Official References: Sandboxing · Sub-agents · Tools
High-risk work needs controls, not optimism
For permission, billing, auth, and migration surfaces, require explicit controls:
- risk tier declaration
- gate status tracking
- rollback trigger and owner
- final go/no-go owner
Control gates
- implementation quality gate
- security/behavior review gate
- operations readiness gate
- communication gate
- final decision gate
Advanced control record
Keep one decision artifact that captures:
- scope and risk tier
- gate results
- residual risks
- rollback trigger
- escalation owner
- final decision timestamp
Escalation rule
If unresolved high-risk issue survives two loops:
- switch status to blocked
- attach evidence
- assign next owner + deadline
Advanced anti-patterns
Shipping with implicit rollback assumptions
Rollback must be executable, not implied.
Diff approved without operations review
Technical pass can still become operational failure.
Missing final accountable owner
No owner means no reliable decision system.
Quick checklist
Before deploy:
- risk tier declared
- all gate statuses recorded
- rollback trigger + owner confirmed
- escalation owner reachable
- final decision logged
Advanced execution is measured by failure containment, not just speed.