32dots HEIDELBERG AI
Curriculum Safety 21
Session 21

Safety and approval gates

medium
By the end, you can
  • Build a pause-and-resume workflow that waits for a human button click
  • Decide which actions require a gate (and which don't) on cost-of-mistake
  • Log every approve/reject decision with who, when, and why
Why this matters

Action systems need controls. Automation without gates is how small bugs become medium incidents — and "the model seemed confident" is not a defence when the message has already been sent.

Warm-up · answer in one sentence
  • If a workflow sends 100 emails and 3 are wrong, what should have happened at message 1?
  • Which of these needs a gate: internal log write, Slack post to #general, email to a patient?
Explanation

Approval gates are checkpoints where the system pauses for a human to review a decision or output before taking a consequential action. They are critical whenever the cost of a mistake is non-trivial — sending messages to patients, writing to a real database, modifying a dataset.

The design rule: gate on the *action*, not the generation. Drafting is cheap and private; sending is expensive and public. Every consequential side-effect gets a gate.

scenario

Your AI system is about to take these 5 actions. Which should auto-proceed, which need a human approval gate?

Send a personalised appointment reminder to one patient via email.
Email all 1,200 patients in a clinical cohort about a study protocol change.
Add a tag 'high-risk' to a patient record in the hospital EHR.
Export anonymised aggregate statistics (n=450, mean age, SD) to a research CSV.
Delete 90-day-old conversation logs per retention policy.
Scientific example

A participant communication draft (reschedule, reminder, eligibility decision) is generated automatically but must be reviewed by the coordinator before sending.

Try the reference bot first
▸ Use the instructor's finished build before you build yours feel what "done" looks like — then recreate it

Not loading? https://dify.32dots.de/chat/huWWIK0tXBYAnBcO

What you're building
Finished Safety and approval gates
The finished app — use this as your target
ask Ask a question about "Safety and approval gates"
Reference
n8n Task Open in n8n → 🔑 student@cos.32dots.de · cos2026

Build: Form Trigger (coordinator submits recipient + context) → Chat Model (drafts message) → Slack node (posts draft to #participant-comms channel with Approve/Reject buttons via interactive message) → Wait node (until button click webhook) → IF → Send email on approve, log on reject.

Nodes needed
  • Form Trigger
  • Chat Model (draft)
  • Slack (interactive message with buttons) or Email + Wait node
  • Webhook (receives approval response)
  • IF node on decision
  • SMTP / Gmail node (send)
  • Postgres / Sheets (log every gate decision)
Why this platform

Approval gates are fundamentally about *pausing a workflow and resuming on external input* — that's a Wait + Webhook pattern n8n has built-in. Dify apps run to completion in one request; they don't pause for a Slack button click. Human-in-the-loop across days = n8n.

Common pitfalls
  • **Auto-approve default** — if the workflow proceeds when no one clicks, your gate is decoration. Default must be reject or escalate.
  • **Gate too late** — gating after sending is an audit trail, not a gate. Pause before the side-effect.
  • **No reject path** — "reject" should do something (log, notify, store feedback), not just drop the run silently.
Self-check · tick before you mark done
Student riddle

Why is a human-in-the-loop often a design strength rather than a weakness?

Mini project

Build a reviewed message-drafting assistant with a real approval UI (Slack button or email reply).

Deliverable

Workflow with a working approval gate, run on ≥3 drafts, with a log of approve/reject decisions.

Reflection · one sentence in your journal

If your gate broke silently and nobody noticed for a week, what is the worst single action that would have auto-sent — and who would have received it?