ExamplescriptintermediateRunnablehuman-approval

Banking Assisant

Runnable example (intermediate) for script using pydantic, python-dotenv.

Key Facts

Level: intermediate
Runtime: Python • Pydantic + Python Dotenv
Pattern: Inspectable flow with visible system boundaries
Interaction: Live sandbox • Script
Updated: 14 March 2026

Navigate this example

Library
Browse examples
Reopen the wider library to compare adjacent patterns and linked learning paths.
Interaction
Run sandbox now
Try the interaction directly in this example’s guided sandbox surface.
Source
Open full source
Read the real implementation, highlighted checkpoints, and runtime requirements.
MCP
Call via MCP
Use the same resource inside agents, deterministic exports, and MCP setup flows.

Linked principles

Apply progressive disclosure to system agency Establish trust through inspectability Make hand-offs, approvals, and blockers explicit Represent delegated work as a system, not merely as a conversation

High-level flow

How this example moves from input to execution and reviewable output

Banking Assisant -> User request -> System execution -> Reviewable output -> Apply progressive disclosure to… -> Establish trust through inspectability

Start

Banking Assisant

Checkpoint

User request

Outcome

System execution

Why this page exists

This example is shown as both real source code and a product-facing interaction pattern so learners can connect implementation, UX, and doctrine without leaving the library.

Visual flowReal sourceSandbox or walkthroughMCP access

How should this example be used in the platform?

Use the sandbox to understand the experience pattern first, then inspect the source to see how the product boundary, model boundary, and doctrine boundary are actually implemented.

UX pattern: Inspectable flow with visible system boundaries

Apply progressive disclosure to system agency

Establish trust through inspectability

Make hand-offs, approvals, and blockers explicit

Source references

Library entry: frameworks-pydantic-ai-5-tools-and-toolsets-human-in-the-loop-2-banking-assisant
Source path: content/example-library/sources/frameworks/pydantic-ai/5-tools-and-toolsets/human-in-the-loop/2-banking-assisant.py
Libraries: pydantic, python-dotenv
Runtime requirements: Local repo environment
Related principles: Apply progressive disclosure to system agency, Establish trust through inspectability, Make hand-offs, approvals, and blockers explicit, Represent delegated work as a system, not merely as a conversation

2-banking-assisant.py

content/example-library/sources/frameworks/pydantic-ai/5-tools-and-toolsets/human-in-the-loop/2-banking-assisant.py

python

import nest_asyncio
from dataclasses import dataclass
from typing import Union
from pydantic import BaseModel
from rich.console import Console
from rich.panel import Panel
from rich.prompt import Confirm
from pydantic_ai import Agent, RunContext, ToolDenied
from pydantic_ai.messages import ModelMessage
from dotenv import load_dotenv

# Specific imports for human-in-the-loop
from pydantic_ai import ApprovalRequired, DeferredToolRequests, DeferredToolResults

load_dotenv()

# Apply nest_asyncio for interactive environments
nest_asyncio.apply()

# Initialize rich console for better UI
console = Console()


class BankAccount:
    def __init__(self, balance: float = 1000.0):
        self.balance = balance

    def withdraw(self, amount: float) -> float:
        if amount > self.balance:
            raise ValueError("Insufficient funds")
        self.balance -= amount
        return self.balance


class Contact(BaseModel):
    name: str
    account_number: str


@dataclass
class Deps:
    account: BankAccount
    contacts: dict[str, Contact]


# Define the agent
# We specify output_type to include DeferredToolRequests so type inference works
agent = Agent(
    "openai:gpt-5.1-chat-latest",
    deps_type=Deps,
    output_type=Union[str, DeferredToolRequests],
    instructions=(
        "You are a helpful banking assistant. "
        "You can check balances, list contacts, and transfer money. "
    ),
)


@agent.tool
def check_balance(ctx: RunContext[Deps]) -> str:
    """Check the current account balance."""
    return f"Current balance: ${ctx.deps.account.balance:.2f}"


@agent.tool
def search_contacts(ctx: RunContext[Deps]) -> list[str]:
    """Search for contacts by name."""
    return ctx.deps.contacts


@agent.tool
def transfer_money(ctx: RunContext[Deps], amount: float, contact_name: str) -> str:
    """Transfer money to another account. Use the search_contacts tool to browse the list of contacts."""
    try:
        contact = ctx.deps.contacts[contact_name]
    except KeyError:
        return f"Contact '{contact_name}' not found."

    if amount > 100 and not ctx.tool_call_approved:
        raise ApprovalRequired(
            metadata={
                "amount": amount,
                "to_account": contact.name,
                "account_number": contact.account_number,
                "risk_level": "high" if amount > 1000 else "medium",
            }
        )

    try:
        new_balance = ctx.deps.account.withdraw(amount)
        return f"Successfully transferred ${amount:.2f} to {contact.name} ({contact.account_number}). New balance: ${new_balance:.2f}"
    except ValueError as e:
        return f"Transfer failed: {str(e)}"


def main():
    contacts = {
        "Alice": Contact(name="Alice", account_number="1234567890"),
        "Bob": Contact(name="Bob", account_number="1234567891"),
        "Charlie": Contact(name="Charlie", account_number="1234567892"),
    }

    deps = Deps(
        account=BankAccount(balance=1000.0),
        contacts=contacts,
    )

    console.print(
        Panel.fit(
            "🏦 Banking Assistant",
            style="bold blue",
        )
    )
    console.print("Type 'quit' to exit. Try asking: 'Transfer $500 to Alice'")

    # Keep track of message history to resume conversations
    message_history: list[ModelMessage] = []

    while True:
        try:
            user_input = console.input("\n[bold green]User > [/bold green]")
            if user_input.lower() in ("quit", "exit"):
                break

            # Run the agent
            # Pass existing message history to maintain context
            result = agent.run_sync(
                user_input, deps=deps, message_history=message_history
            )

            # Check if the agent stopped for tool approval
            if isinstance(result.output, DeferredToolRequests):
                requests = result.output

                # Create a results object to hold our approvals/denials
                tool_results = DeferredToolResults()

                # Iterate through all calls requiring approval
                for approval in requests.approvals:
                    tool_name = approval.tool_name
                    tool_args = approval.args
                    tool_id = approval.tool_call_id
                    metadata = requests.metadata.get(tool_id, {})

                    console.print(
                        f"\n[bold yellow]⚠️  Approval Required for tool: {tool_name}[/bold yellow]"
                    )
                    console.print(f"Arguments: {tool_args}")
                    if metadata:
                        to_account = metadata.get("to_account", "Unknown")
                        account_number = metadata.get("account_number", "")
                        console.print(f"Transfer to: {to_account} ({account_number})")
                        console.print(
                            f"Risk Level: {metadata.get('risk_level', 'unknown')}"
                        )

                    # Physically ask the user
                    is_approved = Confirm.ask("Do you approve this transaction?")

                    if is_approved:
                        tool_results.approvals[tool_id] = True
                        console.print("[green]Transaction Approved[/green]")
                    else:
                        # We can provide a reason for the denial
                        tool_results.approvals[tool_id] = ToolDenied(
                            "User denied the high-value transaction."
                        )
                        console.print("[red]Transaction Denied[/red]")

                # Resume the agent with the results and message history
                # We use the messages from the first run (which include the tool call requests)
                resume_result = agent.run_sync(
                    message_history=result.all_messages(),
                    deps=deps,
                    deferred_tool_results=tool_results,
                )

                console.print(
                    f"\n[bold blue]Agent > [/bold blue]{resume_result.output}"
                )
                message_history = resume_result.all_messages()

            else:
                # Normal response
                console.print(f"\n[bold blue]Agent > [/bold blue]{result.output}")
                message_history = result.all_messages()

        except Exception as e:
            console.print(f"[bold red]Error:[/bold red] {e}")


if __name__ == "__main__":
    main()

What should the learner inspect in the code?

Look for the exact place where system scope is bounded: schema definitions, prompt framing, runtime configuration, and the call site that turns user intent into a concrete model or workflow action.

Look for output contracts and validation

Look for the exact execution call

Look for what the product could expose to the user

How does the sandbox relate to the source?

The sandbox should make the UX legible: what the user sees, what the system is deciding, and how the result becomes reviewable. The source then shows how that behavior is actually implemented.

Read the implementation summary.

Step through the user and system states.

Inspect the source code with the highlighted doctrine decisions in mind.

SandboxInspectable flow with visible system boundaries

Interaction walkthrough

Use the sandbox to step through the user-visible experience, the system work behind it, and the doctrine choice the example is making.

UX explanation

The sandbox explains what the user should see, what the system is doing, and where control or inspectability must remain explicit.

AI design explanation

The page turns raw source into a product-facing pattern: what the model is allowed to decide, what the product should expose, and where deterministic code or review should take over.

Interaction walkthrough

1Read the implementation summary.
2Step through the user and system states.
3Inspect the source code with the highlighted doctrine decisions in mind.

Principles in focus

Prompt

Draft firstHuman checkpoint

Draft output

The draft appears here before any final action is taken.

Approval checkpoint

Approval only becomes available after the system exposes a draft.

Why approval is a product pattern

Apply progressive disclosure to system agency
Establish trust through inspectability
Make hand-offs, approvals, and blockers explicit

Used in courses and paths

This example currently stands on its own in the library, but it still connects to the principle system and the broader example family.

Related implementation patterns

Related principles

Runtime architecture

Use this example in your agents

This example is also available through the blueprint’s agent-ready layer. Use the For agents page for the public MCP, deterministic exports, and Claude/Cursor setup.

Define triggers, context, and boundaries before increasing autonomy

Make control, observability, and recovery explicit in the runtime

Choose the right operational patterns before delegating to workflows

Open For agents