agenticlately · GH-600 Study Prep
Home Phase B Lesson 2.8
PHASE B · LESSON 2.8 · closes Domain 2

Escalation + traceability/accountability

Two things make autonomy trustable. Escalation — knowing when to hand control back to a human instead of acting. Traceability — leaving a record complete enough that every agent action can be traced to an owner and reviewed. Together they close Domain 2.

~11 minread 4quiz questions Tier 1source cited
Story

Two things separate a professional crew from a liability. First: when a worker hits something above their pay grade — a crack in a load-bearing wall, a permit question — they don't guess and plough on. They call the foreman. Second: every job goes in a signed logbook — who did what, when, approved by whom — so months later you can answer "who changed this, and why?"

An agent needs both. Escalation = knowing when to hand control back to a human. Traceability/accountability = leaving a record complete enough to trace every action to an owner and review it. Together they make autonomy trustable — and they close Domain 2.

The idea, in plain English

Two official sub-skills:

These are the human-in-the-loop and after-the-fact halves of safety (2.7 was the in-the-moment half).

Escalation — hand it back to a human

Traceability + accountability — the record

Because every API call is authenticated, every agent action is permission-controlled and leaves an audit trail — the foundation of accountability. The records:

RecordWhat it gives you
Session logwatch progress live; see each action. CLI logs in ~/.copilot/logs/ (--log-level, bundle to a gist)
sessionStart/sessionEnd hookslifecycle markers with a sessionId; sessionEnd reason (complete/error/timeout/…)
The pull requestthe durable, reviewable record of what changed and why — the review gate
Workflow run logswhat executed, in Actions (the four non-negotiables)
Artifact attestationstamper-proof provenance — links to the producing workflow, OIDC-signed
The throughline

authenticated → permission-controlled → logged → PR-reviewed means you can always answer "which agent/run did this, under what permissions, and who approved it?" — the same accountability you'd demand of a human contributor (lesson 1.3).

Worked example — autonomous, accountable, escalatable

---
on: { schedule: nightly }
permissions: { contents: read, pull-requests: write }
environment: production      # ← environment protection: required reviewers must APPROVE
safe-outputs: { create-pull-request: true }   # proposes a PR; never merges itself
---
Propose dependency bumps as a PR.

Read it as a sentence: "Run nightly, open a PR (never merge), and gate anything touching production behind required-reviewer approval."

One-look contrast

escalation = the human gate (PR review + environment required reviewers) · traceability = the trail (session log + run log + the PR + attestations) that proves who did what.

The cert-language version

Escalation routes decisions back to a human — the PR review gate and environment protections (required approvals for sensitive operations) are the enforcement points; hooks can interrupt/notify to hand back. Traceability/accountability follows from every action being authenticated → permission-controlled → audited: the session log, workflow run logs, the PR, and artifact attestations together let you attribute and review every agent action.

Our summary · grounded in MS Learn — Agent tooling, MCP, and execution environments (+ Knowledge Check) + GitHub Docs (Copilot CLI/hooks, artifact attestations, environments) · fetched 2026-05-30

Common confusions (read these or lose points)

Ticks this lesson done on the home roadmap. Saved in this browser.

Quiz · Lock it in

0 / 0 answered
Q1 · multiple choice

What is the primary gate where a human reviews and approves an agent's changes before they land?

Answer · B. The PR is the review/validation gate (KC Q4). For sensitive/prod operations, environment protections add required-reviewer approvals on top.
Q2 · multiple choice

Why can every agent action be attributed and audited?

Answer · C. Authenticated calls → permission-controlled, audited actions. With session logs, workflow run logs, the PR, and attestations you can trace which run did what, under what permissions, approved by whom.
Q3 · multiple choice

Which mechanism enforces human approval before a sensitive (e.g. production) operation proceeds?

Answer · D. Environment protections require approvals and protect sensitive operations (KC Q8) — the enforcement point for human sign-off, often paired with the agent producing only a PR.
Q4 · explain back

In your own words: distinguish escalation from traceability, and give one mechanism for each plus one tamper-proof provenance record.

Suggested answer

Escalation = handing a decision back to a human instead of acting — mechanism: the PR review gate and environment protections (required reviewers), or a hook that denies + interrupts. Traceability/accountability = making every action visible and attributable after the fact — mechanism: the session log / workflow run logs / the PR, all resting on authenticated, audited API calls. Tamper-proof provenance: artifact attestations (OIDC-signed, linked to the producing workflow).


  


  
  

  

    Source · MS Learn — Agent tooling, MCP, and execution environments + GitHub Docs (Copilot CLI/hooks, artifact attestations, environments) · fetched 2026-05-30
  


  
Unofficial study material. Not affiliated with, endorsed by, or sponsored by GitHub or Microsoft. “GH-600” and “GitHub” are trademarks of their respective owners, used for identification only.