Most AI-coding failures I see are not model failures. They are missing preflight checks: unclear repo state, unreviewed permissions, no rollback path, and no tiny verification step after the agent finishes.
Here is the lightweight checklist I now use before I let an agent touch a project:
- Define the one allowed change
Write one sentence: "The agent may only change ___ to achieve ___." If you cannot write that sentence, the task is probably still too vague.
- Freeze the starting state
Before the agent starts, record:
- current branch and commit
- whether the working tree is clean
- which files or directories are in scope
- which production systems are off limits
This avoids the classic "it also cleaned up a few unrelated things" problem.
- State forbidden actions explicitly
Examples:
- do not deploy
- do not touch billing or payment config
- do not read private customer data
- do not rotate keys
- do not rewrite history
- do not change prompts or security policy
For agents, an unstated boundary is often not a boundary.
- Require a rollback note before execution
The rollback does not have to be fancy. It can be:
- revert commit X
- restore file Y from git
- disable feature flag Z
- re-run previous deployment command
If there is no rollback path, the task is probably too large for one agent turn.
- Use the smallest meaningful verification gate
Pick one real check:
- unit test
- typecheck
- build
- lint
- screenshot
- direct browser check
- curl against a health endpoint
- manual inspection of the exact changed file
Do not accept "looks good" if no gate was run.
- Separate read-only research from write actions
An agent can search docs and inspect logs in a broad way, but writes should be narrow and auditable. I treat external posting, account settings, production deploys, billing, privacy data, and scheduler changes as separate permission zones.
- Keep a short handoff
At the end, ask for:
- what changed
- what was not changed
- what check passed
- what remains risky
- exact files touched
I am experimenting with a small readiness workflow around this for early AI-agent projects: a preflight card that turns a vague task into scope, forbidden actions, rollback, and verification before the agent starts. Not a full platform pitch yet; I am mainly validating whether this checklist catches the mistakes teams actually care about.
If you use coding agents in a real repo, what is the one preflight check you wish you had enforced earlier?
Top comments (0)