curiositech/human-gate-designer
skills/human-gate-designer/SKILL.md
Designs human-in-the-loop review points for DAG workflows. Determines what to present to the human, how to collect feedback, and how to route approve/reject/modify decisions back into the DAG. Use when adding approval gates, designing review UX, or handling human feedback in agent workflows. Activate on "human review", "approval gate", "human-in-the-loop", "human gate", "approval workflow", "user review step". NOT for executing human gates at runtime (use dag-runtime with Temporal signals), general UX design, or chatbot conversation design.
testing
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add curiositech/windags-skills human-gate-designerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 2:14 PM8.2s1 file scanned
SKILL.md
- name:
- human-gate-designer
- license:
- Apache-2.0
- description:
- Designs human-in-the-loop review points for DAG workflows. Determines what to present to the human, how to collect feedback, and how to route approve/reject/modify decisions back into the DAG. Use when adding approval gates, designing review UX, or handling human feedback in agent workflows. Activate on "human review", "approval gate", "human-in-the-loop", "human gate", "approval workflow", "user review step". NOT for executing human gates at runtime (use dag-runtime with Temporal signals), general UX design, or chatbot conversation design.
- allowed-tools:
- Read,Write,Edit
- category:
- Agent & Orchestration
- - skill:
- reactflow-expert
- reason:
- Human gates are visualized as interactive approval nodes in DAG dashboards
Human Gate Designer
Designs human-in-the-loop review points in DAG workflows: what to present, how to collect feedback, how to route decisions back into the DAG.
When to Use
✅ Use for:
- Deciding WHERE in a DAG to place human gates
- Designing WHAT the human sees at each gate
- Defining HOW feedback routes back (approve/reject/modify)
- Balancing automation speed with human oversight
❌ NOT for:
- Runtime execution of human gates (use
dag-runtime+ Temporal signals) - General UI/UX design (use design skills)
- Chatbot conversation flow (different pattern)
Gate Placement Decision Tree
flowchart TD
A{Is the action irreversible?} -->|Yes| G1[Gate BEFORE the action]
A -->|No| B{Is output user-facing?}
B -->|Yes| G2[Gate AFTER generation, BEFORE delivery]
B -->|No| C{Cost > $0.50 for remaining nodes?}
C -->|Yes| G3[Gate at the cost threshold]
C -->|No| D{Confidence score < 0.7?}
D -->|Yes| G4[Gate on low-confidence outputs]
D -->|No| N[No gate needed]
Where to Place Gates
| Situation | Gate Position | Why | |-----------|-------------|-----| | Irreversible action (deploy, send email, submit) | Before the action | Can't undo | | User-facing deliverable (report, website, PR) | After generation, before delivery | Quality check | | High cost remaining (>$0.50) | Before expensive phase | Budget confirmation | | Low confidence output (<0.7) | After the uncertain node | Expert judgment needed | | Ambiguous task decomposition | After planning, before execution | Validate the plan | | First run of a new template DAG | After each phase | Build trust gradually |
Gate Presentation Design
What the Human Sees
┌──────────────────────────────────────────────────────┐
│ 🔍 Human Review: [Node Name] │
│ │
│ Context: [1-2 sentences: what happened so far] │
│ │
│ Output to Review: │
│ ┌──────────────────────────────────────────────────┐│
│ │ [The node's output, formatted for readability] ││
│ │ [Key decisions highlighted] ││
│ │ [Confidence: 0.82] ││
│ └──────────────────────────────────────────────────┘│
│ │
│ Cost so far: $0.08 / $0.50 budget │
│ Remaining nodes: 4 (est. $0.12) │
│ │
│ [✅ Approve] [✏️ Modify] [❌ Reject] │
│ │
│ If modifying, what should change? │
│ ┌──────────────────────────────────────────────────┐│
│ │ [text input for human feedback] ││
│ └──────────────────────────────────────────────────┘│
└──────────────────────────────────────────────────────┘
Presentation Principles
- Show context, not just output: The human needs to understand what the DAG has done so far, not just the current node's result.
- Highlight decisions: Bold or annotate the choices the agent made. These are what the human is actually reviewing.
- Show confidence: If the agent was uncertain, say so. Low-confidence outputs need more scrutiny.
- Show cost: The human should know what they've spent and what's remaining.
- Make "Modify" easy: A text input for feedback that gets injected into the retry prompt.
Feedback Routing
flowchart TD
H[Human decision] --> A{Decision?}
A -->|Approve| C[Continue to next wave]
A -->|Modify| M[Re-execute node with human feedback injected]
M --> V[Validate modified output]
V --> H
A -->|Reject| R{Reject scope?}
R -->|This node only| RN[Re-plan this node with different approach]
RN --> H
R -->|Entire phase| RP[Re-plan from last successful phase]
RP --> H
R -->|Abort DAG| AB[Stop execution, return partial results]
Feedback Injection
When the human selects "Modify," their text becomes part of the re-execution prompt:
Original task: [same as before]
Previous output: [the output the human rejected]
Human feedback: "[the human's modification text]"
Revise your output to address the human's feedback.
Preserve the parts they didn't comment on.
Anti-Patterns
Gate After Every Node
Wrong: Requiring human approval after every single node. Right: Gate only at irreversible actions, user-facing outputs, and low-confidence decisions. Most internal nodes need no gate.
Binary Approve/Reject Only
Wrong: The human can only approve or reject, with no way to provide specific feedback. Right: Always include a "Modify" option with a text input for targeted feedback.
No Context in the Gate
Wrong: Showing the human a raw JSON output with no explanation. Right: Show: what the DAG is doing, what happened so far, what this output means, what happens next if approved.
Output Contract
This skill produces:
- Skill/agent definition files following the standard skill format
- Configuration manifest with metadata, tool permissions, and activation triggers
- Integration tests validating skill behavior against expected outputs
- Documentation with usage examples and activation patterns
Related Skills
curiositech/circuit-breakers-and-retries
tools
VerifiedTrustedCommunity
Building resilient distributed systems with circuit breakers, retries with full-jitter exponential backoff, retry budgets (per-request 3-attempt + per-client 10% ratio per Google SRE), deadline propagation, and the cascading-failure math (4 layers × 3 retries = 64x amplification). Grounded in Resilience4j, Microsoft Cloud Patterns, AWS Architecture Blog (Marc Brooker), and Google SRE Book.
4SKILL.mdUpdated May 6, 2026
curiositech/cdn-cache-control-headers
testing
VerifiedTrustedCommunity
Designing HTTP cache headers that work correctly across browsers, CDNs, and shared proxies — `Cache-Control` directives per RFC 9111, `stale-while-revalidate` and `stale-if-error` per RFC 5861, the Vary header for varying responses, and surrogate keys for tag-based purging. Grounded in IETF RFCs and Cloudflare/Fastly docs.
4SKILL.mdUpdated May 5, 2026
curiositech/content-security-policy-headers
development
VerifiedTrustedCommunity
Use when designing or fixing a Content Security Policy on a real site, choosing between nonce-based and hash-based CSP, adding strict-dynamic, debugging "Refused to execute inline script" errors, deploying CSP in report-only mode first, configuring report-to / report-uri, or auditing an existing policy for unsafe-inline / unsafe-eval / wildcards. Triggers: "CSP blocks legitimate inline script", strict-dynamic, nonce-{RANDOM}, sha256-{HASH}, object-src none, base-uri none, frame-ancestors, Trusted Types, X-Content-Security-Policy obsolete, report-only vs enforced. NOT for general HTTP security headers (HSTS, COOP/COEP), Trusted Types deep dive, CORS configuration, or building a WAF.
3SKILL.mdUpdated May 4, 2026
curiositech/api-versioning-strategy
tools
VerifiedTrustedCommunity
Choosing and operating an HTTP API versioning strategy that doesn't break clients — Stripe's date-based pinned versions, the Deprecation/Sunset header pair (RFC 9745 + RFC 8594), URI vs header vs media-type approaches, and the version-transformer pattern. Grounded in Stripe's published architecture and IETF RFCs.
3SKILL.mdUpdated May 4, 2026