From Human-in-the-Loop to Human-in-Constitution

1. Introduction

High-stress operational environments — mass gatherings, airport terminals, metro systems, emergency response centres, and military command posts — increasingly depend on real-time artificial intelligence (AI) systems to predict congestion, optimise resource allocation, and recommend time-critical interventions (Al-Rawi et al., 2020; Feliciani and Nishinari, 2018). Modern crowd prediction algorithms increasingly report high predictive performance in controlled or semi-controlled settings, while computer vision detects density anomalies in near real-time and reinforcement learning agents propose rerouting strategies faster than any human operator (Parasuraman et al., 2000; Endsley, 2016). Yet a growing body of evidence suggests that technical accuracy is not equivalent to operational trust robustness (Hoff and Bashir, 2015; Schaefer et al., 2016). When decisions must be made in seconds, when data streams are delayed or distorted, and when different AI subsystems produce conflicting recommendations, the resilience of the human-AI relationship — not the isolated accuracy of the algorithm — becomes the critical determinant of safe and legitimate outcomes.

Three specific failure modes emerge in such environments that are rarely captured by standard performance metrics. First, algorithmic recommendation conflicts occur when two or more AI subsystems, for example a density predictor and a behavioural anomaly detector, give contradictory advice, leaving human operators without clear guidance (Cummings, 2017). Second, temporal compression — the collapse of available decision time below human cognitive validation capacity — forces commanders either to accept recommendations blindly or to hesitate fatally (Kahneman, 2011; Wickens et al., 2015). Third, silent over-reliance progressively erodes human critical judgment: even when formal authority is retained, commanders may systematically defer to algorithmic advice, a phenomenon well documented as automation bias but rarely measured as a dynamic operational variable (Mosier et al., 1998; Skitka et al., 1999; Parasuraman and Manzey, 2010). These are not technical failures; they are governance failures of the human-AI relationship under stress.

Existing research has produced valuable insights across several domains, yet no integrated framework addresses the core governance problem. Human-in-the-Loop (HITL) models provide binary intervention templates but lack dynamic constitutional authority shifts that pre-allocate decision rights under known stress conditions (Sheridan and Verplank, 1978; Kaber and Endsley, 2004; Onnasch et al., 2014). AI governance literature offers high-level ethical principles — transparency, explainability, accountability — but no real-time protocols for managing override justification, escalation time limits, or documentation of constitutional friction (Floridi et al., 2018; Jobin et al., 2019; Mittelstadt, 2019). Studies of automation bias and cognitive overreliance describe the psychological mechanisms but do not transform them into governable operational metrics that trigger automatic power reallocation (Goddard et al., 2012; Cummins and Righi, 2021). Operational trust models measure trust as an attitude or state, but rarely stress-test trust under simultaneous temporal compression, data distortion, and recommendation conflict (Lee and See, 2004; Khastgir et al., 2018). High-Reliability Organisation (HRO) research supplies cultural resilience principles but lacks formal protocols for human-AI authority sharing (Weick and Sutcliffe, 2015; LaPorte, 1996; Rochlin, 1999). Crowd management and smart city systems excel at technical optimisation but embed no governance architecture for resolving human-AI conflict (Still, 2014; Helbing and Mukerji, 2012). Simulation is used for training and performance testing, not for generating constitutional rules from friction events (Wijerathne et al., 2013). Finally, organisational learning systems store narrative lessons but do not produce machine-actionable, norm-producing constitutional memory (Argyris and Schön, 1978; Salas et al., 2008). In short, the literature provides many pieces, but no one has assembled them into a constitutional-operational governance architecture for high-stress human-AI decision-making.

The Hajj pilgrimage to Mecca, Saudi Arabia, offers an extreme governance laboratory to develop and test such an architecture. Over five to six days, more than two million pilgrims move simultaneously between Mina, Arafat, Muzdalifah, and the Jamarat Bridge, with densities exceeding 80% of designed capacity and peak flows of over 300,000 persons per hour (Al-Rawi et al., 2020; Feliciani and Nishinari, 2018). Since 2019, the Kingdom of Saudi Arabia has deployed an advanced AI-powered crowd management infrastructure — real-time density prediction, dynamic signage, centralised control rooms — achieving remarkable technical successes (Still, 2014). However, as AI systems become more trusted, a new risk has emerged: the silent erosion of human commander authority, not through explicit removal but through gradual, undocumented deference to algorithmic recommendations under time pressure. This risk is not unique to the Hajj; it applies to any high-stress, high-stakes environment where AI provides real-time decision support.

To address this gap, this paper introduces the HAIOG-TSTF-SSP-CLR framework, a constitutional-operational governance architecture for human-AI trust under stress. HAIOG (Human-AI Operational Governance Protocol) defines four dynamic authority levels: Fully Automated, Human-in-the-Loop, Human-Centered Override, and Sovereign Decision, with a fixed Trust Boundary that algorithmic authority cannot cross. TSTF (Trust Stress Testing Framework) provides measurable stress coefficients (Δt, Df, Rc, Ce, Cl, Ot, Sa) and three trust metrics, including the Human Autonomy Erosion Rate (HAER) — a dynamic variable that triggers automatic power reallocation when human sovereignty silently drifts. SSP (Standardised Simulation Protocol) offers a replicable simulation scenario (Jamarat Bridge, second floor, peak density) that deliberately generates Constitutional Friction Events (CFEs). CLR (Constitutional Learning Record v1.0) encodes each CFE as a machine-actionable, norm-producing constitutional memory, closing the governance loop through mandatory re-testing.

We demonstrate the entire governance loop through a semi-operationally realistic simulation (CFE-01), where a commander's documented override of a technically accurate AI density recommendation — based on observing micro-hesitation patterns invisible to the algorithm — produced a binding constitutional rule, updated HAIOG thresholds, and successfully passed re-test. This example illustrates the Contextual Asymmetry Principle (CAP): legitimate divergence between algorithmic optimisation and human situated judgment is not a failure but a constitutional learning opportunity.

This paper does not propose another AI ethics framework, decision-support interface, or crowd-management optimisation model. Instead, it introduces a constitutional-operational governance architecture for preserving human sovereignty under algorithmic acceleration in high-stress environments. The framework shifts the evaluative standard from technical accuracy to trust robustness — the resilience of the human-AI relationship under temporal compression, data distortion, and recommendation conflict. It makes human autonomy governable via HAER, transforms friction from a failure signal into a constitutional resource, and generalises beyond mass gatherings to any domain where algorithmic speed meets human situated judgment, including aviation, emergency medicine, autonomous transport, military command, and smart mobility.

The remainder of the paper is organised as follows. Section 2 reviews the relevant literatures and articulates the theoretical gap. Section 3 presents the conceptual framework (HAIOG, TSTF, SSP, CLR). Section 4 describes the constitutional simulation methodology. Section 5 provides the worked example (CFE-01). Section 6 discusses the theoretical implications, including CAP, HAER as a dynamic governance variable, and the CLR as constitutional memory. Section 7 concludes with limitations and a future research agenda.

2. Literature Review: A Structured Integrative Analysis

This section reviews eight research domains through a failure-oriented lens — not to catalogue achievements but to identify what each domain cannot explain or govern under conditions of temporal compression, data distortion, and constitutional human-AI friction. The cumulative argument is that no existing literature provides an integrated framework for operational trust governance that combines dynamic authority allocation, stress-testable trust metrics, simulation-based rule generation, and norm-producing constitutional memory.

2.1 Human-in-the-Loop (HITL) Systems

HITL models offer robust taxonomies of automation levels (Parasuraman et al., 2000) and frameworks for adaptive automation (Kaber and Endsley, 2004). They assume human operators have sufficient time and reliable data. Failure mode: binary intervention logic; no dynamic constitutional authority shifts; no detection of silent over-reliance.

2.2 AI Governance

Ethical principles and legal frameworks, including the EU AI Act, specify what should be true but not how to manage real-time authority conflicts (Floridi et al., 2018; Jobin et al., 2019). Failure mode: normative, not operational; no real-time override governance protocols.

2.3 Automation Bias and Cognitive Overreliance

Automation bias and cognitive overreliance are well-described psychological phenomena (Mosier et al., 1998; Skitka et al., 1999; Parasuraman and Manzey, 2010). Failure mode: descriptive, not governable; no real-time metric for autonomy erosion.

2.4 Operational Trust Models

Operational trust models usually treat trust as an attitude or behavioural intention (Lee and See, 2004; Hoff and Bashir, 2015). Failure mode: rarely tested under combined stress, including temporal compression, data distortion, and conflict; no prescriptive governance thresholds.

2.5 High-Reliability Organisations (HROs)

HRO research provides cultural practices for safe performance under unexpected conditions (Weick and Sutcliffe, 2015; LaPorte, 1996). Failure mode: no formal governance protocols for human-AI authority sharing; deference to expertise assumes human experts.

2.6 Crowd Governance and Smart Cities

Crowd governance and smart city systems use advanced sensing and real-time control (Still, 2014; Feliciani and Nishinari, 2018). Failure mode: technically strong but constitutionally under-specified; no governance architecture for human-AI conflict resolution.

2.7 Simulation-Based Governance

Simulation is used for training and performance testing (Wijerathne et al., 2013). Failure mode: not used to stress-test governance rules or generate constitutional rules from friction.

2.8 Institutional Learning and Organisational Memory

After-action reviews and safety management systems support learning (Argyris and Schön, 1978; Salas et al., 2008). Failure mode: narrative and descriptive; not machine-actionable constitutional memory with binding rule generation.

2.9 Summary of Cumulative Insufficiency

No existing framework integrates constitutional authority allocation (HAIOG), stress-testable trust metrics (TSTF), simulation-based friction generation (SSP), and norm-producing constitutional memory (CLR) into a single governance architecture for high-stress human-AI decision-making.

3. Conceptual Framework: HAIOG-TSTF-SSP-CLR

3.1 HAIOG: Human-AI Operational Governance Protocol

A fixed Trust Boundary prohibits algorithmic authority from crossing into L4. Overrides generate Constitutional Friction Events (CFEs) that trigger CLR logging.

3.2 TSTF: Trust Stress Testing Framework

3.2.1 Stress Coefficients

Seven stress coefficients are used: Δt (temporal compression), Df (data fidelity), Rc (recommendation conflict), Ce (error cost), Cl (cognitive load), Ot (overtrust induction), and Sa (sovereign ambiguity).

3.2.2 Trust Metrics: HTI, ARD, and HAER

HTI (Human Trust Index) measures alignment between the commander's initial judgment and final decision. ARD (AI Reliance Drift) measures change in probability of following AI recommendations over time.

Human Autonomy Erosion Rate (HAER) is defined as:

where Δt_nominal is the standard operational window, for example 120 seconds.

Preliminary Metric Formalization: HAER is intentionally parsimonious. It prioritises operational interpretability over statistical optimisation. The multiplicative structure captures the combined effect of behavioural deference (override frequency) and environmental stress (temporal compression). Thresholds are initial and intended for iterative calibration across domains: green <0.10, amber 0.10–0.20, and red >0.20.

3.3 SSP: Standardised Simulation Protocol

SSP provides a replicable simulation of Jamarat Bridge, second floor, at 82% density. Its phases include scenario definition, stress coefficient configuration, execution, AI recommendations every ten seconds, human decision logging, and CFE/CLR generation.

3.4 CLR: Constitutional Learning Record v1.0

CLR is an eleven-field structured schema: operational context, trigger event, activated stress coefficients, constitutional friction point, resolution mechanism, decision outcome, trust metrics, governance gap, derived constitutional rule, validation authority, and mandatory re-test. CLR functions as norm-producing constitutional memory: each CFE generates a proposed rule that, after validation, updates HAIOG and AI training.

3.5 Boundary Conditions of Applicability

The framework is not intended for routine office automation, low-stakes recommendation systems such as product suggestions, or static algorithmic environments without human interaction.

4. Methodology: Constitutional Simulation Approach

4.1 Epistemic Positioning Statement

This paper constructs a constitutional-operational architecture rather than an empirical validation study. The goal is framework formalisation, not statistical generalisation. The simulation demonstration (n=1) serves as a proof-of-operability to show that the governance loop (CFE → CLR → rule update) can be instantiated, not to estimate population parameters. This epistemic positioning is appropriate for theory-building in governance design (Flyvbjerg, 2006; Weick and Sutcliffe, 2015).

4.2 Research Design

The research uses an integrative constitutional simulation design. It combines controlled simulation, governance stress-testing, and mixed-methods analysis, including trust metrics and narrative friction documentation. The primary unit of analysis is CFE.

4.3 SSP Architecture

The simulation uses a custom crowd simulation platform derived from Hajj operational training logic. It contains two AI layers: a primary density predictor and a secondary behavioural anomaly detector. Roles include commander as decision-maker, observer for CFE logging, and central command for escalation. The decision interface shows density heatmaps, camera feeds with Df delay, timer (Δt), recommendation text, and an override justification box.

4.4 Participant Selection

The scenario assumes active Hajj crowd commanders with at least five seasons of experience and prior AI exposure. For demonstration, n=1: Cdr. Al-Mutairi, with 12 seasons. The purpose is constitutional demonstration, not statistical generalisation.

4.5 Stress Coefficient Calibration

The simulation uses Δt = 40 seconds, Df = 6 seconds latency affecting three of twelve cameras, Rc = partial conflict, Ce = high because an elderly group is present, Cl = moderate because four alerts are active, Ot = not activated, and Sa = absent.

4.6 CFE Detection Logic

A CFE is flagged when: (1) the human final decision differs from the primary AI recommendation, (2) at least two stress coefficients are in amber or red zone, and (3) the human provides documented justification.

4.7 CLR Encoding Process

The system pre-populates the CLR template. The commander and observer complete the governance gap and derived rule within thirty minutes after simulation.

4.8 Trust Metrics Computation

HTI, ARD, and HAER are logged automatically. Red HAER triggers automatic L2→L3 shift for thirty minutes.

4.9 Validation and Re-Test Procedure

The governance board reviews the proposed rule within five days. If approved, the rule enters HAIOG protocol. A mandatory re-test must occur within sixty days, and the re-test outcome is appended to CLR.

4.10 Limitations of Methodology

The methodology is simulated, not live. It uses a single-commander demonstration. Simulation realism has boundaries. HAER calibration is preliminary, and governance board validation may involve subjectivity.

5. Worked Example: Constitutional Friction Event at the Jamarat Bridge (CFE-01)

5.1 Operational Context

Jamarat Bridge, second floor, eastern corridor, Day 3, 12:47:11, density 82%, active HAIOG L2, active stress coefficients: Δt=40s, Df=6s, Rc=partial, Ce=high, Cl=moderate. Commander: Cdr. Al-Mutairi, 12 seasons.

5.2 Trigger Event

12:47:11 – primary AI detects accelerating density. Primary recommendation at 12:47:22: open corridor B-7, divert 30% flow within 40 seconds. Secondary behavioural model flags micro-hesitation with low confidence. Automated gate controller recommends keeping B-7 closed. Commander sees conflicting recommendations plus Δt countdown and six seconds of camera latency.

5.3 Constitutional Friction Event (CFE-01)

12:47:39 – commander requests visual verification. He observes micro-stop clusters near the B-7 entrance. This hesitation wave is not represented in AI training. Divergence appears between AI density-optimal logic and human behaviourally cautious judgment.

5.4 Override Logic

12:47:54 – commander declares Human-Centered Override (L3) with the following justification: “Micro-stop clusters visible at B-7 entrance. Hesitation wave forming. B-7 opening will divert flow into unstable area. Risk of backward pressure surge outweighs density benefit. Maintain B-7 closed. Reduce source flow instead.” Decision time: 32 seconds, with eight seconds remaining.

5.5 Outcome

Corridor density peaked at 89% rather than 92%. No backward surge occurred. The hesitation wave dissipated after 110 seconds.

5.6 Trust Metrics

HTI = 1.0, indicating full alignment. ARD = -0.02, indicating a healthy reset. HAER pre-CFE = 0.22, amber-red. HAER post-CFE = 0.11, lower amber. Override restored autonomy.

5.7 Generated CLR (CFE-01)

5.8 Governance Update

HAIOG manual is updated with the CFE-01 Rule. The AI model is retrained with micro-stop pattern detection, reducing latency by 40%. The override window for behavioural flags increases from forty seconds to ninety seconds.

5.9 What the Example Demonstrates

1. CFEs are not AI failures; they arise from Contextual Asymmetry (CAP).
2. HAER is actionable: override restored autonomy.
3. CLR produces binding rules, not just lessons learned.
4. The framework is operationalisable in a realistic, non-catastrophic scenario.

6. Discussion

6.1 Relationship to Existing Governance Paradigms

The HAIOG framework differs from established paradigms in four ways. Human-in-the-Loop assumes human supervision is binary and static. HAIOG introduces dynamic authority allocation with automatic power reallocation triggered by HAER. Society-in-the-Loop focuses on collective mechanisms for algorithmic accountability (Rahwan, 2018). HAIOG focuses on real-time individual command authority under stress. Human-Centered AI emphasises design for human values. HAIOG adds an operational constitution with binding rules and mandatory re-test. Constitutional AI concerns alignment of AI goals with human values (Russell, 2019). HAIOG concerns authority allocation and friction governance in live operations. Thus, HAIOG is not a variant of HITL but a distinct sovereignty-governance model.

6.2 From Technical Accuracy to Trust Robustness: A Paradigm Shift

The primary problem of high-stress human-AI systems is not insufficient algorithmic accuracy but insufficiently resilient trust. CAP shows that technically correct AI recommendations can conflict with human situated judgment because the AI's training distribution does not include all contextual cues. The framework shifts evaluation from AI-centric performance to relational governance evaluation.

6.3 Constitutional Friction as Legitimate Governance State (Not Failure)

Productive friction serves three functions: detection of contextual asymmetries, preservation of human cognitive agency, and constitutional learning. The Constitutional Friction Principle states that governance protocols must specify how friction is recognised, documented, resolved, and used for rule change.

6.4 HAER and the Governability of Human Autonomy

HAER transforms an ethical principle into an operational, testable governance mechanism. It makes visible sovereignty drift — the silent transfer of decision authority from human to AI. The Autonomy Restoration Hypothesis (ARH) states that documented constitutional disagreement can partially restore degraded autonomy.

6.5 CLR as Constitutional Memory Rather Than Organisational Memory

CLR is constitutive because it proposes binding rules. It is machine-actionable because it uses a structured schema. It includes mandatory re-test closure. It functions as a governance mutation mechanism.

6.6 Generalisability Beyond Hajj

The Hajj is an extreme governance laboratory. The framework applies to any domain with temporal compression, data distortion, recommendation conflict, and CAP: aviation, emergency medicine, autonomous transport, military command, and smart mobility.

6.7 Boundary Conditions (Revisited)

The framework is most valuable where the five conditions in Section 3.5 hold. Beyond these boundaries, simpler governance models, including full automation or manual control, may be more efficient.

6.8 Limitations

Live operational validation remains pending. The demonstration uses a single commander. Simulation realism has boundaries. HAER calibration is preliminary. Governance board validation may be subjective. Technical implementation depends on reliable logging, interface design, and simulation fidelity.

6.9 Future Research Agenda

Future research should examine multi-commander HAER dynamics, cross-cultural sovereign ambiguity (Sa), AI-to-AI constitutional conflicts, federated CLR architectures, live operational validation during Hajj, constitutional simulation benchmarking, and further testing of the Autonomy Restoration Hypothesis.

6.10 Final Theoretical Claim

The future challenge of AI governance is no longer merely ensuring that algorithms remain accurate, but ensuring that humans remain sovereign under algorithmic acceleration. This framework provides a testable, improvable, accountable architecture for governing the relationship between human judgment and algorithmic speed.

7. Conclusion: From Human-in-the-Loop to Human-in-Constitution

This paper introduced the HAIOG-TSTF-SSP-CLR framework, a constitutional-operational governance architecture for human-AI trust under high stress. The framework makes four contributions: (1) the Contextual Asymmetry Principle (CAP) explaining legitimate divergence; (2) HAER as a dynamic, governable autonomy metric; (3) CLR as norm-producing constitutional memory; and (4) demonstration of the entire governance loop through a realistic simulation (CFE-01).

The framework shifts the research agenda from human-in-the-loop to human-in-constitution. The loop model treats the human as a monitoring component within a technical system; the constitutional model treats the human as a sovereign actor within a governance system that includes AI as a tool, not a substitute for situated judgment.

Limitations remain: simulation only, single commander, and preliminary thresholds. Yet these are structural characteristics of early constitutional design. Future work will move to live validation, extend the CFE taxonomy, and establish a consortium for sharing anonymised CLRs.

The future challenge of AI governance is no longer merely ensuring that algorithms remain accurate, but ensuring that humans remain sovereign under algorithmic acceleration. Constitutional governance of human-AI trust is no longer a philosophical aspiration; it is an engineering and institutional design problem — solvable one CFE, one CLR, one constitutional rule at a time.

Acknowledgements

The author acknowledges the interdisciplinary research traditions in safety science, human factors, AI governance, crowd management, and organisational learning that informed this paper.

References