and centralized approval workflows that could improve operational efficiency while maintaining appropriate human control. The security implications are equally concerning, as non- standardized override mechanisms may lack proper authentication, authorization, and audit capabilities, potentially enabling unauthorized intervention in autonomous systems. 4. HITL Primitive Framework This document defines a framework of Human-in-the-Loop (HITL) primitives that provide standardized mechanisms for human oversight of AI agent systems. The framework establishes three core primitive categories that work together to ensure appropriate human control over autonomous operations while maintaining operational efficiency. These primitives are designed to be protocol-agnostic and can be integrated with existing agent architectures regardless of the underlying communication protocols or decision-making systems. The HITL primitive framework operates on the principle that human oversight requirements vary based on context, risk level, and regulatory constraints. Each primitive category addresses a specific aspect of human-agent interaction: approval workflows ensure human consent for critical actions, override mechanisms provide real-time intervention capabilities, and explainability interfaces enable informed human decision-making. The framework defines standardized interfaces and message formats that allow these primitives to be composed into comprehensive oversight systems tailored to specific operational requirements. +-----------------------+ | AI Agent Decision | | Loop | +-----------+-----------+ | v +-----------+-----------+ | Decision Point | | Evaluator | +-----------+-----------+ / | \ / | \ v v v +------+ +------+ +---------+ |Appro-| |Over- | |Explain- | | val | |ride | |ability | +--+---+ +--+---+ +----+----+ | | | v v v +--+--------+-----+ +-+--------+ | Human Operator | | Audit | | Interface | | Log | +------------------+ +---------+ Figure 1: HITL Primitive Framework Overview At the architectural level, HITL primitives integrate with agent systems through well-defined decision points where human intervention may be required. These decision points are identified during agent operation based on configurable triggers such as risk thresholds, regulatory requirements, or operational policies. When a decision point is reached, the appropriate HITL primitive is activated, temporarily suspending autonomous operation until human oversight is satisfied. This approach ensures that human oversight requirements, as referenced in [draft-cui-nmrg-llm-nm] for network management scenarios, can be consistently enforced across diverse agent deployments. The framework establishes a common message structure for all HITL primitives that includes essential metadata such as agent identity, decision context, timestamp, and urgency level. This standardized approach enables interoperability between different agent systems and human oversight tools while providing the flexibility to extend primitives for domain-specific requirements. The message structure follows JSON formatting conventions per [RFC8259] and incorporates security considerations including authentication tokens and integrity protection mechanisms as specified in [RFC7519] and [RFC8446]. Implementation of HITL primitives MUST ensure that human oversight mechanisms cannot be bypassed or manipulated by agent systems. The framework requires that primitive activation be deterministic and based on verifiable conditions, preventing agents from selectively avoiding human oversight. Additionally, all HITL interactions MUST be logged with sufficient detail to support audit requirements and accountability frameworks. This logging requirement supports the human oversight validation patterns needed for authorization systems and ensures compliance with regulatory oversight mandates. 5. Approval Workflow Primitives Approval workflow primitives provide standardized mechanisms for requiring explicit human consent before AI agents execute specific actions. These primitives establish a structured framework where agents identify decision points that require human oversight, format approval requests with sufficient context for human evaluation, and await explicit authorization before proceeding. The approval workflow primitive ensures that critical or high-risk agent actions cannot be executed without human validation, maintaining human authority over autonomous systems while preserving operational efficiency through selective intervention points. Agent HITL Middleware Human Operator | | | |--action----->| | | request |--approval req---->| | | +context, risk | | | | | |<---approve/deny---| | | +auth token | |<--result-----| | | proceed | | | or halt | | | | | | [timeout] | | |<--fallback---| | | | | Figure 2: Approval Workflow Sequence The core approval request structure MUST include the proposed action description, associated risk assessment, relevant context for human evaluation, and expected execution timeline. Each approval request MUST be uniquely identified and include sufficient information for a human operator to make an informed decision. The request format SHOULD follow structured data conventions as defined in [RFC8259] to ensure consistent parsing and presentation across different human interface systems. Agents MUST provide clear rationale for why the action requires approval and include any relevant alternative options that humans may consider during the evaluation process. Human responses to approval requests MUST use standardized response codes that clearly indicate approval, denial, or modification instructions. Approved actions receive an explicit authorization token that agents MUST validate before execution, ensuring that only genuinely authorized actions proceed. Denied requests MUST include human feedback when possible to enable agent learning and improved future decision-making. The response format SHOULD accommodate conditional approvals where humans specify constraints or modifications to the proposed action while still granting execution authority. Timeout handling mechanisms are critical components of approval workflow primitives to prevent system deadlock when human operators are unavailable. Agents MUST implement configurable timeout periods appropriate to the urgency and criticality of the requested action, with default behavior clearly specified for timeout scenarios. When approval requests exceed timeout thresholds, agents SHOULD implement fallback strategies such as escalation to alternate human operators, execution of safe default actions, or graceful degradation of service. The timeout configuration SHOULD be contextually aware, allowing shorter timeouts for routine operations and longer timeouts for complex decisions requiring thorough human evaluation. Integration with authentication and authorization systems ensures that approval responses originate from authorized human operators with appropriate privileges for the requested action type. The approval workflow primitive SHOULD leverage existing identity frameworks such as those defined in [RFC6749] and [RFC7519] to validate human operator credentials and maintain audit trails of approval decisions. This integration enables fine-grained access control where different categories of actions require approval from operators with specific roles or clearance levels, supporting organizational hierarchy and responsibility structures within human-agent collaborative systems. 6. Override and Intervention Primitives Override and intervention primitives provide real-time mechanisms that allow human operators to modify, halt, or redirect agent decisions during execution. These primitives are essential for maintaining human control over autonomous systems, particularly in situations where agent decisions may lead to undesirable outcomes or where dynamic conditions require human judgment. The override mechanisms MUST be designed to operate with minimal latency to ensure timely human intervention when required. The core override primitive consists of three fundamental operations: halt, modify, and redirect. The halt operation immediately stops agent execution and places the system in a safe state, while the modify operation allows humans to adjust specific parameters or constraints of the current agent decision. The redirect operation enables complete substitution of the agent's proposed action with a human-specified alternative. Each override operation MUST include authentication credentials as defined in [RFC6749] and SHOULD provide a reason code indicating the basis for intervention. Override requests MUST be processed synchronously when possible, with acknowledgment timeouts not exceeding implementation-defined thresholds. Emergency stop procedures represent a specialized category of override primitives designed for critical situations requiring immediate agent termination. These procedures MUST bypass normal approval workflows and provide direct, low-latency mechanisms for halting agent operations. Emergency stops SHOULD be implemented through multiple redundant channels to ensure reliability, and MUST trigger immediate notification to designated human supervisors. The emergency stop primitive MUST include safeguards to prevent accidental activation while ensuring accessibility during genuine emergencies. Decision modification interfaces enable fine-grained human adjustment of agent decisions without complete override. These interfaces MUST provide structured formats for specifying modifications to agent parameters, constraints, or objectives using JSON [RFC8259] or equivalent structured data formats. Modification requests SHOULD include validation mechanisms to ensure proposed changes are within acceptable operational bounds. The agent MUST acknowledge modification requests and indicate whether the requested changes can be accommodated within current operational constraints. Real-time intervention capabilities require agents to expose decision points where human oversight can be effectively applied. Decision points MUST be clearly identified in agent execution flows, with appropriate pause mechanisms that allow human evaluation without timeout penalties. Agents SHOULD provide context information at each decision point, including current state, proposed actions, and confidence levels. The intervention interface MUST support both synchronous and asynchronous human responses, with clear timeout behaviors defined for each interaction mode. Integration with agent architectures requires override primitives to maintain compatibility with existing agent communication protocols while providing standardized intervention interfaces. Override mechanisms SHOULD be implemented as middleware components that can intercept agent communications without requiring modification to core agent logic. The primitive framework MUST support distributed scenarios where human operators may be remote from agent execution environments, utilizing secure communication channels as specified in [RFC8446] for all override operations. 7. Explainability and Transparency Primitives This section defines standardized interfaces that enable AI agents to provide transparency into their reasoning and decision-making processes. Explainability primitives are essential for enabling informed human oversight, as humans cannot effectively supervise agent actions without understanding the underlying rationale. These interfaces MUST provide structured information about agent reasoning in formats that support human comprehension and decision-making. The core explainability primitive is the Reasoning Trace, which captures the agent's decision-making process in a structured format. A Reasoning Trace MUST include the following elements: the initial problem or goal statement, key inputs and data sources consulted, reasoning steps taken, alternative options considered, confidence levels for decisions, and any uncertainty or limitations acknowledged by the agent. This trace SHOULD be generated in JSON format [RFC8259] to ensure machine-readable structure while remaining human-interpretable. The trace MUST be available before any approval workflow is initiated, allowing humans to make informed decisions about proposed agent actions. Agents MUST implement a Context Explanation interface that provides on-demand details about specific aspects of their reasoning. This interface allows human operators to query particular decision points, request elaboration on confidence levels, or explore alternative approaches that were considered but rejected. The interface SHOULD support structured queries using predefined categories such as "data-sources", "assumptions", "risk-factors", and "alternatives". Responses MUST be provided in a consistent format that enables both human review and automated analysis for audit purposes. The Uncertainty Declaration primitive requires agents to explicitly communicate their confidence levels and known limitations regarding proposed actions. Agents MUST provide quantitative confidence scores where applicable and qualitative uncertainty statements for aspects that cannot be numerically assessed. This primitive is particularly critical in regulated environments where human operators need to understand the reliability of agent recommendations before granting approval, as specified in human oversight requirements frameworks [draft-cui- nmrg-llm-nm]. To support audit and compliance requirements, explainability interfaces MUST generate persistent explanation records that can be stored and retrieved for later review. These records SHOULD include timestamps, version information for the agent making decisions, and cryptographic signatures to ensure integrity. The explanation data MUST be structured to support automated analysis and pattern detection, enabling organizations to identify trends in agent decision-making and improve oversight processes over time. 8. Integration with Agent Architectures The integration of HITL primitives with existing agent architectures requires careful consideration of both the agent's internal decision-making processes and the external communication protocols used for human interaction. Agent systems MUST implement HITL primitives as composable components that can be inserted into the agent's execution pipeline without requiring fundamental architectural changes. This approach ensures that existing agent deployments can adopt human oversight mechanisms incrementally, maintaining backward compatibility while enhancing human control capabilities. Agent architectures SHOULD implement HITL primitives through a middleware layer that intercepts agent decisions at configurable decision points. This middleware approach allows the same HITL mechanisms to be applied across different agent types and execution environments. The middleware MUST support protocol- agnostic communication, enabling human oversight through various channels including HTTP-based APIs [RFC9110], WebSocket connections for real-time interaction, or message-oriented protocols. The choice of communication protocol SHOULD be configurable to accommodate different operational environments and human interface requirements. Integration with authorization frameworks presents a critical opportunity to enforce human oversight requirements at the system level. Agent architectures SHOULD leverage OAuth 2.0 [RFC6749] scopes and claims to specify when human approval is required for specific actions, building upon human oversight requirement patterns that embed HITL constraints directly into authorization tokens [draft-aap-oauth-profile]. This integration ensures that human oversight requirements are enforced consistently across distributed agent systems and cannot be bypassed by individual agent implementations. For network management applications, HITL primitives MUST integrate with existing network management protocols and frameworks while preserving the human-in-the-loop workflows defined for LLM-generated network management decisions [draft-cui- nmrg-llm-nm]. Agent architectures in network domains SHOULD implement decision checkpoints that align with critical network operations, ensuring that configuration changes, policy updates, and topology modifications trigger appropriate human oversight mechanisms. The integration MUST preserve existing network management interfaces while adding human oversight capabilities as an additional validation layer. The implementation of HITL primitives SHOULD support both synchronous and asynchronous interaction patterns to accommodate different operational requirements and human availability constraints. Synchronous patterns are appropriate for real-time decision approval, while asynchronous patterns enable human oversight in environments where immediate human response is not feasible. Agent architectures MUST implement timeout mechanisms and fallback behaviors for both interaction patterns, ensuring system stability when human oversight is delayed or unavailable. Configuration and policy management for HITL primitives SHOULD be externalized from agent implementations to enable dynamic adjustment of human oversight requirements without agent redeployment. This externalization allows organizations to adjust human oversight policies based on operational conditions, regulatory requirements, or agent performance metrics. The configuration mechanism MUST support fine-grained control over which agent decisions require human oversight, the type of oversight required, and the specific human operators authorized to provide oversight for different decision categories. 9. Security Considerations The security of HITL primitives is paramount, as these mechanisms represent critical control points where human authority intersects with autonomous agent operation. Authentication and authorization of human operators MUST be implemented using strong cryptographic methods, with multi-factor authentication RECOMMENDED for high- impact decision points. Human operator credentials SHOULD be managed through established identity frameworks such as OAuth 2.0 [RFC6749] or equivalent, with token-based authentication providing both security and auditability. Organizations MUST implement role- based access controls that ensure only authorized personnel can approve specific types of agent actions, with the principle of least privilege applied to limit human operator permissions to necessary functions only. Protection against manipulation and spoofing attacks requires robust integrity mechanisms throughout the HITL workflow. All approval requests, human responses, and override commands MUST be cryptographically signed to prevent tampering and ensure non- repudiation. The system MUST validate that approval workflows cannot be bypassed through direct agent-to-agent communication or through exploitation of timing vulnerabilities. Particular attention MUST be paid to preventing replay attacks where previously valid human approvals could be reused inappropriately. Human operators MUST be provided with sufficient context and verification mechanisms to detect potentially malicious approval requests that might be designed to trick humans into approving harmful actions. Secure communication channels are essential for protecting HITL interactions from eavesdropping and man-in-the-middle attacks. All communication between agents, HITL interfaces, and human operators MUST use transport-layer security equivalent to TLS 1.3 [RFC8446] or stronger. The system MUST implement proper certificate validation and SHOULD use mutual TLS authentication where feasible. Session management for human operators MUST include appropriate timeout mechanisms to prevent unauthorized use of abandoned sessions, with sensitive approval workflows requiring fresh authentication for extended operations. The explainability interfaces present unique security challenges, as they must balance transparency with protection of sensitive algorithmic details and operational information. Explanations provided to human operators MUST be sanitized to prevent information disclosure that could be exploited by attackers to reverse-engineer agent decision patterns or identify system vulnerabilities. The system MUST implement access controls that ensure explainability information is only provided to operators with appropriate clearance levels for the specific operational context. Additionally, all HITL interactions MUST be logged with tamper-evident audit trails that include cryptographic checksums and timestamps to ensure accountability and enable post-incident analysis while protecting sensitive operational details from unauthorized disclosure. 10. IANA Considerations This document introduces several new protocol elements and identifiers that require standardized registration to ensure interoperability across implementations. IANA is requested to establish and maintain registries for HITL primitive types, approval workflow identifiers, and standardized response codes as specified in this section. These registries will enable consistent implementation of human-in-the-loop mechanisms across different agent systems and organizational boundaries. IANA SHALL establish a new registry titled "Human-in-the-Loop (HITL) Primitive Types" to maintain standardized identifiers for the core HITL mechanisms defined in this specification. The registry MUST include entries for "approval-workflow", "override- mechanism", and "explainability-interface" as the initial primitive types, with additional types to be registered through the Specification Required policy as defined in [RFC8126]. Each registry entry MUST include the primitive type identifier, a brief description of its function, and a reference to the defining specification. Registration requests MUST specify how the proposed primitive type differs from existing entries and demonstrate clear utility for human oversight scenarios. A second registry titled "HITL Approval Workflow Identifiers" SHALL be established to maintain standardized workflow patterns for approval primitives. This registry MUST include initial entries for common workflow types such as "single-approver", "multi-stage-approval", "consensus-required", and "emergency- bypass", with new workflow identifiers registered under the Specification Required policy. Each workflow identifier entry MUST specify the approval pattern, required participant roles, decision criteria, and timeout handling mechanisms. This registry enables organizations to reference standardized approval patterns while maintaining consistency across different agent deployments. IANA SHALL create a "HITL Response Codes" registry to standardize the status and error codes used in human-in-the-loop communications as defined in Section 5 and Section 6 of this specification. The registry MUST include standard response codes for approval granted (200), approval denied (403), timeout exceeded (408), override initiated (300), and explanation requested (250), following the pattern established by HTTP status codes in [RFC9110]. Additional response codes MAY be registered using the Expert Review policy, with registration requests requiring demonstration of unique semantic meaning not covered by existing codes. The registry MUST specify the numeric code, textual description, applicable primitive types, and any special handling requirements for each response code to ensure consistent interpretation across implementations. 11. References 11.1. Normative References [RFC 2119] RFC 2119 [RFC 8174] RFC 8174 [RFC 8446] RFC 8446 [RFC 9110] RFC 9110 [RFC 8259] RFC 8259 [draft-rosenberg-cheq] draft-rosenberg-cheq 11.2. Informative References [RFC 6749] RFC 6749 [RFC 7519] RFC 7519 [draft-cui-nmrg-llm-nm] draft-cui-nmrg-llm-nm [draft-irtf-nmrg-llm-nm] draft-irtf-nmrg-llm-nm [draft-rosenberg-aiproto-cheq] draft-rosenberg-aiproto-cheq [draft-aap-oauth-profile] draft-aap-oauth-profile [draft-cowles-volt] draft-cowles-volt [draft-aylward-daap-v2] draft-aylward-daap-v2 Author's Address Generated by IETF Draft Analyzer Family: agent-ecosystem 2026-03-04