You're deployed at a customer whose agent will take real actions (issuing credits, closing accounts, sending external emails). They want autonomy where it's safe and human approval where it's risky. Design a human-in-the-loop system: how actions are classified by risk, how approvals are requested and tracked, what happens on timeout, and how it's audited. AI tools are allowed. Then explain the design to the customer's risk officer.