The most common failure mode in AI-assisted development isn't bad code. It's confident code — output that is technically correct, passes every test, and is wrong for the context it's running in. The agent didn't make a mistake. It made a judgment call that required information it didn't have. And nobody stopped it.

Checkpoints are the structure that prevents this. Not a vague "human in the loop" gesture — a specific gate model with defined trigger categories, a defined format for what the agent surfaces at each gate, and a defined meaning for what "approved" actually commits to. This is how that model works.

01 / What a Checkpoint Is Not

Not a rubber stamp. Not a code review.

A checkpoint is not a code review. Code review happens after the implementation exists. A checkpoint happens before — or at the decision point that shapes what the implementation will be. By the time you're reviewing code, you're catching bugs. At a checkpoint, you're catching decisions.

It's also not a "do you approve?" prompt bolted onto an agent that would rather keep running. Those exist. They're annoying and mostly useless — agents that ask for approval on every file write, every test run, every minor decision. That's not oversight. That's interruption.

A real checkpoint is triggered by the agent when it reaches a decision it genuinely cannot make well on its own — not because it lacks intelligence, but because the decision requires information that isn't in the codebase, the spec, or the brief. The agent knows what it doesn't know. That's the precondition for a checkpoint model that works.

And what the human does at a checkpoint is not click "approve." It's read the agent's reasoning, confirm or correct the framing, and authorize a direction. The agent shows its work. The developer evaluates the work, not just the conclusion. This distinction — reviewing reasoning versus reviewing output — is where most of the value lives.

02 / The Three Categories

What always triggers a stop

Not every decision is a checkpoint. The agent runs most of its loop iterations without interruption: read a file, write a test, implement a route, run the suite, move on. Checkpoints are reserved for decisions that are expensive to reverse and that depend on context the agent doesn't have reliable access to.

Three categories always stop the loop.

Architecture Decisions that compound. Which auth pattern. Which data model. Which API contract shape. Queue vs synchronous. The agent can propose and reason through trade-offs. It cannot know which trade-off is right for this team's maintenance burden in 18 months. e.g. JWT vs session · SQL vs document · REST vs GraphQL
Security Anything touching auth, payments, permissions, or user data. Agents reason about the happy path. Security requires reasoning about the adversarial path — who will try to break this, and how. That mental model doesn't emerge from the codebase alone. e.g. token expiry · cross-tenant access · permission boundaries
Taste No technical definition, which is why it matters. Error messages a real user will read under stress. Information hierarchy a dispatcher will look at for eight hours. Names the team will maintain for three years. The agent has no taste — not a flaw, just a description of what the human covers. e.g. error copy · UI hierarchy · naming conventions

Everything else runs. The agent doesn't ask for approval to add an index, write a migration, scaffold a component, or fix a linting error. Those decisions are either reversible or fully deterministic from the spec. The checkpoint model is not about controlling the agent — it's about surfacing the specific category of decision where human context is load-bearing.

"The agent knows what it doesn't know. That's the precondition for a checkpoint model that works."

03 / What the Agent Shows

Reasoning, not just conclusions

When the agent hits a checkpoint, it doesn't just stop and wait. It surfaces a structured briefing: what it was trying to do, what options it considered, why it leaned toward one of them, what it's uncertain about, and what it will do next if the human clears it to proceed.

Here's what a real architecture checkpoint looks like, from the auth decision on the dispatch app described in an earlier article:

── CHECKPOINT REQUEST ── Architecture Decision Attempting: auth strategy for multi-role system (dispatchers, technicians, admins) Options considered:
A) JWT with refresh rotation — stateless, horizontal scale, standard library support in React Native + Express B) Session-based with server store — stateful, instant revocation on logout or deactivation, one DB round-trip per request C) Hybrid — JWTs for mobile, sessions for web (two auth systems to maintain)
Leaning toward: A (JWT)
Reasoning: Brief does not mention revocation requirements. JWT is industry default for mobile + web hybrid. Session adds a required DB round-trip per authenticated request. Flagging: Brief doesn't specify technician turnover rate. If accounts are frequently deactivated and immediate access termination matters, B is the right call — JWT tokens stay valid until expiry regardless of account status. Requesting human judgment on this constraint. Next if approved: Implement JWT middleware, refresh token rotation, role-based route guards. Est. 4 hrs.

The developer who reads this checkpoint isn't reading code. They're reading a decision brief. And the key thing — the thing the agent correctly flagged as uncertain — is the turnover rate question. The agent didn't know whether this was a stable team or a high-churn contractor operation. The developer did: high-churn, customer-facing work, instant revocation matters. Answer: B.

The agent's lean toward A was reasonable given what it knew. The developer's override was correct given what the agent didn't. Both pieces of that interaction are only possible if the agent shows its reasoning instead of just its conclusion. If the agent had just implemented JWT because that's the industry default, the right decision would have required reading the implementation, understanding the implications, and knowing to ask a question that wasn't obviously missing.

Reading a checkpoint brief takes five minutes. Catching the same issue in a code review takes longer and happens later, when more has been built on top of the wrong decision.

04 / The Failure Mode

Agents that never escalate

The most dangerous AI development setup is not one where the agent is careless. It's one where the agent is confident and unchecked — where the loop runs to completion without a single escalation, and the output is a build full of judgment calls that the model made because no one told it otherwise.

A build with zero checkpoints is a build where every architecture decision, every security trade-off, and every user-facing string was written by a model that had no way to know what it didn't know. The code will likely be correct. Some of it will be wrong in ways that don't surface until a real user does the thing no one thought to specify.

We saw three of these in the mobile app build. Error messages written in database terminology that field technicians would have to decipher on a phone screen. A job sort order that made sense for the data model but not for how a dispatcher routes their day. A cross-tenant write path that passed every test because the tests were testing the happy path, not the adversarial one.

None of these were bugs in the traditional sense. The code ran. The tests passed. They were judgment calls — the kind that require knowing the user, the context, and the operational reality. Those things weren't in the spec. They wouldn't have surfaced without a human reading the output at the right moment with the right question.

An agent that never flags anything for human review is either working on genuinely trivial problems, or it's filling gaps silently. The escalations are where the quality lives. Zero escalations is not a sign of a capable agent. It's a sign of an unconstrained one.

"Zero escalations is not a sign of a capable agent. It's a sign of an unconstrained one."

05 / Scope Protection

Checkpoints as the other fixed-scope guarantee

There's a secondary function that checkpoints serve on a fixed-scope build, and it's worth naming explicitly: they're the mechanism that keeps scope from expanding silently.

When the agent reaches a feature boundary — a point where implementing X naturally leads toward implementing Y — it stops and asks. Not because it can't make the decision, but because that decision belongs to the manifest, not to the agent. "Implementing job status updates. The spec doesn't address behavior when a job is reassigned mid-day — the original technician's push notification state becomes ambiguous. Should I handle this now or mark it as a known gap?"

Without a checkpoint, the agent makes that call. If it adds the behavior, scope has expanded without a conversation. If it skips it, you find the gap at delivery. The checkpoint surfaces the decision at the moment it matters, with the person who can make it, before work is done in either direction.

This is why the checkpoint model and the manifest are the same system, not two separate ones. The manifest defines what ships and what doesn't. The checkpoints are what enforces that boundary during the build — not as a restriction on the agent, but as a signal that a human decision is required to proceed past a boundary the manifest didn't address.

06 / What Signed Off Means

Approving the reasoning, not the code

When a developer signs off at a checkpoint, they're not approving the implementation. They're approving the framing — confirming that the agent understood the constraint correctly, is proposing the right approach for this context, and is cleared to proceed in that direction.

If the reasoning is wrong — if the agent misread the constraint, optimized for the wrong thing, or made an assumption that doesn't hold — you redirect before the implementation exists. You don't need to read a diff. You read a decision brief and correct it upstream.

If the reasoning is right but the implementation looks off when it arrives, that's a separate conversation — a normal code review, not a checkpoint. These are different activities. Conflating them is what makes checkpoint processes feel heavy. A checkpoint is fast precisely because it's scoped to the reasoning, not the output. An architectural decision brief reads in five minutes. A code review of the same decision surface reads in an hour and catches the problem later.

Questions to ask any AI-native development shop

  • What triggers a checkpoint on your builds? If they describe a category — architecture, security, taste — they have a model. If they say "whenever we feel like it," they don't.
  • What does the agent show you at a checkpoint? If it's the code, they're doing code review. If it's the reasoning, they're doing oversight. These produce different outcomes.
  • How many checkpoints did your last build have? Too few means unchecked judgment calls. Too many means interruption theater masquerading as safety.
  • Can you show me a checkpoint log from a recent project? The decision trail is auditable if the process is real. If it doesn't exist, the checkpoints didn't happen.

The checkpoint model is not overhead. It's the mechanism that makes a fixed-scope, fixed-price, fixed-date commitment credible — not just in theory, but on the specific decisions that actually determine whether software is right for the people who use it. The agent handles execution. The human handles judgment. The checkpoint is where those two things meet.