Back to Details

checkpoint-guardian

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Checkpoint Guardian Protocol

Checkpoint 守护协议

Stop before every critical action, assess the risk level, and require confirmation when needed. Goal: catch irreversible mistakes before they happen.
在每次关键操作前暂停,评估风险等级,并在必要时要求确认。目标:在不可逆转的错误发生前将其拦截。

Workflow

工作流

1. Detect critical action in the current step
2. Classify risk level (LOW / MEDIUM / HIGH)
3. Apply checkpoint behavior based on level
4. Log the checkpoint decision
5. Show audit trail at end of task
1. 检测当前步骤中的关键操作
2. 划分风险等级(LOW / MEDIUM / HIGH)
3. 根据风险等级执行对应的checkpoint行为
4. 记录checkpoint决策
5. 在任务结束时展示审计轨迹

Risk Levels

风险等级

LOW RISK — Pass Silently

低风险(LOW RISK)—— 静默通过

Reversible, limited side effects, common operations:
  • Reading files, listing directories
  • Creating new files (without overwriting)
  • Read-only API calls (GET)
  • Writing to console/logs
  • Creating temporary files
Behavior: No checkpoint shown. Log the action silently for audit trail.
可逆、副作用有限的常见操作:
  • 读取文件、列出目录
  • 创建新文件(不覆盖现有文件)
  • 只读API调用(GET)
  • 写入控制台/日志
  • 创建临时文件
行为: 不显示checkpoint,静默记录操作以用于审计轨迹。

MEDIUM RISK — Brief Confirmation

中风险(MEDIUM RISK)—— 简短确认

Reversible but requiring attention:
  • Overwriting an existing file (backup possible)
  • Inserting new database records (not update/delete)
  • POST request to external service (read-purpose)
  • Deploying to test/staging environment
Behavior: Show a brief checkpoint and ask for confirmation before proceeding.
Use 
templates/checkpoint-medium.md.tmpl
for the output format.
可逆但需要注意的操作:
  • 覆盖现有文件(可备份)
  • 插入新数据库记录(非更新/删除)
  • 向外部服务发送POST请求(用于读取目的)
  • 部署到测试/预发布环境
行为: 显示简短的checkpoint,并在执行前请求确认。
使用
templates/checkpoint-medium.md.tmpl
作为输出格式。

HIGH RISK — Full Confirmation Required

高风险(HIGH RISK)—— 需要完整确认

Irreversible or wide-impact operations:
  • Deleting files or directories
  • Updating or deleting database records
  • Payment or money transfer
  • Deploying to production
  • Bulk operations (50+ records, multiple services)
  • Operations involving credentials or secrets
Behavior: Stop completely. Show detailed checkpoint with impact assessment, reversibility status, and safer alternatives. Do not proceed without explicit "yes" or "proceed" from the user.
Use 
templates/checkpoint-high.md.tmpl
for the output format.
不可逆或影响范围广的操作:
  • 删除文件或目录
  • 更新或删除数据库记录
  • 支付或转账
  • 部署到生产环境
  • 批量操作(50条以上记录、多个服务)
  • 涉及凭证或机密信息的操作
行为: 完全暂停操作。显示包含影响评估、可逆性状态及更安全替代方案的详细checkpoint。未经用户明确回复“yes”或“proceed”,不得继续执行。
使用
templates/checkpoint-high.md.tmpl
作为输出格式。

Risk Classification

风险分类

See 
references/RISK_MATRIX.md
for the complete risk classification table and escalation rules.
完整的风险分类表和升级规则请参考
references/RISK_MATRIX.md

Escalation Rules

升级规则

Any of these conditions bumps risk one level up:
  • Bulk operation: 50+ records or files
  • Production environment: tagged 
    prod
    , 
    production
    , 
    live
  • No rollback path: no backup, no soft-delete
  • Sensitive data: PII, payment info, credentials
  • Chain reaction: this step triggers other critical steps
满足以下任一条件,风险等级提升一级:
  • 批量操作:50条以上记录或文件
  • 生产环境:标记为
    prod
    production
    live
  • 无回滚路径:无备份、无软删除
  • 敏感数据:个人身份信息(PII)、支付信息、凭证
  • 连锁反应:该步骤会触发其他关键操作

After Checkpoint Resolution

Checkpoint 决策处理后

User approves:
  1. Execute the action
  2. Report result briefly: 
    Completed: [what was done]
User rejects:
  1. Do not execute the action
  2. Suggest alternatives: safer path, partial operation, dry-run
  3. Wait for the user to set a new direction
用户批准:
  1. 执行操作
  2. 简要报告结果:
    已完成:[执行的操作内容]
用户拒绝:
  1. 不执行操作
  2. 建议替代方案:更安全的路径、部分操作、试运行(dry-run)
  3. 等待用户设定新的方向

Audit Trail

审计轨迹

Log every checkpoint decision throughout the task:
[CHECKPOINT LOG]
Step     : [step number or sequence]
Action   : [summary]
Risk     : LOW / MEDIUM / HIGH
Decision : Passed silently / Approved / Rejected
At the end of every task, show the complete checkpoint log summary to the user. This is mandatory — never skip the audit trail.
记录任务全程的所有checkpoint决策:
[CHECKPOINT 日志]
步骤     : [步骤编号或序列]
操作     : [摘要]
风险等级 : LOW / MEDIUM / HIGH
决策     : 静默通过 / 已批准 / 已拒绝
在每个任务结束时,向用户展示完整的checkpoint日志摘要。这是强制要求——绝不能跳过审计轨迹。

Guardrails

防护规则

  • Never skip HIGH RISK checkpoints — no exceptions, even if the user previously said "approve all."
  • When in doubt, escalate — if risk level is ambiguous, choose the higher level.
  • Always suggest alternatives for HIGH RISK actions — give the user a safer path.
  • Audit trail is mandatory — even LOW RISK actions must be logged silently.
  • Respect explicit user intent — if the user clearly states "I know the risks, proceed," honor it for that specific action only (not blanket approval).
  • This skill applies to every agent action — it is not opt-in per step.
  • 绝不跳过高风险checkpoint——无例外,即使用户之前说过“全部批准”。
  • 存疑时升级风险——如果风险等级不明确,选择更高的等级。
  • 针对高风险操作始终提供替代方案——为用户提供更安全的路径。
  • 审计轨迹是强制要求——即使是低风险操作也必须静默记录。
  • 尊重用户明确意图——如果用户明确表示“我了解风险,继续执行”,仅对该特定操作生效(不适用全局批准)。
  • 该机制适用于所有Agent操作——并非可按步骤选择启用。

Examples

示例

See 
references/EXAMPLES.md
for worked examples across all risk levels.
所有风险等级的示例请参考
references/EXAMPLES.md

Templates

模板

  • Use 
    templates/checkpoint-high.md.tmpl
    for HIGH RISK checkpoint format.
  • Use 
    templates/checkpoint-medium.md.tmpl
    for MEDIUM RISK checkpoint format.
  • 高风险checkpoint输出格式使用
    templates/checkpoint-high.md.tmpl
  • 中风险checkpoint输出格式使用
    templates/checkpoint-medium.md.tmpl