Skip to content
agents.cli

The checkpoint — reviewing risky commands

You’re on Default, in Agent mode, with shared-lib open. You’ve given Copilot the goal — add the new audit event type and the threshold validation rule, update the tests — and it’s working: planning, applying edits, running the test suite. Then it stops. It wants to run a terminal command, and because the command is consequential, it surfaces it and waits for your word.

This is the checkpoint. At Default, it’s the one place the autonomy pauses for a human by default — and on shared-lib, it’s your single best defense.

What the checkpoint actually is

Section titled “What the checkpoint actually is”

Agent mode runs safe commands on its own — the test suite, a search, anything read-only. But when it wants to do something that changes state at the shell, it doesn’t just do it. It shows you the exact command it intends to run and holds until you approve. That’s not Copilot being timid; that’s the Default level doing its job. The whole reason you chose Default over Bypass is this dialog — the chance to see a consequential command before it executes, on code where executing the wrong one ripples through a dozen services.

Read it, don’t dismiss it

Section titled “Read it, don’t dismiss it”

The failure mode here isn’t the tool. It’s you, three approvals deep, treating the prompt as a doorbell to silence. Don’t. When the checkpoint fires, actually read it:

  1. What is it about to run? Read the literal command. A version bump and a publish are very different from a local test run, and on a shared library the difference is who it reaches.
  2. Why does it want to run it now? Tie the command back to the step it’s on. If it’s reaching for something you didn’t expect — touching a registry, pushing a tag, anything that leaves your machine — that mismatch is the signal to stop and ask before you approve.
  3. Is this reversible? The blast-radius question in miniature. A command you can undo locally is cheap; one that publishes a new shared-lib version the moment it lands is not. Reserve your closest reading for the ones you can’t walk back.

If it’s right, approve it and Copilot continues. If it’s wrong, you don’t approve — you say so in the conversation (“don’t publish yet, just run the consumer tests first”) and it re-plans around your answer. The checkpoint isn’t a gate you eventually wave everything through; it’s a conversation about each consequential move.

Keep it — here, especially

Section titled “Keep it — here, especially”

It’s tempting, once Copilot has been right a few times, to reach for Bypass and skip the interruptions. On orders-service you might. On shared-lib, the checkpoint is your friend — keep it. The cost is a few seconds of reading per consequential command; the thing it buys you is the chance to catch the one command that would have broken twelve services before it ran, not after. That trade is lopsided in your favor, and it’s exactly the trade Default was built to make.

So why was Default right here and Bypass right one repo over? That’s the judgment this whole act has been driving at. Match autonomy to blast radius.