Skip to content
$ clawproof blog --read preflight-checklist
Manifesto2026-02-286 min read

Why Your AI Agent Needs a Pre-Flight Checklist

Every pilot runs a checklist before takeoff. Every surgeon runs one before cutting. Why are we shipping AI agents with none?

By Werner Plutat

On this page

The Checklist Gap

In 2024, an autonomous coding agent at a mid-size fintech company pushed a database migration to production that dropped a column containing active customer payment tokens. The agent had the right credentials, the deployment pipeline had no gate, and the rollback took eleven hours. The total cost: $2.3 million in failed transactions and a quarter of churned enterprise accounts.

This was not a model hallucination problem. The agent did exactly what it was asked to do. The failure was environmental. Nobody had built the equivalent of a pre-flight checklist that would have flagged an irreversible schema change before it reached production.

We are living through a strange moment in software engineering. Teams that would never dream of deploying a Docker container without a health check are handing autonomous agents the keys to email systems, databases, and cloud infrastructure with little more than a system prompt and a prayer. The checklist gap is not a technical limitation. It is a cultural blind spot.

The AI ecosystem treats safety as a model-level concern: alignment research, RLHF, constitutional AI. These matter enormously. But they do not address the operational reality that an agent with correct intentions and incorrect permissions can still cause catastrophic harm. Pre-flight checklists address the gap between model behavior and system behavior.

Lessons from High-Reliability Industries

Aviation did not arrive at checklists because pilots were incompetent. It arrived at them because the systems became too complex for any single human to hold in working memory. The Boeing Model 299 crash of 1935, caused by a forgotten gust lock, killed two experienced test pilots and nearly killed the B-17 program. The response was not better pilot training. It was a written checklist.

Medicine followed the same arc. Atul Gawande's WHO Surgical Safety Checklist reduced surgical mortality by 47% in its initial trial across eight hospitals. The items on the list were embarrassingly simple: confirm the patient's identity, mark the surgical site, check the anesthesia machine. Surgeons already knew these things. The checklist ensured they did not skip them under time pressure.

AI agents operate under the same dynamics that made checklists essential in cockpits and operating rooms. They handle multiple concurrent tasks with irreversible consequences. They operate under time pressure. More precisely, they create time pressure by executing faster than humans can review. And they interact with complex, stateful systems where a missed check compounds into cascading failure.

The lesson from high-reliability industries is precise: checklists do not replace expertise. They prevent the expert from skipping the obvious under pressure. An agent that can write flawless SQL still needs a checklist that asks whether the target database is production or staging.

What Goes on the List

An effective agent pre-flight checklist is not a vague set of principles. It is a concrete enumeration of conditions that must be verified before the agent begins execution. Based on incident patterns across dozens of agent deployments, these categories consistently surface:

Permissions scope: Does the agent have only the permissions it needs for this specific task? A customer support agent that can read order history should not hold write access to the billing system. Verify least-privilege before every session, not just at deployment.

Rate limits and cost ceilings: Is there a hard cap on API calls, tokens consumed, emails sent, or dollars spent? The absence of a rate limit is not a neutral default. It's an implicit authorization to consume unlimited resources. Every agent session should declare its budget upfront.

Rollback capability: For every action the agent can take, is there a defined reversal? If the agent can send an email, can it unsend it? If it can modify a database record, is there a transaction log? Actions without rollback paths should require human approval.

Output validation: Before the agent delivers results to end users, does it pass through a validation layer? This includes format checks, content policy filters, PII detection, and domain-specific sanity checks. An agent generating medical summaries needs different validators than one writing marketing copy.

Human escalation triggers: Under what conditions does the agent stop and ask a human? Define these explicitly, including confidence thresholds, error counts, novel situations, and high-stakes decisions. An agent without escalation triggers is an agent that will eventually encounter a situation it cannot handle and proceed anyway.

Building It Into the Pipeline

A checklist that lives in a wiki page is a checklist that will be ignored by the second week. The pre-flight check must be enforced in code. It should be a function that runs before the agent's main loop and blocks execution if any condition fails. This is not aspirational architecture. It is a fifteen-minute implementation that prevents six-figure incidents.

The configuration below defines a pre-flight manifest. Each check specifies what is being validated, how to validate it, and what happens on failure. The runtime reads this manifest, executes each check sequentially, and halts the agent if any check returns a failure status.

preflight.yaml
# Agent Pre-Flight Checklist Configuration
agent: customer-support-bot
version: 2.1.0

preflight:
  - check: permissions_scope
    validate: "scope == ['read:tickets', 'write:responses', 'read:orders']"
    on_fail: abort
    message: "Agent has permissions beyond required scope"

  - check: rate_limits
    validate:
      max_api_calls: 500
      max_emails_sent: 20
      max_cost_usd: 5.00
      window: "per_session"
    on_fail: abort
    message: "Rate limits not configured for this session"

  - check: rollback_available
    validate: "all_actions_have_undo == true"
    on_fail: warn_and_require_approval
    message: "Some actions lack rollback capability"

  - check: output_validation
    validate:
      pii_filter: enabled
      content_policy: enabled
      format_check: enabled
    on_fail: abort
    message: "Output validation pipeline not active"

  - check: escalation_triggers
    validate:
      confidence_threshold: 0.85
      max_consecutive_errors: 3
      novel_situation_detection: enabled
    on_fail: abort
    message: "Human escalation triggers not defined"

  - check: kill_switch
    validate: "kill_switch_endpoint.is_reachable == true"
    on_fail: abort
    message: "Kill switch endpoint unreachable โ€” do not start"

The Cultural Shift

The hardest part of implementing pre-flight checklists is not technical. It is convincing teams that the overhead is worth it. Engineers who build agents are optimizing for capability, making the agent do more, faster, with less human intervention. A pre-flight checklist feels like friction. It is friction. That is the point.

The cultural shift requires reframing the agent's autonomy as a liability, not just an asset. Every capability you grant an agent is a capability that can misfire. Autonomy is not free. It carries an operational risk that scales with the blast radius of the agent's permissions. Teams that internalize this framing stop seeing checklists as bureaucracy and start seeing them as load-bearing infrastructure.

Practically, this means three changes to team workflow. First, every agent deployment includes a pre-flight manifest in the pull request. Code reviewers check the manifest the same way they check error handling. Second, incident retrospectives always ask whether a pre-flight check would have prevented or mitigated the incident. Third, the checklist is versioned and tested. If you change the agent's capabilities, you update the checklist in the same commit.

Organizations that have adopted this approach report a counterintuitive result: agents ship faster, not slower. The pre-flight checklist resolves ambiguity about what the agent should and should not do before development begins. Teams spend less time debugging production incidents and more time building features. The checklist is not a tax on velocity. It is a prerequisite for sustainable velocity.

Start Today

  • โœ“Audit your agent's current permissions and document every system it can access, write to, or modify. Most teams discover permissions they forgot they granted
  • โœ“Define hard rate limits for every external action: API calls, emails, database writes, and file operations. If there is no limit, set one now and adjust later
  • โœ“Identify every irreversible action the agent can take and either add a rollback mechanism or require human approval before execution
  • โœ“Implement the pre-flight check as a blocking function that runs before the agent's main loop. Fail closed, not open
  • โœ“Add kill switch verification to the checklist so the agent confirms it can be stopped before it starts running
  • โœ“Write your first incident scenario: what happens if the agent runs with no rate limit for 60 minutes? Use the answer to refine your checklist
  • โœ“Schedule a monthly checklist review. As the agent's capabilities grow, the checklist must grow with them
$ clawproof --related

Related Checks

#01Tool Permissions & Least Privilege#04Human-in-the-Loop & Escalation#05Rollback & Kill Switches

Stay clawproof

New checks, playbooks, and postmortems. Twice a month.

No spam. Unsubscribe anytime.