Mandatory Approval Gates
LangGraph's interrupt() suspends the agent state machine at risk thresholds. Continuation is impossible without a valid technician approval signal — enforced at the framework level, not application code.
Agentic IT Helper
An AI agent that diagnoses and fixes IT problems — and cannot take action without your explicit authorization.
Agentic IT Helper is a research project into a genuinely difficult problem: how do you give an AI agent real diagnostic and remediation capabilities on a computer, without the risk of it taking an action you didn't intend? The answer here is architectural — not a warning prompt, not a disclaimer bolted onto existing behavior, but a system that is physically incapable of proceeding past certain actions without a human decision.
Built on LangGraph's agentic framework with its interrupt() mechanism, the system introduces mandatory approval gates directly into the agent's state machine. The agent can triage an issue, run read-only diagnostics, and formulate a complete remediation plan — but executing that plan on medium, high, or critical-risk actions requires a technician to review and sign off on each step before it executes.
The platform connects a native desktop client application (built with Tauri for real OS-level integration) to a backend agent server and a separate technician dashboard. IT support becomes a supervised collaboration: an AI that brings diagnostic breadth and recall, and a human who holds sole authority to act.
Trust Architecture
Four-tier risk classification
Every action the agent can take is classified into one of four risk tiers. The tier determines what authorization is required — not what the agent wants to do.
Auto-Approved
Observe / Low
Reading system logs, checking running processes, clearing temp files, gathering diagnostic information. These actions are read-only or trivially reversible — the agent proceeds without asking.
read_event_logs get_disk_usage list_startup_items Technician Approval
Medium
Driver updates, firewall rule changes, service restarts, software installation. Meaningful changes to the system that require a technician to review the proposed action before it runs.
update_driver modify_firewall_rule restart_service Approval + Confirm
High
Registry edits, permission changes, core system modifications. Requires technician approval and an additional explicit confirmation step — two gates before execution.
edit_registry_key modify_permissions Never Automated
Critical
OS-level changes, disk operations, system reinstallation. These are never automated by the agent under any circumstances. The agent can recommend; only a human can act.
format_partition reinstall_os Architecture
Supervised by design, not by policy
The agent's workflow is implemented as a LangGraph state machine with explicit interrupt() calls at each action crossing a risk threshold. The interrupt literally suspends graph execution and waits — it is not a soft check or a configurable warning. The agent cannot proceed until a technician sends an approval signal, which is validated server-side before resumption.
Three AI models handle different phases of the workflow, optimized for cost and capability. Qwen 2.5 handles fast initial triage and classification — cheap, low-latency, good enough for routing decisions. Claude Sonnet handles complex reasoning and risk assessment — thorough, expensive, deployed only where it matters. Claude Haiku manages conversational summaries and user-facing communication.
The desktop client is built with Tauri — a Rust-based framework that produces a native application with access to OS-level APIs, rather than an Electron app that embeds an entire browser engine. Real integration with the Windows and macOS permission models, a smaller binary, lower memory footprint, and better security posture.
Technical Stack
- Python + FastAPI Agent server and REST API
- LangGraph Agentic state machine with interrupt()
- SvelteKit Technician web dashboard
- Tauri (Rust) Native desktop client app
- PostgreSQL + Redis Persistence and queue management
- Claude Sonnet + Haiku Complex reasoning and conversation
- Qwen 2.5 (Cloudflare AI) Fast triage and classification
22 Diagnostic and remediation tools
23 Passing tests (unit + integration)
System Design
Capabilities and constraints
Real-Time WebSocket Updates
The desktop client maintains a persistent WebSocket to the agent server — receiving live status updates, diagnostic findings, and approval requests without polling.
Native Desktop Client
Built with Tauri — a Rust-backed framework producing a genuine native application with OS-level API access, not an Electron wrapper. Better security posture, smaller binary, lower memory footprint.
Technician Dashboard
A SvelteKit web dashboard gives technicians a real-time view of the issue queue, pending approvals, agent reasoning, and full action audit trail — accessible from any browser.
Multi-Model Routing
Three AI models serve distinct roles: a fast, inexpensive model for triage routing; a capable frontier model for complex diagnostic reasoning; a lighter model for natural conversation management. Each request routes to the minimum necessary capability.
22 Diagnostic Tools
A curated set of read and write tools covering the most common IT support tasks on Windows and macOS — from event log analysis and network diagnostics to driver management and service control.
In Research
AI assistance with a human in the loop — always.
The Agentic IT Helper is part of our broader research into supervised AI systems — where the question is not whether AI can perform a task, but how to deploy it in a way that keeps a human meaningfully in control of the outcomes that matter.