ANTIGRAVITY LABJP
Articles/Agents & Manager
Agents & Manager/2026-06-03Advanced

Delegate the Undoable, Guard the Irreversible — Tiering Agent Autonomy by Reversibility

When you hand production work to an Antigravity agent, the thing that bites first isn't intelligence — it's whether the operation can be undone. Here is a design that sorts every operation into three reversibility tiers and routes each to auto-execution, checkpointed execution, or a human gate, with TypeScript implementations and real numbers from running six apps in parallel.

Antigravity338AI agents24reliability11production71autonomy

Premium Article

Running six apps solo, I have an endless backlog of work I would love to hand to an agent. Dependency bumps, multi-language resource alignment, Remote Config flag tweaks, AdMob mediation cleanup. The chores I have hand-cranked since 2014 are exactly the ones I most want to automate.

Then, one Thursday night this spring, my blood ran cold. I told an Antigravity agent to "tidy up the ad settings," and it published a Remote Config flag to production. Code I can revert with git. But a production Remote Config push had already begun rolling out to devices among the 50 million installs that happened to launch in that window. Even if I reverted it, the devices that had already received the new value would not roll back. The tests had passed. The problem lived outside the tests, in whether the action could be undone at all.

That night I realized the thing that bites first in agent operations is not intelligence — it is whether you can undo the operation afterward. Even a smart agent will be wrong sometimes. An operation you can revert with git and an operation that leaves a permanent mark on the world deserve completely different levels of trust. Here is how I sort operations by reversibility and shift autonomy in stages, with the implementation.

Split Operations by "Can This Be Undone?"

In software decision-making there is a useful distinction between a "two-way door" you can walk back through and a "one-way door" you can't. Map that onto agent operations and the whole thing gets clearer.

Two-way-door operations are file edits, branch commits, draft generation, local builds. If they go wrong you revert with git, and no one outside ever sees them. Forcing a human approval on these defeats the entire point of hiring an agent.

One-way-door operations are App Store submissions, production database migrations, Remote Config publishes, billing events, outbound notifications. Once executed they leave a mark on user devices, payments, or external systems, and no single command undoes them. You must not leave these to raw intelligence.

My first attempt gated "important" operations. But "important" was vague, so a confirmation dialog popped up on practically everything and the agent could barely act on its own. Only when I swapped the criterion from "is this important?" to "can this be undone?" did operations finally start to flow.

Three Tiers Work Better Than Two

A binary split didn't fit reality. I needed a middle rung between the two doors, so I settled on three tiers.

Tier 1 is auto-reversible: revertable with git, no external trace, near-zero rollback cost. File edits, local tests, draft generation. I let the agent run these unconditionally.

Tier 2 is checkpoint-required: technically reversible, but undoing it takes effort, or forgetting to undo it is dangerous. Staging deploys, data updates without schema changes, branch merges. Before running, I always leave a rollback point (a snapshot) and only then auto-execute.

Tier 3 is irreversible: once run it leaves a permanent mark and only a human can own it. Store submissions, production migrations, billing and notification events. This tier alone makes the agent stop right before execution so a human can review the contents and let it through.

The nice property of three tiers is that the weight of the decision tracks exactly how hard the operation is to undo. Safe operations go fast, dangerous ones go slow — sorted mechanically, with no argument about intelligence.

Thank you for reading this far.

Continue Reading

What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.

WHAT YOU'LL LEARN
Build a router in TypeScript that classifies every agent operation into auto-reversible / checkpoint-required / irreversible, auto-runs the safe ones, and sends only the irreversible ones to a human gate
Using a real incident from running six apps in parallel — an agent pushing an un-undoable config to production — see the classifier that judges reversibility and the checkpoint layer that always leaves a rollback point
From the measured split (about 70% of operations are reversible, only 8% need a human gate), set thresholds that stop accidents without drowning your workflow in approvals, down to the average number of daily pauses
Secure payment via Stripe · Cancel anytime

Unlock This Article

Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.

or
Unlock all articles with Membership →
Share

Thank You for Reading

Antigravity Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

Related Articles

Agents & Manager2026-07-15
When Your Agent Commits a .bak File: Why Fix-Tool Artifacts End Up in Git
Backup files like .bak and .orig slip into commits after an agent runs a --fix tool. Here are the reproduction conditions, the real root cause, and three fixes: narrowing the staged scope, wrapping the fixer, and adding a pre-commit extension gate.
Agents & Manager2026-07-06
When Parallel Agents Ran the Same Task Twice and Quietly Doubled the Bill — Field Notes on Measuring and Stopping Duplicates
The bill for our parallel agents came in about 1.9x higher than expected — because multiple workers were running the same task twice. These are field notes on measuring the duplication, stopping it with idempotency keys, and attributing cost per task.
Agents & Manager2026-06-30
When the Android CLI Got 3x Faster and Cut Tokens by ~70%, the Right Move Was More Verification Per Change — Not More Parallelism
Reading that the Android CLI agent runs ~3x faster while using ~70% fewer tokens, my first instinct was to ask how many runs to parallelize. But a faster agent doesn't change how much work ships — it changes where the queue forms. This walks through why, sizes the new bottleneck (review and verification gates) with Little's Law, enforces a WIP cap with a working Python admission controller, and reinvests the freed budget into depth per change — with measured results.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →