Why a checklist
The moment an agent can write into your repo, the threat model changes. One pull request can touch hundreds of files. Review workflows built for human speed start to fall over.
Across five recent engagements we saw the same ten items become non-optional — before any productive work can happen.
The ten points (short form)
- Secure the IDE + MCP bootstrap — no tool activation without an explicit allowlist.
- Separate sandbox and write permissions — the agent branch has no push access to main.
- Code review path for agent commits — separate review SLAs, bot identity clearly marked.
- CI gates — TypeScript, tests, lint, build, schema check. No bypass for agents.
- Eval suite for prompt regression — every prompt change runs against a goldset.
- Secrets hygiene — agents never get service-role keys. Read-only mock in dev.
- Bot identity separation — separate GitHub account or bot suffix, no user spoofing.
- Persistent memory boundaries — what is the agent allowed to remember across sessions?
- Cost caps per PR and per repo — hard stop on budget overrun.
- Rollback drill — every two weeks the “revert agent commit” path is rehearsed.
How to use the checklist
The full version with concrete configs, example diffs and CI snippets lives in the PDF below. Print-optimised, four pages, with columns for “status”, “owner” and “last checked”.
If you have questions after the download — we’ll book a free demo call any time.
MEMBER · FREE
Read the full article — sign up free
The full article is member content. Magic-link login, no credit card, no risk — and the rest of the article is readable immediately.