Simulate Before Actuate

Problem

Letting the agent commit irreversible actions on a single proposal exposes the system to silent, hard-to-rollback damage. Pure human-in-the-loop is too slow for the volume; pure trust-the-agent is too dangerous. Recent practitioner write-ups (Joakim Vivas' '17 agentic architectures' survey) and the arXiv 'Architectures for Building Agentic the model' chapter and 'Deterministic Pre-Action Authorization' preprint converge on a deterministic simulation step: run the proposed action against a digital twin, sandbox replay, or dry-run flag; compute the resulting state and the diff; require sign-off on the diff before committing.

Solution

Decompose the action surface: for each irreversible tool, define a faithful simulator (digital twin, sandbox replay, dry-run mode, snapshot DOM for web, transactional rollback for DBs). Wrap the tool so every call runs simulation → verifier → execute. The verifier is automated where the invariants can be encoded (no destructive deletes without explicit flag, no out-of-budget transfers) and falls back to human-in-the-loop where they cannot. Where no simulator exists, refuse to call without HITL approval.

When to use

• Agent has tools whose actions are irreversible or expensive to undo (DB mutations, deletes, payments, infrastructure changes, browser writes on live sites).
• Action surface has a faithful simulator available (digital twin, dry-run flag, sandbox replay, transactional rollback).
• Production volume is too high for blanket human-in-the-loop but errors are too costly to trust pure agent autonomy.
• Verifier invariants can be encoded (budget caps, no destructive deletes without flag, allow-listed recipients).